Retropex/docker-bitcoind
1
0
Fork 0
mirror of https://github.com/Retropex/docker-bitcoind.git synced 2025-05-28 13:02:33 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Dockerfile for Knots 25.1

Browse Source
This commit is contained in:
Léo Haf 2023-02-08 14:49:10 +01:00 committed by Léo Haf
parent f9ccfd1ca4
commit 267fa2f491
Signed by: Retropex
GPG Key ID: 0E37EBAB8574F005
17 changed files with 30 additions and 2586 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.github/workflows/on-tag.yml vendored
View File

@ -19,7 +19,7 @@ on:
jobs:
build:
name: Build bitcoind
runs-on: ubuntu-18.04
runs-on: self-hosted
strategy:
matrix:
@ -45,11 +45,6 @@ jobs:
VERSION="$(echo "$GITHUB_REF" | sed -E "s|$TAG_FMT|\2|")"
DIR="$(echo "${VERSION#v}" | cut -d. -f-2)"
if ! grep -q "^ARG VERSION=${VERSION#v}$" "$DIR/Dockerfile"; then
echo "ERR: $DIR/Dockerfile must contain VERSION=$VERSION"
exit 1
fi
echo ::set-env name=DIR::"$DIR"
echo ::set-env name=TAG::"$(echo "$GITHUB_REF" | sed -E "s|$TAG_FMT|\1|")"
@ -130,7 +125,7 @@ jobs:
deploy:
name: Deploy to Docker Hub & Github Releases. Only after successful build.
runs-on: ubuntu-18.04
runs-on: self-hosted
needs: build
env:
@ -139,7 +134,7 @@ jobs:
steps:
- name: Setup environment
run: |
echo ::set-env name=SLUG::"$(echo ${GITHUB_REPOSITORY,,} | sed 's/docker-//')"
echo ::set-env name=SLUG::"retropexx/bitcoind"
echo ::set-env name=VERSION::"$(echo "$GITHUB_REF" | sed -E "s|$TAG_FMT|\2|")"
echo ::set-env name=BUILD::"$(echo "$GITHUB_REF" | sed -E "s|$TAG_FMT|\4|")"
@ -167,7 +162,7 @@ jobs:
- name: Login to Docker Hub
env:
DOCKER_USER: meedamian
DOCKER_USER: retropexx
run: |
echo "Logging in as ${DOCKER_USER}…"
echo "${{ secrets.DOCKER_TOKEN }}" | docker login -u="$DOCKER_USER" --password-stdin
@ -201,7 +196,7 @@ jobs:
- name: Upload images to Github Release
uses: meeDamian/github-release@2.0
with:
token: ${{ secrets.GITHUB_TOKEN_NOEXPIRE }}
token: ${{ secrets.REPO_APIKEY }}
name: ${{ env.VERSION }}
body: |
This release packages `bitcoind` to be on par with https://github.com/bitcoin/bitcoin/releases/tag/${{ env.VERSION }}

84
.github/workflows/single-test.yml vendored
View File

@ -1,84 +0,0 @@
name: Test build bitcoind on push to vX.Z-test branch
env:
APP: nolim1t/bitcoind
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
on:
push:
branches: [ 'v[0-9].[0-9]*-test' ]
jobs:
build:
name: Build bitcoind
runs-on: ubuntu-18.04
strategy:
fail-fast: false
matrix:
arch:
- amd64
- arm32v7
- arm64v8
env:
QEMU_VERSION: v5.0.0
DOCKER_BUILDKIT: 1
steps:
- uses: actions/checkout@v2
- name: Detect version
run: echo ::set-env name=MINOR::"$(echo "$GITHUB_REF" | sed -E 's|refs/heads/v(.*)-test|\1|g')"
- name: Register self-compiled qemu
if: matrix.arch != 'amd64'
run: docker run --rm --privileged "meedamian/simple-qemu:$QEMU_VERSION-${{ matrix.arch }}" -p yes
- name: Build ${{ env.APP }}
run: >
docker build "$MINOR/"
--build-arg "ARCH=${{ matrix.arch }}"
--build-arg "SOURCE=git"
--tag "${APP}:${MINOR}-${{ matrix.arch }}"
- name: Push ${{ env.APP }} to docker hub
run: >
if [[ ! -z ${{ secrets.DOCKER_HUB_USER }} ]] && [[ ! -z ${{ secrets.DOCKER_USER }} ]] && [[ ! -z ${{ secrets.DOCKER_PASS }} ]]; then
echo "Pushing to docker hub if credentials exist"
echo ${{ secrets.DOCKER_PASS }} | docker login -u=${{ secrets.DOCKER_USER }} --password-stdin
docker push "${{ env.APP }}:${MINOR}-${{ matrix.arch }}"
else
echo "Not pushing to docker up as credentials don't exist"
fi
- name: Show built image details
run: docker images "$APP"
- name: Run sanity checks
env:
DIR: /usr/local/bin
run: |
run() {
ENTRYPOINT="${1:-$APP}"; shift
ARGS=${*:-"--version"}
printf "\n$ %s %s\n" "$ENTRYPOINT" "$ARGS"
docker run --rm --entrypoint "$ENTRYPOINT" "${APP}:${MINOR}-${{ matrix.arch }}" $ARGS
}
docker inspect "${APP}:${MINOR}-${{ matrix.arch }}" | jq '.'
printf "\n"
run bitcoind | head -n 1
run bitcoin-cli
run bitcoin-tx --help | head -n 1
# If version higher, or equal than v0.18.0, also run `bitcoin-wallet` binary
if [ "${MINOR#0.}" -ge "18" ]; then
run bitcoin-wallet --help | head -n 1
fi
run uname -a
run cat /etc/os-release
run sha256sum "$DIR/bitcoind" "$DIR/bitcoin-cli"

83
.github/workflows/test.yml vendored
View File

@ -1,83 +0,0 @@
name: Build bitcoind on push, or PR to master
env:
APP: bitcoind
on:
push:
branches: [ 'master' ]
pull_request:
branches: [ 'master' ]
jobs:
build:
name: Build bitcoind
runs-on: ubuntu-18.04
strategy:
fail-fast: false
matrix:
subver:
- '0.16'
- '0.17'
- '0.18'
- '0.19'
- '0.20'
- '0.21'
- '22.0'
- '23.0'
- '24.0'
arch:
- amd64
- arm32v7
- arm64v8
env:
QEMU_VERSION: v5.0.0
DOCKER_BUILDKIT: 1
steps:
- uses: actions/checkout@v2
- name: Register self-compiled qemu
if: matrix.arch != 'amd64'
run: docker run --rm --privileged "meedamian/simple-qemu:$QEMU_VERSION-${{ matrix.arch }}" -p yes
- name: Build ${{ env.APP }}
run: >
docker build "${{ matrix.subver }}/"
--build-arg "ARCH=${{ matrix.arch }}"
--tag "$APP"
- name: Show built image details
run: docker images "$APP"
- name: Run sanity checks
env:
DIR: /usr/local/bin
MINOR: ${{ matrix.subver }}
run: |
run() {
ENTRYPOINT="${1:-$APP}"; shift
ARGS=${*:-"--version"}
printf "\n$ %s %s\n" "$ENTRYPOINT" "$ARGS"
docker run --rm --entrypoint "$ENTRYPOINT" "$APP" $ARGS
}
docker inspect "$APP" | jq '.'
printf "\n"
run bitcoind | head -n 1
run bitcoin-cli
run bitcoin-tx --help | head -n 1
# If version higher, or equal than v0.18.0, also run `bitcoin-wallet` binary
if [ "${MINOR#0.}" -ge "18" ]; then
run bitcoin-wallet --help | head -n 1
fi
run uname -a
run cat /etc/os-release
run sha256sum "$DIR/bitcoind" "$DIR/bitcoin-cli"

29
.github/workflows/update-readme.yml vendored
View File

@ -1,29 +0,0 @@
name: Update Docker Hub README everytime it changes on master
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
on:
push:
branches: [ 'master' ]
paths:
- README.md
- '.github/workflows/update-readme.yml'
jobs:
sync:
name: Update README to Docker Hub
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: Setup Environment
run: echo ::set-env name=SLUG::"$(echo ${GITHUB_REPOSITORY,,} | sed 's/docker-//')"
- name: Sync README.md and Description to Docker Hub
uses: meeDamian/sync-readme@v1.0.6
with:
user: ${{ secrets.DOCKER_USER }}
pass: ${{ secrets.DOCKER_PASS }}
slug: ${{ env.SLUG }}
description: true

