add knots for umbrel

2025-05-24 19:12:36 +02:00 · 2023-12-24 23:31:39 +01:00 · 2023-12-24 23:31:39 +01:00 · c5bb1e3fd8
commit c5bb1e3fd8
parent 3299b75a73
1 changed files with 259 additions and 0 deletions
--- a/knots-for-umbrel/Dockerfile
+++ b/knots-for-umbrel/Dockerfile
@ -0,0 +1,259 @@
 # This Dockerfile builds Bitcoin Core and packages it into a minimal `final` image
 # VERSION of Bitcoin Core to be build
 #   NOTE: Unlike our other images this one is NOT prefixed with `v`,
 #           as many things (like download URLs) use this form instead.
 ARG VERSION=vk-25.1-umbrel
 # CPU architecture to build binaries for
 ARG ARCH
 # Define default versions so that they don't have to be repeated throughout the file
 ARG VER_ALPINE=3.12
 # $USER name, and data $DIR to be used in the `final` image
 ARG USER=bitcoind
 ARG DIR=/data
 # Choose where to get bitcoind sources from, options: release, git
 #   NOTE: Only `SOURCE=git` can be used for RC releases
 ARG SOURCE=release
 # Choose where to get BerkeleyDB from, options: prebuilt, compile
 #   NOTE: When compiled here total execution time exceeds allowed CI limits, so pre-built one is used by default
 ARG BDB_SOURCE=prebuilt
 #
 ## `preparer-base` installs dependencies needed by both ways of fetching the source,
 #       as well as imports GPG keys needed to verify authenticity of the source.
 #
 FROM alpine:${VER_ALPINE} AS preparer-base
 # Make sure APKs are downloaded over SSL. See: https://github.com/gliderlabs/docker-alpine/issues/184
 RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
 RUN apk add --no-cache  gnupg
 # Key source of truth
 #  https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/builder-keys/keys.txt"
 #  curl "https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/builder-keys/keys.txt" 2>/dev/null | awk '{print $1}' | tr '\n' ' '
 # Bitcoin keys (all)
 ENV KEYS CACC7CBB26B3D2EE8FC2F2BC0E37EBAB8574F005
 # keys to fetch from ubuntu keyserver
 ENV KEYS1 CACC7CBB26B3D2EE8FC2F2BC0E37EBAB8574F005
 # keys to fetch from keys.openpgp.org
 ENV KEYS2 CACC7CBB26B3D2EE8FC2F2BC0E37EBAB8574F005
 RUN gpg --keyserver keyserver.ubuntu.com  --recv-keys $KEYS1
 RUN gpg --keyserver keyserver.ubuntu.com --refresh-keys
 RUN gpg --keyserver keyserver.ubuntu.com  --recv-keys $KEYS2
 RUN gpg --keyserver keyserver.ubuntu.com  --refresh-keys
 # Print imported keys, but also ensure there's no other keys in the system
 RUN gpg --list-keys | tail -n +3 | tee /tmp/keys.txt && \
    gpg --list-keys $KEYS | diff - /tmp/keys.txt
 #
 ## Option #1: [default] Fetch bitcoind source from release tarballs
 #
 FROM preparer-base AS preparer-release
 ARG VERSION
 # Download sigs
 #ADD https://github.com/Retropex/bitcoin/releases/download/death-star-V1/all.SHA256SUMS.asc  ./
 # Download checksums
 #ADD https://github.com/Retropex/bitcoin/releases/download/death-star-V1/all.SHA256SUMS  ./
 # Download source code (intentionally different website than checksums)
 # uncomment
 #ADD https://bitcoin.org/bin/bitcoin-core-$VERSION/bitcoin-$VERSION.tar.gz ./
 ADD https://github.com/Retropex/bitcoin/archive/refs/tags/vk-25.1-umbrel.tar.gz ./
 # Verify that hashes are signed with the previously imported key
 #RUN gpg --verify all.SHA256SUMS.asc all.SHA256SUMS
 # Verify that downloaded source-code archive matches exactly the hash that's provided
 #RUN grep " bitcoin-$VERSION.tar.gz\$" all.SHA256SUMS | sha256sum -c -
 # Extract
 RUN tar -xzf "vk-25.1-umbrel.tar.gz" && \
    rm  -f   "vk-25.1-umbrel.tar.gz"
 #
 ## Option #2: Fetch bitcoind source from GitHub
 #
 FROM preparer-base AS preparer-git
 ARG VERSION
 RUN apk add --no-cache git
 # Fetch the source code at a specific TAG
 RUN git clone  -b "vk-25.1-umbrel"  --depth=1  https://github.com/Retropex/bitcoin.git  "/bitcoin-$VERSION/"
 # Verify tag, and copy source code to predetermined location on success
 RUN cd "/bitcoin-$VERSION/" && \
    git verify-tag "death-star"