249
0.15/Dockerfile
View File

@ -1,249 +0,0 @@
# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image
# VERSION of Bitcoin Core to be build
# NOTE: Unlike our other images this one is NOT prefixed with `v`,
# as many things (like download URLs) use this form instead.
ARG VERSION=0.15.2
# CPU archtecture to build binaries for
ARG ARCH
# Define default versions so that they don't have to be repreated throughout the file
ARG VER_ALPINE=3.11
# $USER name, and data $DIR to be used in the `final` image
ARG USER=bitcoind
ARG DIR=/data
# Choose where to get bitcoind sources from, options: release, git
# NOTE: Only `SOURCE=git` can be used for RC releases
ARG SOURCE=release
# Choose where to get BerkeleyDB from, options: prebuilt, compile
# NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default
ARG BDB_SOURCE=prebuilt
#
## `preparer-base` installs dependencies needed by both ways of fetching the source,
# as well as imports GPG keys needed to verify authenticity of the source.
#
FROM alpine:${VER_ALPINE} AS preparer-base
# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache gnupg
ENV KEYS 01EA5486DE18A882D4C2684590C8019E36C2E964
RUN timeout 16s gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS
# Print imported keys, but also ensure there's no other keys in the system
RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt
#
## Option #1: [default] Fetch bitcoind source from release tarballs
#
FROM preparer-base AS preparer-release
ARG VERSION
# Download checksums
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./
# Download source code (intentionally different website than checksums)
ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
# Verify that hashes are signed with the previously imported key
RUN gpg --verify SHA256SUMS.asc
# Verify that downloaded source-code archive matches exactly the hash that's provided
RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS.asc | sha256sum -c -
# Extract
RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \
rm -f "bitcoin-$VERSION.tar.gz"
#
## Option #2: Fetch bitcoind source from GitHub
#
FROM preparer-base AS preparer-git
ARG VERSION
RUN apk add --no-cache git
# Fetch the source code at a specific TAG
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/"
# Verify tag, and copy source code to predetermined location on success
RUN cd "/bitcoin-$VERSION/" && \
git verify-tag "v$VERSION"
#
## Alias to go around `COPY` not accepting ARGs in value passed to `--from=`
#
FROM preparer-${SOURCE} AS preparer
#
## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure
# the overall build time of this Dockerfile fits within CI limits.
#
FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt
#
## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo.
#
FROM alpine:${VER_ALPINE} AS berkeleydb-compile
# TODO: implement ^^
RUN echo "Not implemented" && exit 1
FROM berkeleydb-${BDB_SOURCE} AS berkeleydb
#
## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder
ARG VERSION
ARG SOURCE
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
# TODO: Check which dependencies are not necessary here
RUN apk add --no-cache \
autoconf \
automake \
boost-dev \
build-base \
chrpath \
file \
libevent-dev \
libressl \
libressl-dev \
libtool \
linux-headers \
protobuf-dev \
zeromq-dev
# Fetch pre-built berkeleydb
COPY --from=berkeleydb /opt/ /opt/
# Change to the extracted directory
WORKDIR /bitcoin-$VERSION/
# Copy bitcoin source (downloaded & verified in previous stages)
COPY --from=preparer /bitcoin-$VERSION/ ./
ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION
# NOTE: no idea what these do, but they seem necessary
# taken from: https://github.com/ruimarinho/docker-bitcoin-core/blob/32e4f2df95986c8a8f1462aa4e54402478095908/0.15/alpine/Dockerfile#L64-L66
RUN sed -i '/AC_PREREQ/a\AR_FLAGS=cr' src/univalue/configure.ac
RUN sed -i '/AX_PROG_CC_FOR_BUILD/a\AR_FLAGS=cr' src/secp256k1/configure.ac
RUN sed -i s:sys/fcntl.h:fcntl.h: src/compat.h
RUN ./autogen.sh
# TODO: Try to optimize on passed params
RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
--prefix="$BITCOIN_PREFIX" \
--disable-man \
--disable-shared \
--disable-ccache \
--enable-static \
--enable-reduce-exports \
--without-gui \
--without-libs \
--with-utils \
--with-daemon
RUN make -j$(( $(nproc) + 1 )) check
RUN make install
# List installed binaries pre-strip & strip them
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"*
# List installed binaries post-strip & print their checksums
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"*
#
## `final` aggregates build results from previous stages into a necessary minimum
# ready to be used, and published to Docker Hub.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
ARG VERSION
ARG USER
ARG DIR
LABEL maintainer="Damian Mee (@meeDamian)"
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
# TODO: Check which dependencies are not necessary here
RUN apk add --no-cache \
boost-chrono \
boost-filesystem \
boost-program_options \
boost-thread \
libevent \
libressl \
libsodium \
libstdc++ \
libzmq
COPY --from=builder /opt/bitcoin-$VERSION/bin/bitcoin* /usr/local/bin/
# NOTE: Default GID == UID == 1000
RUN adduser --disabled-password \
--home "$DIR/" \
--gecos "" \
"$USER"
USER $USER
# Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root`
RUN mkdir -p "$DIR/.bitcoin/"
# Expose volume containing all `bitcoind` data
VOLUME $DIR/.bitcoin/
# REST interface
EXPOSE 8080
# P2P network (mainnet, testnet & regnet respectively)
EXPOSE 8333 18333 18444
# RPC interface (mainnet, testnet & regnet respectively)
EXPOSE 8332 18332 18443
# ZMQ ports (for transactions & blocks respectively)
EXPOSE 28332 28333
ENTRYPOINT ["bitcoind"]
CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]

249
0.16/Dockerfile
View File

@ -1,249 +0,0 @@
# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image
# VERSION of Bitcoin Core to be build
# NOTE: Unlike our other images this one is NOT prefixed with `v`,
# as many things (like download URLs) use this form instead.
ARG VERSION=0.16.3
# CPU archtecture to build binaries for
ARG ARCH
# Define default versions so that they don't have to be repreated throughout the file
ARG VER_ALPINE=3.11
# $USER name, and data $DIR to be used in the `final` image
ARG USER=bitcoind
ARG DIR=/data
# Choose where to get bitcoind sources from, options: release, git
# NOTE: Only `SOURCE=git` can be used for RC releases
ARG SOURCE=release
# Choose where to get BerkeleyDB from, options: prebuilt, compile
# NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default
ARG BDB_SOURCE=prebuilt
#
## `preparer-base` installs dependencies needed by both ways of fetching the source,
# as well as imports GPG keys needed to verify authenticity of the source.
#
FROM alpine:${VER_ALPINE} AS preparer-base
# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache gnupg
ENV KEYS 01EA5486DE18A882D4C2684590C8019E36C2E964
RUN timeout 16s gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS
# Print imported keys, but also ensure there's no other keys in the system
RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt
#
## Option #1: [default] Fetch bitcoind source from release tarballs
#
FROM preparer-base AS preparer-release
ARG VERSION
# Download checksums
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./
# Download source code (intentionally different website than checksums)
ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
# Verify that hashes are signed with the previously imported key
RUN gpg --verify SHA256SUMS.asc
# Verify that downloaded source-code archive matches exactly the hash that's provided
RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS.asc | sha256sum -c -
# Extract
RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \
rm -f "bitcoin-$VERSION.tar.gz"
#
## Option #2: Fetch bitcoind source from GitHub
#
FROM preparer-base AS preparer-git
ARG VERSION
RUN apk add --no-cache git
# Fetch the source code at a specific TAG
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/"
# Verify tag, and copy source code to predetermined location on success
RUN cd "/bitcoin-$VERSION/" && \
git verify-tag "v$VERSION"
#
## Alias to go around `COPY` not accepting ARGs in value passed to `--from=`
#
FROM preparer-${SOURCE} AS preparer
#
## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure
# the overall build time of this Dockerfile fits within CI limits.
#
FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt
#
## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo.
#
FROM alpine:${VER_ALPINE} AS berkeleydb-compile
# TODO: implement ^^
RUN echo "Not implemented" && exit 1
FROM berkeleydb-${BDB_SOURCE} AS berkeleydb
#
## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder
ARG VERSION
ARG SOURCE
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
# TODO: Check which dependencies are not necessary here
RUN apk add --no-cache \
autoconf \
automake \
boost-dev \
build-base \
chrpath \
file \
libevent-dev \
libressl \
libressl-dev \
libtool \
linux-headers \
protobuf-dev \
zeromq-dev
# Fetch pre-built berkeleydb
COPY --from=berkeleydb /opt/ /opt/
# Change to the extracted directory
WORKDIR /bitcoin-$VERSION/
# Copy bitcoin source (downloaded & verified in previous stages)
COPY --from=preparer /bitcoin-$VERSION/ ./
ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION
# NOTE: no idea what these do, but they seem necessary
# taken from: https://github.com/ruimarinho/docker-bitcoin-core/blob/master/0.16/alpine/Dockerfile#L67-L69
RUN sed -i '/AC_PREREQ/a\AR_FLAGS=cr' src/univalue/configure.ac
RUN sed -i '/AX_PROG_CC_FOR_BUILD/a\AR_FLAGS=cr' src/secp256k1/configure.ac
RUN sed -i s:sys/fcntl.h:fcntl.h: src/compat.h
RUN ./autogen.sh
# TODO: Try to optimize on passed params
RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
--prefix="$BITCOIN_PREFIX" \
--disable-man \
--disable-shared \
--disable-ccache \
--enable-static \
--enable-reduce-exports \
--without-gui \
--without-libs \
--with-utils \
--with-daemon
RUN make -j$(( $(nproc) + 1 )) check
RUN make install
# List installed binaries pre-strip & strip them
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"*
# List installed binaries post-strip & print their checksums
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"*
#
## `final` aggregates build results from previous stages into a necessary minimum
# ready to be used, and published to Docker Hub.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
ARG VERSION
ARG USER
ARG DIR
LABEL maintainer="Damian Mee (@meeDamian)"
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
# TODO: Check which dependencies are not necessary here
RUN apk add --no-cache \
boost-chrono \
boost-filesystem \
boost-program_options \
boost-thread \
libevent \
libressl \
libsodium \
libstdc++ \
libzmq
COPY --from=builder /opt/bitcoin-$VERSION/bin/bitcoin* /usr/local/bin/
# NOTE: Default GID == UID == 1000
RUN adduser --disabled-password \
--home "$DIR/" \
--gecos "" \
"$USER"
USER $USER
# Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root`
RUN mkdir -p "$DIR/.bitcoin/"
# Expose volume containing all `bitcoind` data
VOLUME $DIR/.bitcoin/
# REST interface
EXPOSE 8080
# P2P network (mainnet, testnet & regnet respectively)
EXPOSE 8333 18333 18444
# RPC interface (mainnet, testnet & regnet respectively)
EXPOSE 8332 18332 18443
# ZMQ ports (for transactions & blocks respectively)
EXPOSE 28332 28333
ENTRYPOINT ["bitcoind"]
CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]

248
0.17/Dockerfile
View File

@ -1,248 +0,0 @@
# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image
# VERSION of Bitcoin Core to be build
# NOTE: Unlike our other images this one is NOT prefixed with `v`,
# as many things (like download URLs) use this form instead.
ARG VERSION=0.17.2
# CPU archtecture to build binaries for
ARG ARCH
# Define default versions so that they don't have to be repreated throughout the file
ARG VER_ALPINE=3.11
# $USER name, and data $DIR to be used in the `final` image
ARG USER=bitcoind
ARG DIR=/data
# Choose where to get bitcoind sources from, options: release, git
# NOTE: Only `SOURCE=git` can be used for RC releases
ARG SOURCE=release
# Choose where to get BerkeleyDB from, options: prebuilt, compile
# NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default
ARG BDB_SOURCE=prebuilt
#
## `preparer-base` installs dependencies needed by both ways of fetching the source,
# as well as imports GPG keys needed to verify authenticity of the source.
#
FROM alpine:${VER_ALPINE} AS preparer-base
# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache gnupg
ENV KEYS 01EA5486DE18A882D4C2684590C8019E36C2E964
RUN timeout 16s gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS
# Print imported keys, but also ensure there's no other keys in the system
RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt
#
## Option #1: [default] Fetch bitcoind source from release tarballs
#
FROM preparer-base AS preparer-release
ARG VERSION
# Download checksums
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./
# Download source code (intentionally different website than checksums)
ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
# Verify that hashes are signed with the previously imported key
RUN gpg --verify SHA256SUMS.asc
# Verify that downloaded source-code archive matches exactly the hash that's provided
RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS.asc | sha256sum -c -
# Extract
RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \
rm -f "bitcoin-$VERSION.tar.gz"
#
## Option #2: Fetch bitcoind source from GitHub
#
FROM preparer-base AS preparer-git
ARG VERSION
RUN apk add --no-cache git
# Fetch the source code at a specific TAG
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/"
# Verify tag, and copy source code to predetermined location on success
RUN cd "/bitcoin-$VERSION/" && \
git verify-tag "v$VERSION"
#
## Alias to go around `COPY` not accepting ARGs in value passed to `--from=`
#
FROM preparer-${SOURCE} AS preparer
#
## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure
# the overall build time of this Dockerfile fits within CI limits.
#
FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt
#
## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo.
#
FROM alpine:${VER_ALPINE} AS berkeleydb-compile
# TODO: implement ^^
RUN echo "Not implemented" && exit 1
FROM berkeleydb-${BDB_SOURCE} AS berkeleydb
#
## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder
ARG VERSION
ARG SOURCE
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
# TODO: Check which dependencies are not necessary here
RUN apk add --no-cache \
autoconf \
automake \
boost-dev \
build-base \
chrpath \
file \
libevent-dev \
libressl \
libressl-dev \
libtool \
linux-headers \
protobuf-dev \
zeromq-dev
# Fetch pre-built berkeleydb
COPY --from=berkeleydb /opt/ /opt/
# Change to the extracted directory
WORKDIR /bitcoin-$VERSION/
# Copy bitcoin source (downloaded & verified in previous stages)
COPY --from=preparer /bitcoin-$VERSION/ ./
ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION
# NOTE: no idea what these do, but they seem necessary
# taken from: https://github.com/ruimarinho/docker-bitcoin-core/blob/master/0.17/alpine/Dockerfile#L67-L69
RUN sed -i '/AC_PREREQ/a\AR_FLAGS=cr' src/univalue/configure.ac
RUN sed -i '/AX_PROG_CC_FOR_BUILD/a\AR_FLAGS=cr' src/secp256k1/configure.ac
RUN sed -i s:sys/fcntl.h:fcntl.h: src/compat.h
RUN ./autogen.sh
# TODO: Try to optimize on passed params
RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
--prefix="$BITCOIN_PREFIX" \
--disable-man \
--disable-shared \
--disable-ccache \
--enable-static \
--enable-reduce-exports \
--without-gui \
--without-libs \
--with-utils \
--with-daemon
RUN make -j$(( $(nproc) + 1 )) check
RUN make install
# List installed binaries pre-strip & strip them
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"*
# List installed binaries post-strip & print their checksums
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"*
#
## `final` aggregates build results from previous stages into a necessary minimum
# ready to be used, and published to Docker Hub.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
ARG VERSION
ARG USER
ARG DIR
LABEL maintainer="Damian Mee (@meeDamian)"
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
# TODO: Check which dependencies are not necessary here
RUN apk add --no-cache \
boost-chrono \
boost-filesystem \
boost-thread \
libevent \
libressl \
libsodium \
libstdc++ \
libzmq
COPY --from=builder /opt/bitcoin-$VERSION/bin/bitcoin* /usr/local/bin/
# NOTE: Default GID == UID == 1000
RUN adduser --disabled-password \
--home "$DIR/" \
--gecos "" \
"$USER"
USER $USER
# Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root`
RUN mkdir -p "$DIR/.bitcoin/"
# Expose volume containing all `bitcoind` data
VOLUME $DIR/.bitcoin/
# REST interface
EXPOSE 8080
# P2P network (mainnet, testnet & regnet respectively)
EXPOSE 8333 18333 18444
# RPC interface (mainnet, testnet & regnet respectively)
EXPOSE 8332 18332 18443
# ZMQ ports (for transactions & blocks respectively)
EXPOSE 28332 28333
ENTRYPOINT ["bitcoind"]
CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]

254
0.18/Dockerfile
View File

@ -1,254 +0,0 @@
# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image
# VERSION of Bitcoin Core to be build
# NOTE: Unlike our other images this one is NOT prefixed with `v`,
# as many things (like download URLs) use this form instead.
ARG VERSION=0.18.1
# CPU archtecture to build binaries for
ARG ARCH
# Define default versions so that they don't have to be repreated throughout the file
ARG VER_ALPINE=3.11
# $USER name, and data $DIR to be used in the `final` image
ARG USER=bitcoind
ARG DIR=/data
# Choose where to get bitcoind sources from, options: release, git
# NOTE: Only `SOURCE=git` can be used for RC releases
ARG SOURCE=release
# Choose where to get BerkeleyDB from, options: prebuilt, compile
# NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default
ARG BDB_SOURCE=prebuilt
#
## `preparer-base` installs dependencies needed by both ways of fetching the source,
# as well as imports GPG keys needed to verify authenticity of the source.
#
FROM alpine:${VER_ALPINE} AS preparer-base
# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache gnupg
ENV KEYS 01EA5486DE18A882D4C2684590C8019E36C2E964
RUN timeout 16s gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS
# Print imported keys, but also ensure there's no other keys in the system
RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt
#
## Option #1: [default] Fetch bitcoind source from release tarballs
#
FROM preparer-base AS preparer-release
ARG VERSION
# Download checksums
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./
# Download source code (intentionally different website than checksums)
ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
# Verify that hashes are signed with the previously imported key
RUN gpg --verify SHA256SUMS.asc
# Verify that downloaded source-code archive matches exactly the hash that's provided
RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS.asc | sha256sum -c -
# Extract
RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \
rm -f "bitcoin-$VERSION.tar.gz"
#
## Option #2: Fetch bitcoind source from GitHub
#
FROM preparer-base AS preparer-git
ARG VERSION
RUN apk add --no-cache git
# Fetch the source code at a specific TAG
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/"
# Verify tag, and copy source code to predetermined location on success
RUN cd "/bitcoin-$VERSION/" && \
git verify-tag "v$VERSION"
#
## Alias to go around `COPY` not accepting ARGs in value passed to `--from=`
#
FROM preparer-${SOURCE} AS preparer
#
## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure
# the overall build time of this Dockerfile fits within CI limits.
#
FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt
#
## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo.
#
FROM alpine:${VER_ALPINE} AS berkeleydb-compile
# TODO: implement ^^
RUN echo "Not implemented" && exit 1
FROM berkeleydb-${BDB_SOURCE} AS berkeleydb
#
## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder
ARG VERSION
ARG SOURCE
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
# TODO: Check which dependencies are not necessary here
RUN apk add --no-cache \
autoconf \
automake \
boost-dev \
build-base \
chrpath \
file \
libevent-dev \
libressl \
libressl-dev \
libtool \
linux-headers \
protobuf-dev \
zeromq-dev
# Fetch pre-built berkeleydb
COPY --from=berkeleydb /opt/ /opt/
# Change to the extracted directory
WORKDIR /bitcoin-$VERSION/
# Copy bitcoin source (downloaded & verified in previous stages)
COPY --from=preparer /bitcoin-$VERSION/ ./
ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION
# Disable emoji test failing on Alpine for unrelated reasons: "missing locale". Not important.
# https://github.com/bitcoin/bitcoin/issues/14948
COPY skip-fs-test-of-utf8.patch .
RUN patch -p0 < skip-fs-test-of-utf8.patch
# NOTE: no idea what these do, but they seem necessary
# taken from: https://github.com/ruimarinho/docker-bitcoin-core/blob/master/0.18/alpine/Dockerfile#L67-L69
RUN sed -i '/AC_PREREQ/a\AR_FLAGS=cr' src/univalue/configure.ac
RUN sed -i '/AX_PROG_CC_FOR_BUILD/a\AR_FLAGS=cr' src/secp256k1/configure.ac
RUN sed -i s:sys/fcntl.h:fcntl.h: src/compat.h
RUN ./autogen.sh
# TODO: Try to optimize on passed params
RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
--prefix="$BITCOIN_PREFIX" \
--disable-man \
--disable-shared \
--disable-ccache \
--enable-static \
--enable-reduce-exports \
--without-gui \
# --without-libs \ # NOTE: Fix necessary for v0.18.1
--with-libs \
--with-utils \
--with-daemon
RUN make -j$(( $(nproc) + 1 )) check
RUN make install
# List installed binaries pre-strip & strip them
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"*
# List installed binaries post-strip & print their checksums
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"*
#
## `final` aggregates build results from previous stages into a necessary minimum
# ready to be used, and published to Docker Hub.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
ARG VERSION
ARG USER
ARG DIR
LABEL maintainer="Damian Mee (@meeDamian)"
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
# TODO: Check which dependencies are not necessary here
RUN apk add --no-cache \
boost-chrono \
boost-filesystem \
boost-thread \
libevent \
libressl \
libsodium \
libstdc++ \
libzmq
COPY --from=builder /opt/bitcoin-$VERSION/bin/bitcoin* /usr/local/bin/
# NOTE: Default GID == UID == 1000
RUN adduser --disabled-password \
--home "$DIR/" \
--gecos "" \
"$USER"
USER $USER
# Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root`
RUN mkdir -p "$DIR/.bitcoin/"
# Expose volume containing all `bitcoind` data
VOLUME $DIR/.bitcoin/
# REST interface
EXPOSE 8080
# P2P network (mainnet, testnet & regnet respectively)
EXPOSE 8333 18333 18444
# RPC interface (mainnet, testnet & regnet respectively)
EXPOSE 8332 18332 18443
# ZMQ ports (for transactions & blocks respectively)
EXPOSE 28332 28333
ENTRYPOINT ["bitcoind"]
CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]