 #
 ## Alias to go around `COPY` not accepting ARGs in value passed to `--from=`
 #
 FROM preparer-${SOURCE} AS preparer
 #
 ## `berkeleydb-prebuilt` downloads a pre-built BerkeleyDB to make sure
 #       the overall build time of this Dockerfile fits within CI limits.
 #
 FROM lncm/berkeleydb:v4.8.30.NC${ARCH:+-${ARCH}} AS berkeleydb-prebuilt
 #
 ## `berkeleydb-compile` builds BerkeleyDB from source using script provided in bitcoind repo.
 #
 FROM alpine:${VER_ALPINE} AS berkeleydb-compile
 # TODO: implement ^^
 RUN echo "Not implemented" && exit 1
 FROM berkeleydb-${BDB_SOURCE} AS berkeleydb
 #
 ## `builder` builds Bitcoin Core regardless on how the source, and BDB code were obtained.
 #
 # NOTE: this stage is emulated using QEMU
 # NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
 FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS builder
 ARG VERSION
 ARG SOURCE
 # Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
 RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
 RUN apk add --no-cache \
        autoconf \
        automake \
        boost-dev \
        sqlite-dev \
        build-base \
        chrpath \
        file \
        libevent-dev \
        libressl \
        libtool \
        linux-headers \
        zeromq-dev
 # Fetch pre-built berkeleydb
 COPY  --from=berkeleydb /opt/  /opt/
 # Change to the extracted directory
 WORKDIR /bitcoin-$VERSION/
 # Copy bitcoin source (downloaded & verified in previous stages)
 COPY  --from=preparer /bitcoin-$VERSION/  ./
 ENV BITCOIN_PREFIX /opt/bitcoin-$VERSION
 RUN ./autogen.sh
 # TODO: Try to optimize on passed params
 RUN ./configure LDFLAGS=-L/opt/db4/lib/ CPPFLAGS=-I/opt/db4/include/ \
    CXXFLAGS="-O2" \
    --prefix="$BITCOIN_PREFIX" \
    --disable-man \
    --disable-shared \
    --disable-ccache \
    --disable-tests \
    --enable-static \
    --enable-reduce-exports \
    --without-gui \
    --without-libs \
    --with-utils \
    --with-sqlite=yes \
    --with-daemon
 RUN make -j$(( $(nproc) + 1 ))
 RUN make install
 # List installed binaries pre-strip & strip them
 RUN ls -lh "$BITCOIN_PREFIX/bin/"
 RUN strip -v "$BITCOIN_PREFIX/bin/bitcoin"*
 # List installed binaries post-strip & print their checksums
 RUN ls -lh "$BITCOIN_PREFIX/bin/"
 RUN sha256sum "$BITCOIN_PREFIX/bin/bitcoin"*
 #
 ## `final` aggregates build results from previous stages into a necessary minimum
 #       ready to be used, and published to Docker Hub.
 #
 # NOTE: this stage is emulated using QEMU
 # NOTE: `${ARCH:+${ARCH}/}` - if ARCH is set, append `/` to it, leave it empty otherwise
 FROM ${ARCH:+${ARCH}/}alpine:${VER_ALPINE} AS final
 ARG VERSION
 ARG USER
 ARG DIR
 LABEL maintainer="Damian Mee (@meeDamian)"
 # Use APK repos over HTTPS. See: https://github.com/gliderlabs/docker-alpine/issues/184
 RUN sed -i 's|http://dl-cdn.alpinelinux.org|https://alpine.global.ssl.fastly.net|g' /etc/apk/repositories
 RUN apk add --no-cache \
        boost-filesystem \
        boost-thread \
        libevent \
        libsodium \
        libstdc++ \
        libzmq \
        sqlite-libs
 COPY  --from=builder /opt/bitcoin-$VERSION/bin/bitcoin*  /usr/local/bin/
 # NOTE: Default GID == UID == 1000
 RUN adduser --disabled-password \
            --home "$DIR/" \
            --gecos "" \
            "$USER"
 USER $USER
 # Prevents `VOLUME $DIR/.bitcoind/` being created as owned by `root`
 RUN mkdir -p "$DIR/.bitcoin/"
 # Expose volume containing all `bitcoind` data
 VOLUME $DIR/.bitcoin/
 # REST interface
 EXPOSE 8080
 # P2P network (mainnet, testnet & regnet respectively)
 EXPOSE 8333 18333 18444
 # RPC interface (mainnet, testnet & regnet respectively)
 EXPOSE 8332 18332 18443
 # ZMQ ports (for transactions & blocks respectively)
 EXPOSE 28332 28333
 ENTRYPOINT ["bitcoind"]
 CMD ["-zmqpubrawblock=tcp://0.0.0.0:28332", "-zmqpubrawtx=tcp://0.0.0.0:28333"]