13
0.18/skip-fs-test-of-utf8.patch
View File

@ -1,13 +0,0 @@
diff --git src/test/fs_tests.cpp src/test/fs_tests.cpp
index 93aee10bb..4a01e2ed8 100644
--- src/test/fs_tests.cpp
+++ src/test/fs_tests.cpp
@@ -14,7 +14,7 @@ BOOST_AUTO_TEST_CASE(fsbridge_fstream)
fs::path tmpfolder = SetDataDir("fsbridge_fstream");
// tmpfile1 should be the same as tmpfile2
fs::path tmpfile1 = tmpfolder / "fs_tests_₿_🏃";
- fs::path tmpfile2 = tmpfolder / L"fs_tests_₿_🏃";
+ fs::path tmpfile2 = tmpfolder / "fs_tests_₿_🏃";
{
fsbridge::ofstream file(tmpfile1);
file << "bitcoin";

242
0.19/Dockerfile
View File

@ -1,242 +0,0 @@
# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image
# VERSION of Bitcoin Core to be build
# NOTE: Unlike our other images this one is NOT prefixed with `v`,
# as many things (like download URLs) use this form instead.
ARG VERSION=0.19.1
# CPU archtecture to build binaries for
ARG ARCH
# Define default versions so that they don't have to be repreated throughout the file
ARG VER_ALPINE=3.11
# $USER name, and data $DIR to be used in the `final` image
ARG USER=bitcoind
ARG DIR=/data
# Choose where to get bitcoind sources from, options: release, git
# NOTE: Only `SOURCE=git` can be used for RC releases
ARG SOURCE=release
# Choose where to get BerkeleyDB from, options: prebuilt, compile
# NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default
ARG BDB_SOURCE=prebuilt
#
## `preparer-base` installs dependencies needed by both ways of fetching the source,
# as well as imports GPG keys needed to verify authenticity of the source.
#
FROM alpine:${VER_ALPINE} AS preparer-base
# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache gnupg
ENV KEYS 71A3B16735405025D447E8F274810B012346C9A6 01EA5486DE18A882D4C2684590C8019E36C2E964
RUN timeout 16s gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS
# Print imported keys, but also ensure there's no other keys in the system
RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt
#
## Option #1: [default] Fetch bitcoind source from release tarballs
#
FROM preparer-base AS preparer-release
ARG VERSION
# Download checksums
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./
# Download source code (intentionally different website than checksums)
ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
# Verify that hashes are signed with the previously imported key
RUN gpg --verify SHA256SUMS.asc
# Verify that downloaded source-code archive matches exactly the hash that's provided
RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS.asc | sha256sum -c -
# Extract
RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \
rm -f "bitcoin-$VERSION.tar.gz"
#
## Option #2: Fetch bitcoind source from GitHub
#
FROM preparer-base AS preparer-git
ARG VERSION
RUN apk add --no-cache git
# Fetch the source code at a specific TAG
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/"
# Verify tag, and copy source code to predetermined location on success
RUN cd "/bitcoin-$VERSION/" && \
git verify-tag "v$VERSION"
#
## Alias to go around `COPY` not accepting ARGs in value passed to `--from=`
#
FROM preparer-${SOURCE} AS preparer
#
## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure
# the overall build time of this Dockerfile fits within CI limits.
#
FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt
#
## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo.
#
FROM alpine:${VER_ALPINE} AS berkeleydb-compile
# TODO: implement ^^
RUN echo "Not implemented" && exit 1
FROM berkeleydb-${BDB_SOURCE} AS berkeleydb
#
## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder
ARG VERSION
ARG SOURCE
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
# TODO: Check which dependencies are not necessary here
RUN apk add --no-cache \
autoconf \
automake \
boost-dev \
build-base \
chrpath \
file \
libevent-dev \
libressl \
libressl-dev \
libtool \
linux-headers \
protobuf-dev \
zeromq-dev
# Fetch pre-built berkeleydb
COPY --from=berkeleydb /opt/ /opt/
# Change to the extracted directory
WORKDIR /bitcoin-$VERSION/
# Copy bitcoin source (downloaded & verified in previous stages)
COPY --from=preparer /bitcoin-$VERSION/ ./
ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION
RUN ./autogen.sh
# TODO: Try to optimize on passed params
RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
--prefix="$BITCOIN_PREFIX" \
--disable-man \
--disable-shared \
--disable-ccache \
--enable-static \
--enable-reduce-exports \
--without-gui \
--without-libs \
--with-utils \
--with-daemon
RUN make -j$(( $(nproc) + 1 )) check
RUN make install
# List installed binaries pre-strip & strip them
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"*
# List installed binaries post-strip & print their checksums
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"*
#
## `final` aggregates build results from previous stages into a necessary minimum
# ready to be used, and published to Docker Hub.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
ARG VERSION
ARG USER
ARG DIR
LABEL maintainer="Damian Mee (@meeDamian)"
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
# TODO: Check which dependencies are not necessary here
RUN apk add --no-cache \
boost-chrono \
boost-filesystem \
boost-thread \
libevent \
libressl \
libsodium \
libstdc++ \
libzmq
COPY --from=builder /opt/bitcoin-$VERSION/bin/bitcoin* /usr/local/bin/
# NOTE: Default GID == UID == 1000
RUN adduser --disabled-password \
--home "$DIR/" \
--gecos "" \
"$USER"
USER $USER
# Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root`
RUN mkdir -p "$DIR/.bitcoin/"
# Expose volume containing all `bitcoind` data
VOLUME $DIR/.bitcoin/
# REST interface
EXPOSE 8080
# P2P network (mainnet, testnet & regnet respectively)
EXPOSE 8333 18333 18444
# RPC interface (mainnet, testnet & regnet respectively)
EXPOSE 8332 18332 18443
# ZMQ ports (for transactions & blocks respectively)
EXPOSE 28332 28333
ENTRYPOINT ["bitcoind"]
CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]

238
0.20/Dockerfile
View File

@ -1,238 +0,0 @@
# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image
# VERSION of Bitcoin Core to be build
# NOTE: Unlike our other images this one is NOT prefixed with `v`,
# as many things (like download URLs) use this form instead.
ARG VERSION=0.20.1
# CPU architecture to build binaries for
ARG ARCH
# Define default versions so that they don't have to be repeated throughout the file
ARG VER_ALPINE=3.12
# $USER name, and data $DIR to be used in the `final` image
ARG USER=bitcoind
ARG DIR=/data
# Choose where to get bitcoind sources from, options: release, git
# NOTE: Only `SOURCE=git` can be used for RC releases
ARG SOURCE=release
# Choose where to get BerkeleyDB from, options: prebuilt, compile
# NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default
ARG BDB_SOURCE=prebuilt
#
## `preparer-base` installs dependencies needed by both ways of fetching the source,
# as well as imports GPG keys needed to verify authenticity of the source.
#
FROM alpine:${VER_ALPINE} AS preparer-base
# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache gnupg
ENV KEYS 71A3B16735405025D447E8F274810B012346C9A6 01EA5486DE18A882D4C2684590C8019E36C2E964
RUN timeout 16s gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS
# Print imported keys, but also ensure there's no other keys in the system
RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt
#
## Option #1: [default] Fetch bitcoind source from release tarballs
#
FROM preparer-base AS preparer-release
ARG VERSION
# Download checksums
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./
# Download source code (intentionally different website than checksums)
ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
# Verify that hashes are signed with the previously imported key
RUN gpg --verify SHA256SUMS.asc
# Verify that downloaded source-code archive matches exactly the hash that's provided
RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS.asc | sha256sum -c -
# Extract
RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \
rm -f "bitcoin-$VERSION.tar.gz"
#
## Option #2: Fetch bitcoind source from GitHub
#
FROM preparer-base AS preparer-git
ARG VERSION
RUN apk add --no-cache git
# Fetch the source code at a specific TAG
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/"
# Verify tag, and copy source code to predetermined location on success
RUN cd "/bitcoin-$VERSION/" && \
git verify-tag "v$VERSION"
#
## Alias to go around `COPY` not accepting ARGs in value passed to `--from=`
#
FROM preparer-${SOURCE} AS preparer
#
## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure
# the overall build time of this Dockerfile fits within CI limits.
#
FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt
#
## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo.
#
FROM alpine:${VER_ALPINE} AS berkeleydb-compile
# TODO: implement ^^
RUN echo "Not implemented" && exit 1
FROM berkeleydb-${BDB_SOURCE} AS berkeleydb
#
## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder
ARG VERSION
ARG SOURCE
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache \
autoconf \
automake \
boost-dev \
build-base \
chrpath \
file \
libevent-dev \
libressl \
libtool \
linux-headers \
zeromq-dev
# Fetch pre-built berkeleydb
COPY --from=berkeleydb /opt/ /opt/
# Change to the extracted directory
WORKDIR /bitcoin-$VERSION/
# Copy bitcoin source (downloaded & verified in previous stages)
COPY --from=preparer /bitcoin-$VERSION/ ./
ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION
RUN ./autogen.sh
# TODO: Try to optimize on passed params
RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
--prefix="$BITCOIN_PREFIX" \
--disable-man \
--disable-shared \
--disable-ccache \
--enable-static \
--enable-reduce-exports \
--without-gui \
--without-libs \
--with-utils \
--with-daemon
RUN make -j$(( $(nproc) + 1 )) check
RUN make install
# List installed binaries pre-strip & strip them
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"*
# List installed binaries post-strip & print their checksums
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"*
#
## `final` aggregates build results from previous stages into a necessary minimum
# ready to be used, and published to Docker Hub.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
ARG VERSION
ARG USER
ARG DIR
LABEL maintainer="Damian Mee (@meeDamian)"
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache \
boost-filesystem \
boost-thread \
libevent \
libsodium \
libstdc++ \
libzmq
COPY --from=builder /opt/bitcoin-$VERSION/bin/bitcoin* /usr/local/bin/
# NOTE: Default GID == UID == 1000
RUN adduser --disabled-password \
--home "$DIR/" \
--gecos "" \
"$USER"
USER $USER
# Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root`
RUN mkdir -p "$DIR/.bitcoin/"
# Expose volume containing all `bitcoind` data
VOLUME $DIR/.bitcoin/
# REST interface
EXPOSE 8080
# P2P network (mainnet, testnet & regnet respectively)
EXPOSE 8333 18333 18444
# RPC interface (mainnet, testnet & regnet respectively)
EXPOSE 8332 18332 18443
# ZMQ ports (for transactions & blocks respectively)
EXPOSE 28332 28333
ENTRYPOINT ["bitcoind"]
CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]

253
22.0/Dockerfile
View File

@ -1,253 +0,0 @@
# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image
# VERSION of Bitcoin Core to be build
# NOTE: Unlike our other images this one is NOT prefixed with `v`,
# as many things (like download URLs) use this form instead.
ARG VERSION=22.0
# CPU architecture to build binaries for
ARG ARCH
# Define default versions so that they don't have to be repeated throughout the file
ARG VER_ALPINE=3.12
# $USER name, and data $DIR to be used in the `final` image
ARG USER=bitcoind
ARG DIR=/data
# Choose where to get bitcoind sources from, options: release, git
# NOTE: Only `SOURCE=git` can be used for RC releases
ARG SOURCE=release
# Choose where to get BerkeleyDB from, options: prebuilt, compile
# NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default
ARG BDB_SOURCE=prebuilt
#
## `preparer-base` installs dependencies needed by both ways of fetching the source,
# as well as imports GPG keys needed to verify authenticity of the source.
#
FROM alpine:${VER_ALPINE} AS preparer-base
# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache gnupg
# Bitcoin keys (all)
ENV KEYS 71A3B16735405025D447E8F274810B012346C9A6 01EA5486DE18A882D4C2684590C8019E36C2E964 0CCBAAFD76A2ECE2CCD3141DE2FFD5B1D88CA97D 152812300785C96444D3334D17565732E08E5E41 0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 590B7292695AFFA5B672CBB2E13FC145CD3F4304 28F5900B1BB5D1A4B6B6D1A9ED357015286A333D CFB16E21C950F67FA95E558F2EEB9F5CC09526C1 6E01EEC9656903B0542B8F1003DB6322267C373B D1DBF2C4B96F2DEBF4C16654410108112E7EA81F 9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C 74E2DEF5D77260B98BC19438099BAD163C70FBFA 637DB1E23370F84AFF88CCE03152347D07DA627C 82921A4B88FD454B7EB8CE3C796C4109063D4EAF
# keys to fetch from ubuntu keyserver
ENV KEYS1 71A3B16735405025D447E8F274810B012346C9A6 01EA5486DE18A882D4C2684590C8019E36C2E964 0CCBAAFD76A2ECE2CCD3141DE2FFD5B1D88CA97D 152812300785C96444D3334D17565732E08E5E41 0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 590B7292695AFFA5B672CBB2E13FC145CD3F4304 28F5900B1BB5D1A4B6B6D1A9ED357015286A333D CFB16E21C950F67FA95E558F2EEB9F5CC09526C1 6E01EEC9656903B0542B8F1003DB6322267C373B D1DBF2C4B96F2DEBF4C16654410108112E7EA81F 9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C 74E2DEF5D77260B98BC19438099BAD163C70FBFA
# keys to fetch from keys.openpgp.org
ENV KEYS2 637DB1E23370F84AFF88CCE03152347D07DA627C 82921A4B88FD454B7EB8CE3C796C4109063D4EAF
# Run twop different keys command
RUN timeout 32s gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS1
RUN timeout 32s gpg --keyserver keys.openpgp.org --recv-keys $KEYS2
# Print imported keys, but also ensure there's no other keys in the system
RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt
#
## Option #1: [default] Fetch bitcoind source from release tarballs
#
FROM preparer-base AS preparer-release
ARG VERSION
# Download sigs
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./
# Download checksums
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS ./
# Download source code (intentionally different website than checksums)
# uncomment
#ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
# Verify that hashes are signed with the previously imported key
RUN gpg --verify SHA256SUMS.asc SHA256SUMS
# Verify that downloaded source-code archive matches exactly the hash that's provided
RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS | sha256sum -c -
# Extract
RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \
rm -f "bitcoin-$VERSION.tar.gz"
#
## Option #2: Fetch bitcoind source from GitHub
#
FROM preparer-base AS preparer-git
ARG VERSION
RUN apk add --no-cache git
# Fetch the source code at a specific TAG
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/"
# Verify tag, and copy source code to predetermined location on success
RUN cd "/bitcoin-$VERSION/" && \
git verify-tag "v$VERSION"
#
## Alias to go around `COPY` not accepting ARGs in value passed to `--from=`
#
FROM preparer-${SOURCE} AS preparer
#
## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure
# the overall build time of this Dockerfile fits within CI limits.
#
FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt
#
## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo.
#
FROM alpine:${VER_ALPINE} AS berkeleydb-compile
# TODO: implement ^^
RUN echo "Not implemented" && exit 1
FROM berkeleydb-${BDB_SOURCE} AS berkeleydb
#
## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder
ARG VERSION
ARG SOURCE
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache \
autoconf \
automake \
boost-dev \
sqlite-dev \
build-base \
chrpath \
file \
libevent-dev \
libressl \
libtool \
linux-headers \
zeromq-dev
# Fetch pre-built berkeleydb
COPY --from=berkeleydb /opt/ /opt/
# Change to the extracted directory
WORKDIR /bitcoin-$VERSION/
# Copy bitcoin source (downloaded & verified in previous stages)
COPY --from=preparer /bitcoin-$VERSION/ ./
ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION
RUN ./autogen.sh
# TODO: Try to optimize on passed params
RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
CXXFLAGS="-O2" \
--prefix="$BITCOIN_PREFIX" \
--disable-man \
--disable-shared \
--disable-ccache \
--disable-tests \
--enable-static \
--enable-reduce-exports \
--without-gui \
--without-libs \
--with-utils \
--with-sqlite=yes \
--with-daemon
RUN make -j$(( $(nproc) + 1 )) check
RUN make install
# List installed binaries pre-strip & strip them
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"*
# List installed binaries post-strip & print their checksums
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"*
#
## `final` aggregates build results from previous stages into a necessary minimum
# ready to be used, and published to Docker Hub.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
ARG VERSION
ARG USER
ARG DIR
LABEL maintainer="Damian Mee (@meeDamian)"
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache \
boost-filesystem \
boost-thread \
libevent \
libsodium \
libstdc++ \
libzmq \
sqlite-libs
COPY --from=builder /opt/bitcoin-$VERSION/bin/bitcoin* /usr/local/bin/
# NOTE: Default GID == UID == 1000
RUN adduser --disabled-password \
--home "$DIR/" \
--gecos "" \
"$USER"
USER $USER
# Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root`
RUN mkdir -p "$DIR/.bitcoin/"
# Expose volume containing all `bitcoind` data
VOLUME $DIR/.bitcoin/
# REST interface
EXPOSE 8080
# P2P network (mainnet, testnet & regnet respectively)
EXPOSE 8333 18333 18444
# RPC interface (mainnet, testnet & regnet respectively)
EXPOSE 8332 18332 18443
# ZMQ ports (for transactions & blocks respectively)
EXPOSE 28332 28333
ENTRYPOINT ["bitcoind"]
CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]

258
23.0/Dockerfile
View File

@ -1,258 +0,0 @@
# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image
# VERSION of Bitcoin Core to be build
# NOTE: Unlike our other images this one is NOT prefixed with `v`,
# as many things (like download URLs) use this form instead.
ARG VERSION=23.1
# CPU architecture to build binaries for
ARG ARCH
# Define default versions so that they don't have to be repeated throughout the file
ARG VER_ALPINE=3.12
# $USER name, and data $DIR to be used in the `final` image
ARG USER=bitcoind
ARG DIR=/data
# Choose where to get bitcoind sources from, options: release, git
# NOTE: Only `SOURCE=git` can be used for RC releases
ARG SOURCE=release
# Choose where to get BerkeleyDB from, options: prebuilt, compile
# NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default
ARG BDB_SOURCE=prebuilt
#
## `preparer-base` installs dependencies needed by both ways of fetching the source,
# as well as imports GPG keys needed to verify authenticity of the source.
#
FROM alpine:${VER_ALPINE} AS preparer-base
# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache gnupg
# Key source of truth
# https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/builder-keys/keys.txt"
# curl "https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/builder-keys/keys.txt" 2>/dev/null | awk '{print $1}' | tr '\n' ' '
# Bitcoin keys (all)
ENV KEYS 9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C 617C90010B3BD370B0AC7D424BB42E31C79111B8 E944AE667CF960B1004BC32FCA662BE18B877A60 152812300785C96444D3334D17565732E08E5E41 590B7292695AFFA5B672CBB2E13FC145CD3F4304 0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 912FD3228387123DC97E0E57D5566241A0295FA9 04017A2A6D9A0CCDC81D8EC296AB007F1A7ED999 C519EBCF3B926298946783EFF6430754120EC2F4 18AE2F798E0D239755DA4FD24B79F986CBDF8736 101598DC823C1B5F9A6624ABA5E0907A0380E6C3 F20F56EF6A067F70E8A5C99FFF95FAA971697405 C060A6635913D98A3587D7DB1C2491FFEB0EF770 BF6273FAEF7CC0BA1F562E50989F6B3048A116B5 6D3170C1DC2C6FD0AEEBCA6743811D1A26623924 948444FCE03B05BA5AB0591EC37B1C1D44C786EE 1C6621605EC50319C463D56C7F81D87985D61612 9A1689B60D1B3CCE9262307A2F40A9BF167FBA47 D35176BE9264832E4ACA8986BF0792FBE95DC863 6F993B250557E7B016ADE5713BDCDA2D87A881D9 01CDF4627A3B88AAE4A571C87588242FBE38D3A8 D1DBF2C4B96F2DEBF4C16654410108112E7EA81F A2FD494D0021AA9B4FA58F759102B7AE654A4A5A 2688F5A9A4BE0F295E921E8A25F27A38A47AD566 D3F22A3A4C366C2DCB66D3722DA9C5A7FA81EA35 7480909378D544EA6B6DCEB7535B12980BB8A4D3 D3CC177286005BB8FF673294C5242A1AB3936517 82921A4B88FD454B7EB8CE3C796C4109063D4EAF 32EE5C4C3FA15CCADB46ABE529D4BCB6416F53EC 4B4E840451149DD7FB0D633477DFAB5C3108B9A8 C42AFF7C61B3E44A1454CD3557AF762DB3353322 70A1D47DD44F59DF8B22244333E472FE870C7E5D 30DE693AE0DE9E37B3E7EB6BBFF0F67810C1EED1 E463A93F5F3117EEDE6C7316BD02942421F4889F B8B3F1C0E58C15DB6A81D30C3648A882F4316B9B 07DF3E57A548CCFB7530709189BBB8663E2E65CE CA03882CB1FC067B5D3ACFE4D300116E1C875A3D E777299FC265DD04793070EB944D35F9AC3DB76A AD5764F4ADCE1B99BDFD179E12335A271D4D62EC 9692B91BBF0E8D34DFD33B1882C5C009628ECF0C C57E4B42223FDE851D4F69DD28DF2724F241D8EE F4FC70F07310028424EFC20A8E4256593F177720 D62A803E27E7F43486035ADBBCD04D8E9CCCAC2A 37EC7D7B0A217CDB4B4E007E7FAB114267E4FA04 D762373D24904A3E42F33B08B9A408E71DAAC974 133EAC179436F14A5CF1B794860FEB804E669320 6A8F9C266528E25AEB1D7731C2371D91CB716EA7 A8FC55F3B04BA3146F3492E79303B33A305224CB ED9BDF7AD6A55E232E84524257FF9BDBCC301009 867345026B6763E8B07EE73AB6737117397F5C4F 9EDAFF80E080659604F4A76B2EBB056FD847F8A7 6DEEF79B050C4072509B743F8C275BC595448867 AEC1884398647C47413C1C3FB1179EB7347DC10D 74E2DEF5D77260B98BC19438099BAD163C70FBFA 79D00BAC68B56D422F945A8F8E3A8F3247DBCBBF 71A3B16735405025D447E8F274810B012346C9A6 C388F6961FB972A95678E327F62711DBDCA8AE56 F9A8737BF4FF5C89C903DF31DD78544CF91B1514 287AE4CA1187C68C08B49CB2D11BD4F33F1DB499 6B002C6EA3F91B1B0DF0C9BC8F617F1200A6D25C
# keys to fetch from ubuntu keyserver
ENV KEYS1 9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C 617C90010B3BD370B0AC7D424BB42E31C79111B8 E944AE667CF960B1004BC32FCA662BE18B877A60 912FD3228387123DC97E0E57D5566241A0295FA9 C519EBCF3B926298946783EFF6430754120EC2F4 18AE2F798E0D239755DA4FD24B79F986CBDF8736 101598DC823C1B5F9A6624ABA5E0907A0380E6C3 F20F56EF6A067F70E8A5C99FFF95FAA971697405 C060A6635913D98A3587D7DB1C2491FFEB0EF770 BF6273FAEF7CC0BA1F562E50989F6B3048A116B5 6D3170C1DC2C6FD0AEEBCA6743811D1A26623924 948444FCE03B05BA5AB0591EC37B1C1D44C786EE 1C6621605EC50319C463D56C7F81D87985D61612 9A1689B60D1B3CCE9262307A2F40A9BF167FBA47 D35176BE9264832E4ACA8986BF0792FBE95DC863 6F993B250557E7B016ADE5713BDCDA2D87A881D9 01CDF4627A3B88AAE4A571C87588242FBE38D3A8 A2FD494D0021AA9B4FA58F759102B7AE654A4A5A D3F22A3A4C366C2DCB66D3722DA9C5A7FA81EA35 D3CC177286005BB8FF673294C5242A1AB3936517 4B4E840451149DD7FB0D633477DFAB5C3108B9A8 70A1D47DD44F59DF8B22244333E472FE870C7E5D 30DE693AE0DE9E37B3E7EB6BBFF0F67810C1EED1 07DF3E57A548CCFB7530709189BBB8663E2E65CE 9692B91BBF0E8D34DFD33B1882C5C009628ECF0C C57E4B42223FDE851D4F69DD28DF2724F241D8EE D62A803E27E7F43486035ADBBCD04D8E9CCCAC2A D762373D24904A3E42F33B08B9A408E71DAAC974 6A8F9C266528E25AEB1D7731C2371D91CB716EA7 A8FC55F3B04BA3146F3492E79303B33A305224CB 6DEEF79B050C4072509B743F8C275BC595448867 AEC1884398647C47413C1C3FB1179EB7347DC10D 79D00BAC68B56D422F945A8F8E3A8F3247DBCBBF C388F6961FB972A95678E327F62711DBDCA8AE56 F9A8737BF4FF5C89C903DF31DD78544CF91B1514 287AE4CA1187C68C08B49CB2D11BD4F33F1DB499
# keys to fetch from keys.openpgp.org
ENV KEYS2 04017A2A6D9A0CCDC81D8EC296AB007F1A7ED999 152812300785C96444D3334D17565732E08E5E41 590B7292695AFFA5B672CBB2E13FC145CD3F4304 0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 F4FC70F07310028424EFC20A8E4256593F177720 CA03882CB1FC067B5D3ACFE4D300116E1C875A3D E777299FC265DD04793070EB944D35F9AC3DB76A AD5764F4ADCE1B99BDFD179E12335A271D4D62EC E463A93F5F3117EEDE6C7316BD02942421F4889F B8B3F1C0E58C15DB6A81D30C3648A882F4316B9B C42AFF7C61B3E44A1454CD3557AF762DB3353322 82921A4B88FD454B7EB8CE3C796C4109063D4EAF 32EE5C4C3FA15CCADB46ABE529D4BCB6416F53EC 7480909378D544EA6B6DCEB7535B12980BB8A4D3 2688F5A9A4BE0F295E921E8A25F27A38A47AD566 D1DBF2C4B96F2DEBF4C16654410108112E7EA81F 71A3B16735405025D447E8F274810B012346C9A6 74E2DEF5D77260B98BC19438099BAD163C70FBFA 867345026B6763E8B07EE73AB6737117397F5C4F 9EDAFF80E080659604F4A76B2EBB056FD847F8A7 ED9BDF7AD6A55E232E84524257FF9BDBCC301009 133EAC179436F14A5CF1B794860FEB804E669320 37EC7D7B0A217CDB4B4E007E7FAB114267E4FA04 6B002C6EA3F91B1B0DF0C9BC8F617F1200A6D25C
RUN gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS1
RUN gpg --keyserver keyserver.ubuntu.com --refresh-keys
RUN gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS2
RUN gpg --keyserver keyserver.ubuntu.com --refresh-keys
# Print imported keys, but also ensure there's no other keys in the system
RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt
#
## Option #1: [default] Fetch bitcoind source from release tarballs
#
FROM preparer-base AS preparer-release
ARG VERSION
# Download sigs
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./
# Download checksums
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS ./
# Download source code (intentionally different website than checksums)
# uncomment
#ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
# Verify that hashes are signed with the previously imported key
#RUN gpg --verify SHA256SUMS.asc SHA256SUMS
# Verify that downloaded source-code archive matches exactly the hash that's provided
RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS | sha256sum -c -
# Extract
RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \
rm -f "bitcoin-$VERSION.tar.gz"
#
## Option #2: Fetch bitcoind source from GitHub
#
FROM preparer-base AS preparer-git
ARG VERSION
RUN apk add --no-cache git
# Fetch the source code at a specific TAG
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/"
# Verify tag, and copy source code to predetermined location on success
RUN cd "/bitcoin-$VERSION/" && \
git verify-tag "v$VERSION"
#
## Alias to go around `COPY` not accepting ARGs in value passed to `--from=`
#
FROM preparer-${SOURCE} AS preparer
#
## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure
# the overall build time of this Dockerfile fits within CI limits.
#
FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt
#
## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo.
#
FROM alpine:${VER_ALPINE} AS berkeleydb-compile
# TODO: implement ^^
RUN echo "Not implemented" && exit 1
FROM berkeleydb-${BDB_SOURCE} AS berkeleydb
#
## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder
ARG VERSION
ARG SOURCE
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache \
autoconf \
automake \
boost-dev \
sqlite-dev \
build-base \
chrpath \
file \
libevent-dev \
libressl \
libtool \
linux-headers \
zeromq-dev
# Fetch pre-built berkeleydb
COPY --from=berkeleydb /opt/ /opt/
# Change to the extracted directory
WORKDIR /bitcoin-$VERSION/
# Copy bitcoin source (downloaded & verified in previous stages)
COPY --from=preparer /bitcoin-$VERSION/ ./
ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION
RUN ./autogen.sh
# TODO: Try to optimize on passed params
RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
CXXFLAGS="-O2" \
--prefix="$BITCOIN_PREFIX" \
--disable-man \
--disable-shared \
--disable-ccache \
--disable-tests \
--enable-static \
--enable-reduce-exports \
--without-gui \
--without-libs \
--with-utils \
--with-sqlite=yes \
--with-daemon
RUN make -j$(( $(nproc) + 1 )) check
RUN make install
# List installed binaries pre-strip & strip them
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"*
# List installed binaries post-strip & print their checksums
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"*
#
## `final` aggregates build results from previous stages into a necessary minimum
# ready to be used, and published to Docker Hub.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
ARG VERSION
ARG USER
ARG DIR
LABEL maintainer="Damian Mee (@meeDamian)"
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache \
boost-filesystem \
boost-thread \
libevent \
libsodium \
libstdc++ \
libzmq \
sqlite-libs
COPY --from=builder /opt/bitcoin-$VERSION/bin/bitcoin* /usr/local/bin/
# NOTE: Default GID == UID == 1000
RUN adduser --disabled-password \
--home "$DIR/" \
--gecos "" \
"$USER"
USER $USER
# Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root`
RUN mkdir -p "$DIR/.bitcoin/"
# Expose volume containing all `bitcoind` data
VOLUME $DIR/.bitcoin/
# REST interface
EXPOSE 8080
# P2P network (mainnet, testnet & regnet respectively)
EXPOSE 8333 18333 18444
# RPC interface (mainnet, testnet & regnet respectively)
EXPOSE 8332 18332 18443
# ZMQ ports (for transactions & blocks respectively)
EXPOSE 28332 28333
ENTRYPOINT ["bitcoind"]
CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]

258
24.0/Dockerfile
View File

@ -1,258 +0,0 @@
# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image
# VERSION of Bitcoin Core to be build
# NOTE: Unlike our other images this one is NOT prefixed with `v`,
# as many things (like download URLs) use this form instead.
ARG VERSION=24.0.1
# CPU architecture to build binaries for
ARG ARCH
# Define default versions so that they don't have to be repeated throughout the file
ARG VER_ALPINE=3.12
# $USER name, and data $DIR to be used in the `final` image
ARG USER=bitcoind
ARG DIR=/data
# Choose where to get bitcoind sources from, options: release, git
# NOTE: Only `SOURCE=git` can be used for RC releases
ARG SOURCE=release
# Choose where to get BerkeleyDB from, options: prebuilt, compile
# NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default
ARG BDB_SOURCE=prebuilt
#
## `preparer-base` installs dependencies needed by both ways of fetching the source,
# as well as imports GPG keys needed to verify authenticity of the source.
#
FROM alpine:${VER_ALPINE} AS preparer-base
# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache gnupg
# Key source of truth
# https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/builder-keys/keys.txt"
# curl "https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/builder-keys/keys.txt" 2>/dev/null | awk '{print $1}' | tr '\n' ' '
# Bitcoin keys (all)
ENV KEYS 9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C 617C90010B3BD370B0AC7D424BB42E31C79111B8 E944AE667CF960B1004BC32FCA662BE18B877A60 152812300785C96444D3334D17565732E08E5E41 590B7292695AFFA5B672CBB2E13FC145CD3F4304 0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 912FD3228387123DC97E0E57D5566241A0295FA9 04017A2A6D9A0CCDC81D8EC296AB007F1A7ED999 C519EBCF3B926298946783EFF6430754120EC2F4 18AE2F798E0D239755DA4FD24B79F986CBDF8736 101598DC823C1B5F9A6624ABA5E0907A0380E6C3 F20F56EF6A067F70E8A5C99FFF95FAA971697405 C060A6635913D98A3587D7DB1C2491FFEB0EF770 BF6273FAEF7CC0BA1F562E50989F6B3048A116B5 6D3170C1DC2C6FD0AEEBCA6743811D1A26623924 948444FCE03B05BA5AB0591EC37B1C1D44C786EE 1C6621605EC50319C463D56C7F81D87985D61612 9A1689B60D1B3CCE9262307A2F40A9BF167FBA47 D35176BE9264832E4ACA8986BF0792FBE95DC863 6F993B250557E7B016ADE5713BDCDA2D87A881D9 01CDF4627A3B88AAE4A571C87588242FBE38D3A8 D1DBF2C4B96F2DEBF4C16654410108112E7EA81F A2FD494D0021AA9B4FA58F759102B7AE654A4A5A 2688F5A9A4BE0F295E921E8A25F27A38A47AD566 D3F22A3A4C366C2DCB66D3722DA9C5A7FA81EA35 7480909378D544EA6B6DCEB7535B12980BB8A4D3 D3CC177286005BB8FF673294C5242A1AB3936517 82921A4B88FD454B7EB8CE3C796C4109063D4EAF 32EE5C4C3FA15CCADB46ABE529D4BCB6416F53EC 4B4E840451149DD7FB0D633477DFAB5C3108B9A8 C42AFF7C61B3E44A1454CD3557AF762DB3353322 70A1D47DD44F59DF8B22244333E472FE870C7E5D 30DE693AE0DE9E37B3E7EB6BBFF0F67810C1EED1 E463A93F5F3117EEDE6C7316BD02942421F4889F B8B3F1C0E58C15DB6A81D30C3648A882F4316B9B 07DF3E57A548CCFB7530709189BBB8663E2E65CE CA03882CB1FC067B5D3ACFE4D300116E1C875A3D E777299FC265DD04793070EB944D35F9AC3DB76A AD5764F4ADCE1B99BDFD179E12335A271D4D62EC 9692B91BBF0E8D34DFD33B1882C5C009628ECF0C C57E4B42223FDE851D4F69DD28DF2724F241D8EE F4FC70F07310028424EFC20A8E4256593F177720 D62A803E27E7F43486035ADBBCD04D8E9CCCAC2A 37EC7D7B0A217CDB4B4E007E7FAB114267E4FA04 D762373D24904A3E42F33B08B9A408E71DAAC974 133EAC179436F14A5CF1B794860FEB804E669320 6A8F9C266528E25AEB1D7731C2371D91CB716EA7 A8FC55F3B04BA3146F3492E79303B33A305224CB ED9BDF7AD6A55E232E84524257FF9BDBCC301009 867345026B6763E8B07EE73AB6737117397F5C4F 9EDAFF80E080659604F4A76B2EBB056FD847F8A7 6DEEF79B050C4072509B743F8C275BC595448867 AEC1884398647C47413C1C3FB1179EB7347DC10D 74E2DEF5D77260B98BC19438099BAD163C70FBFA 79D00BAC68B56D422F945A8F8E3A8F3247DBCBBF 71A3B16735405025D447E8F274810B012346C9A6 C388F6961FB972A95678E327F62711DBDCA8AE56 F9A8737BF4FF5C89C903DF31DD78544CF91B1514 287AE4CA1187C68C08B49CB2D11BD4F33F1DB499 6B002C6EA3F91B1B0DF0C9BC8F617F1200A6D25C
# keys to fetch from ubuntu keyserver
ENV KEYS1 9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C 617C90010B3BD370B0AC7D424BB42E31C79111B8 E944AE667CF960B1004BC32FCA662BE18B877A60 912FD3228387123DC97E0E57D5566241A0295FA9 C519EBCF3B926298946783EFF6430754120EC2F4 18AE2F798E0D239755DA4FD24B79F986CBDF8736 101598DC823C1B5F9A6624ABA5E0907A0380E6C3 F20F56EF6A067F70E8A5C99FFF95FAA971697405 C060A6635913D98A3587D7DB1C2491FFEB0EF770 BF6273FAEF7CC0BA1F562E50989F6B3048A116B5 6D3170C1DC2C6FD0AEEBCA6743811D1A26623924 948444FCE03B05BA5AB0591EC37B1C1D44C786EE 1C6621605EC50319C463D56C7F81D87985D61612 9A1689B60D1B3CCE9262307A2F40A9BF167FBA47 D35176BE9264832E4ACA8986BF0792FBE95DC863 6F993B250557E7B016ADE5713BDCDA2D87A881D9 01CDF4627A3B88AAE4A571C87588242FBE38D3A8 A2FD494D0021AA9B4FA58F759102B7AE654A4A5A D3F22A3A4C366C2DCB66D3722DA9C5A7FA81EA35 D3CC177286005BB8FF673294C5242A1AB3936517 4B4E840451149DD7FB0D633477DFAB5C3108B9A8 70A1D47DD44F59DF8B22244333E472FE870C7E5D 30DE693AE0DE9E37B3E7EB6BBFF0F67810C1EED1 07DF3E57A548CCFB7530709189BBB8663E2E65CE 9692B91BBF0E8D34DFD33B1882C5C009628ECF0C C57E4B42223FDE851D4F69DD28DF2724F241D8EE D62A803E27E7F43486035ADBBCD04D8E9CCCAC2A D762373D24904A3E42F33B08B9A408E71DAAC974 6A8F9C266528E25AEB1D7731C2371D91CB716EA7 A8FC55F3B04BA3146F3492E79303B33A305224CB 6DEEF79B050C4072509B743F8C275BC595448867 AEC1884398647C47413C1C3FB1179EB7347DC10D 79D00BAC68B56D422F945A8F8E3A8F3247DBCBBF C388F6961FB972A95678E327F62711DBDCA8AE56 F9A8737BF4FF5C89C903DF31DD78544CF91B1514 287AE4CA1187C68C08B49CB2D11BD4F33F1DB499
# keys to fetch from keys.openpgp.org
ENV KEYS2 04017A2A6D9A0CCDC81D8EC296AB007F1A7ED999 152812300785C96444D3334D17565732E08E5E41 590B7292695AFFA5B672CBB2E13FC145CD3F4304 0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 F4FC70F07310028424EFC20A8E4256593F177720 CA03882CB1FC067B5D3ACFE4D300116E1C875A3D E777299FC265DD04793070EB944D35F9AC3DB76A AD5764F4ADCE1B99BDFD179E12335A271D4D62EC E463A93F5F3117EEDE6C7316BD02942421F4889F B8B3F1C0E58C15DB6A81D30C3648A882F4316B9B C42AFF7C61B3E44A1454CD3557AF762DB3353322 82921A4B88FD454B7EB8CE3C796C4109063D4EAF 32EE5C4C3FA15CCADB46ABE529D4BCB6416F53EC 7480909378D544EA6B6DCEB7535B12980BB8A4D3 2688F5A9A4BE0F295E921E8A25F27A38A47AD566 D1DBF2C4B96F2DEBF4C16654410108112E7EA81F 71A3B16735405025D447E8F274810B012346C9A6 74E2DEF5D77260B98BC19438099BAD163C70FBFA 867345026B6763E8B07EE73AB6737117397F5C4F 9EDAFF80E080659604F4A76B2EBB056FD847F8A7 ED9BDF7AD6A55E232E84524257FF9BDBCC301009 133EAC179436F14A5CF1B794860FEB804E669320 37EC7D7B0A217CDB4B4E007E7FAB114267E4FA04 6B002C6EA3F91B1B0DF0C9BC8F617F1200A6D25C
RUN gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS1
RUN gpg --keyserver keyserver.ubuntu.com --refresh-keys
RUN gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS2
RUN gpg --keyserver keyserver.ubuntu.com --refresh-keys
# Print imported keys, but also ensure there's no other keys in the system
RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt
#
## Option #1: [default] Fetch bitcoind source from release tarballs
#
FROM preparer-base AS preparer-release
ARG VERSION
# Download sigs
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./
# Download checksums
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS ./
# Download source code (intentionally different website than checksums)
# uncomment
#ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
# Verify that hashes are signed with the previously imported key
#RUN gpg --verify SHA256SUMS.asc SHA256SUMS
# Verify that downloaded source-code archive matches exactly the hash that's provided
RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS | sha256sum -c -
# Extract
RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \
rm -f "bitcoin-$VERSION.tar.gz"
#
## Option #2: Fetch bitcoind source from GitHub
#
FROM preparer-base AS preparer-git
ARG VERSION
RUN apk add --no-cache git
# Fetch the source code at a specific TAG
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/"
# Verify tag, and copy source code to predetermined location on success
RUN cd "/bitcoin-$VERSION/" && \
git verify-tag "v$VERSION"
#
## Alias to go around `COPY` not accepting ARGs in value passed to `--from=`
#
FROM preparer-${SOURCE} AS preparer
#
## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure
# the overall build time of this Dockerfile fits within CI limits.
#
FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt
#
## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo.
#
FROM alpine:${VER_ALPINE} AS berkeleydb-compile
# TODO: implement ^^
RUN echo "Not implemented" && exit 1
FROM berkeleydb-${BDB_SOURCE} AS berkeleydb
#
## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder
ARG VERSION
ARG SOURCE
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache \
autoconf \
automake \
boost-dev \
sqlite-dev \
build-base \
chrpath \
file \
libevent-dev \
libressl \
libtool \
linux-headers \
zeromq-dev
# Fetch pre-built berkeleydb
COPY --from=berkeleydb /opt/ /opt/
# Change to the extracted directory
WORKDIR /bitcoin-$VERSION/
# Copy bitcoin source (downloaded & verified in previous stages)
COPY --from=preparer /bitcoin-$VERSION/ ./
ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION
RUN ./autogen.sh
# TODO: Try to optimize on passed params
RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
CXXFLAGS="-O2" \
--prefix="$BITCOIN_PREFIX" \
--disable-man \
--disable-shared \
--disable-ccache \
--disable-tests \
--enable-static \
--enable-reduce-exports \
--without-gui \
--without-libs \
--with-utils \
--with-sqlite=yes \
--with-daemon
RUN make -j$(( $(nproc) + 1 ))
RUN make install
# List installed binaries pre-strip & strip them
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"*
# List installed binaries post-strip & print their checksums
RUN ls -lh "$BITCOIN_PREFIX/bin/"
RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"*
#
## `final` aggregates build results from previous stages into a necessary minimum
# ready to be used, and published to Docker Hub.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
ARG VERSION
ARG USER
ARG DIR
LABEL maintainer="Damian Mee (@meeDamian)"
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache \
boost-filesystem \
boost-thread \
libevent \
libsodium \
libstdc++ \
libzmq \
sqlite-libs
COPY --from=builder /opt/bitcoin-$VERSION/bin/bitcoin* /usr/local/bin/
# NOTE: Default GID == UID == 1000
RUN adduser --disabled-password \
--home "$DIR/" \
--gecos "" \
"$USER"
USER $USER
# Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root`
RUN mkdir -p "$DIR/.bitcoin/"
# Expose volume containing all `bitcoind` data
VOLUME $DIR/.bitcoin/
# REST interface
EXPOSE 8080
# P2P network (mainnet, testnet & regnet respectively)
EXPOSE 8333 18333 18444
# RPC interface (mainnet, testnet & regnet respectively)
EXPOSE 8332 18332 18443
# ZMQ ports (for transactions & blocks respectively)
EXPOSE 28332 28333
ENTRYPOINT ["bitcoind"]
CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]

62
0.21/Dockerfile → 25.1/Dockerfile
View File

@ -1,16 +1,15 @@
# This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image
# This Dockerfile builds Bitcoin Knots and packages it into a minimal `final` image
# VERSION of Bitcoin Core to be build
# VERSION of Bitcoin Knots to be build
# NOTE: Unlike our other images this one is NOT prefixed with `v`,
# as many things (like download URLs) use this form instead.
ARG VERSION=0.21.1
ARG VERSION=25.1.knots20231115
# CPU architecture to build binaries for
ARG ARCH
# Define default versions so that they don't have to be repeated throughout the file
ARG VER_ALPINE=3.12
ARG VER_ALPINE=3.18
# $USER name, and data $DIR to be used in the `final` image
ARG USER=bitcoind
@ -32,19 +31,14 @@ ARG BDB_SOURCE=prebuilt
#
FROM alpine:${VER_ALPINE} AS preparer-base
# Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache gnupg
ENV KEYS 71A3B16735405025D447E8F274810B012346C9A6 01EA5486DE18A882D4C2684590C8019E36C2E964
RUN timeout 16s gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS
# Print imported keys, but also ensure there's no other keys in the system
RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
gpg --list-keys $KEYS | diff - /tmp/keys.txt
RUN apk add --no-cache gnupg
# Guix Builder Keys: https://github.com/bitcoin-core/guix.sigs/tree/main/builder-keys
# curl -s "https://api.github.com/repos/bitcoin-core/guix.sigs/contents/builder-keys" | jq -r '.[].download_url'
ENV KEYS 1A3E761F19D2CC7785C5502EA291A2C45D0C504A CACC7CBB26B3D2EE8FC2F2BC0E37EBAB8574F005 71A3B16735405025D447E8F274810B012346C9A6 \
9EDAFF80E080659604F4A76B2EBB056FD847F8A7
RUN gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS
#
## Option #1: [default] Fetch bitcoind source from release tarballs
@ -53,23 +47,23 @@ FROM preparer-base AS preparer-release
ARG VERSION
# Download sigs
ADD https://bitcoinknots.org/files/25.x/$VERSION/SHA256SUMS.asc ./
# Download checksums
ADD https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS.asc ./
ADD https://bitcoinknots.org/files/25.x/$VERSION/SHA256SUMS ./
# Download source code (intentionally different website than checksums)
ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
# Download source code
ADD https://bitcoinknots.org/files/25.x/$VERSION/bitcoin-25.1.knots20231115.tar.gz ./bitcoin-$VERSION.tar.gz
# Verify that hashes are signed with the previously imported key
RUN gpg --verify SHA256SUMS.asc
RUN gpg --verify SHA256SUMS.asc SHA256SUMS
# Verify that downloaded source-code archive matches exactly the hash that's provided
RUN grep " bitcoin-$VERSION.tar.gz\$" SHA256SUMS.asc | sha256sum -c -
RUN grep "bitcoin-$VERSION.tar.gz" SHA256SUMS | sha256sum -c
# Extract
RUN tar -xzf "bitcoin-$VERSION.tar.gz" && \
rm -f "bitcoin-$VERSION.tar.gz"
rm -f "bitcoin-$VERSION.tar.gz"
#
## Option #2: Fetch bitcoind source from GitHub
@ -81,7 +75,7 @@ ARG VERSION
RUN apk add --no-cache git
# Fetch the source code at a specific TAG
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoin/bitcoin.git "/bitcoin-$VERSION/"
RUN git clone -b "v$VERSION" --depth=1 https://github.com/bitcoinknots/bitcoin.git "/bitcoin-$VERSION/"
# Verify tag, and copy source code to predetermined location on success
RUN cd "/bitcoin-$VERSION/" && \
@ -115,7 +109,7 @@ FROM berkeleydb-${BDB_SOURCE} AS berkeleydb
#
## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
## `builder` builds Bitcoin Knots regardless on how the source, and BDB code were obtained.
#
# NOTE: this stage is emulated using QEMU
# NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
@ -124,9 +118,6 @@ FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder
ARG VERSION
ARG SOURCE
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
RUN apk add --no-cache \
autoconf \
automake \
@ -170,7 +161,7 @@ RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
--with-sqlite=yes \
--with-daemon
RUN make -j$(( $(nproc) + 1 )) check
RUN make -j$(( $(nproc) + 1 ))
RUN make install
# List installed binaries pre-strip & strip them
@ -195,14 +186,11 @@ ARG VERSION
ARG USER
ARG DIR
LABEL maintainer="Damian Mee (@meeDamian)"
# Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
LABEL org.opencontainers.image.source=https://github.com/bitcoinknots/bitcoin
LABEL org.opencontainers.image.description="Knots v25.1 for umbrel"
LABEL org.opencontainers.image.licenses=MIT
RUN apk add --no-cache \
boost-filesystem \
boost-thread \
libevent \
libsodium \
libstdc++ \
@ -239,4 +227,4 @@ EXPOSE 28332 28333
ENTRYPOINT ["bitcoind"]
CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]
CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]

25
scripts/list-tags.sh
View File

@ -1,25 +0,0 @@
#!/usr/bin/env bash
set -eo pipefail
#
## This script returns all lnd tags sorted newest to oldest, with all variants of the same version on the same line
#
main() {
declare repo="$1"
curl -s "https://registry.hub.docker.com/v1/repositories/$repo/tags" \
| jq -r '.[].name' \
| grep '^v.*' \
| grep -v '\-build' \
| tr -s '-' '~' \
| sort -Vr | uniq \
| tr -s '~' '-' \
| grep -v '\-\(arm32\|arm64\|amd64\|linux-arm\)' \
| awk -F- 'NR==1 {printf "* "}; $1!=a && NR>1 {print "\n* "}; {ORS=""; printf "`%s` ", $0}; {a=$1}'
echo
}
main "lncm/bitcoind"

56
scripts/new-release.sh
View File

@ -1,56 +0,0 @@
#!/usr/bin/env bash
set -e
#
## Given version, this script creates & pushes a relevant git-tag.
#
# required version
VERSION=$1
# Verify version to-be-released is provided
if [[ -z "$VERSION" ]]; then
>&2 printf "\nERR: version missing: version needs to be passed as the first argument. Try:\n"
>&2 printf "\t./%s %s\n\n" "$(basename "$0")" "v0.19.1"
exit 1
fi
# Get directory
DIR="$(echo "${VERSION#v}" | cut -d. -f-2)"
# Verify there's no uncommitted changes in the working dir
if [[ -n "$(git status --untracked-files=no --porcelain)" ]]; then
>&2 printf "\nERR: working directory not clean. Commit, or stash changes to continue.\n\n"
exit 1
fi
if ! grep -q "${VERSION#v}" "$DIR/Dockerfile" ; then
>&2 printf "\nERR: Requested version not present in Dockerfile. Make sure that's what you want to do.\n\n"
exit 1
fi
git fetch --tags
# Get last build number
LAST="$(git tag | grep '+build' | sed 's|^.*build||' | sort -h | tail -n 1)"
LAST="${LAST:-0}"
# Increment it
((LAST++))
TAG="$VERSION+build$LAST"
printf "Creating tag: %s…\t" "$TAG"
git tag -sa "$TAG" -m "$TAG"
echo "done"
printf "Pushing tag: %s…\t" "$TAG"
git push origin "$TAG"
echo "All done"