From cb6de6af164ba1419a50705b629264be5a497c83 Mon Sep 17 00:00:00 2001 From: willcl-ark Date: Tue, 19 Nov 2024 13:47:12 +0000 Subject: [PATCH 1/5] Use docker buildx bake to build images This is much cleaner than maintaining a list of complet shell commands. --- docker-bake.hcl | 218 +++++++++++++++++++++ docs/developer-notes.md | 17 ++ resources/images/bitcoin/insecure/build.md | 198 ------------------- 3 files changed, 235 insertions(+), 198 deletions(-) create mode 100644 docker-bake.hcl delete mode 100644 resources/images/bitcoin/insecure/build.md diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 000000000..9cc787a95 --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,218 @@ +group "all" { + targets = [ + "bitcoin-28", + "bitcoin-27", + "bitcoin-26", + "v0-21-1", + "v0-20-0", + "v0-19-2", + "v0-17-0", + "v0-16-1", + "bitcoin-unknown-message", + "bitcoin-invalid-blocks", + "bitcoin-50-orphans", + "bitcoin-no-mp-trim", + "bitcoin-disabled-opcodes", + "bitcoin-5k-inv" + ] +} + +group "maintained" { + targets = [ + "bitcoin-28", + "bitcoin-27", + "bitcoin-26" + ] +} + +group "practice" { + targets = [ + "bitcoin-unknown-message", + "bitcoin-invalid-blocks", + "bitcoin-50-orphans", + "bitcoin-no-mp-trim", + "bitcoin-disabled-opcodes", + "bitcoin-5k-inv" + ] +} + +group "vulnerable" { + targets = [ + "v0-21-1", + "v0-20-0", + "v0-19-2", + "v0-17-0", + "v0-16-1", + ] +} + +target "maintained-base" { + dockerfile = "./Dockerfile" + context = "./resources/images/bitcoin" + args = { + REPO = "bitcoin" + BUILD_ARGS = "--disable-tests --without-gui --disable-bench --disable-fuzz-binary --enable-suppress-external-warnings " + } + platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7"] +} + +target "bitcoin-28" { + inherits = ["maintained-base"] + tags = ["bitcoindevproject/bitcoin:28.0"] + args = { + COMMIT_SHA = "110183746150428e6385880c79f8c5733b1361ba" + } +} + +target "bitcoin-27" { + inherits = ["maintained-base"] + tags = ["bitcoindevproject/bitcoin:27.2"] + args = { + COMMIT_SHA = "bf03c458e994abab9be85486ed8a6d8813313579" + } +} + +target "bitcoin-26" { + inherits = ["maintained-base"] + tags = ["bitcoindevproject/bitcoin:26.2"] + args = { + COMMIT_SHA = "7b7041019ba5e7df7bde1416aa6916414a04f3db" + } +} + +target "practice-base" { + dockerfile = "./Dockerfile" + context = "./resources/images/bitcoin/insecure" + contexts = { + bitcoin-src = "." + } + args = { + ALPINE_VERSION = "3.20" + BITCOIN_VERSION = "28.1.1" + EXTRA_PACKAGES = "sqlite-dev" + EXTRA_RUNTIME_PACKAGES = "" + REPO = "willcl-ark/bitcoin" + } + platforms = ["linux/amd64", "linux/armhf"] +} + +target "bitcoin-unknown-message" { + inherits = ["practice-base"] + tags = ["bitcoindevproject/bitcoin:99.0.0-unknown-message"] + args = { + COMMIT_SHA = "ae999611026e941eca5c0b61f22012c3b3f3d8dc" + } +} + +target "bitcoin-invalid-blocks" { + inherits = ["practice-base"] + tags = ["bitcoindevproject/bitcoin:98.0.0-invalid-blocks"] + args = { + COMMIT_SHA = "9713324368e5a966ec330389a533ae8ad7a0ea8f" + } +} + +target "bitcoin-50-orphans" { + inherits = ["practice-base"] + tags = ["bitcoindevproject/bitcoin:97.0.0-50-orphans"] + args = { + COMMIT_SHA = "cbcb308eb29621c0db3a105e1a1c1788fb0dab6b" + } +} + +target "bitcoin-no-mp-trim" { + inherits = ["practice-base"] + tags = ["bitcoindevproject/bitcoin:96.0.0-no-mp-trim"] + args = { + COMMIT_SHA = "a3a15a9a06dd541d1dafba068c00eedf07e1d5f8" + } +} + +target "bitcoin-disabled-opcodes" { + inherits = ["practice-base"] + tags = ["bitcoindevproject/bitcoin:95.0.0-disabled-opcodes"] + args = { + COMMIT_SHA = "5bdb8c52a8612cac9aa928c84a499dd701542b2a" + } +} + +target "bitcoin-5k-inv" { + inherits = ["practice-base"] + tags = ["bitcoindevproject/bitcoin:94.0.0-5k-inv"] + args = { + COMMIT_SHA = "e70e610e07eea3aeb0c49ae0bd9f4049ffc1b88c" + } +} + +target "CVE-base" { + dockerfile = "./Dockerfile" + context = "./resources/images/bitcoin/insecure" + contexts = { + bitcoin-src = "." + } + platforms = ["linux/amd64", "linux/armhf"] + args = { + REPO = "josibake/bitcoin" + } +} + +target "v0-16-1" { + inherits = ["CVE-base"] + tags = ["bitcoindevproject/bitcoin:0.16.1"] + args = { + ALPINE_VERSION = "3.7" + BITCOIN_VERSION = "0.16.1" + COMMIT_SHA = "dc94c00e58c60412a4e1a540abdf0b56093179e8" + EXTRA_PACKAGES = "protobuf-dev libressl-dev" + EXTRA_RUNTIME_PACKAGES = "boost boost-program_options libressl" + PRE_CONFIGURE_COMMANDS = "sed -i '/AC_PREREQ/a\\AR_FLAGS=cr' src/univalue/configure.ac && sed -i '/AX_PROG_CC_FOR_BUILD/a\\AR_FLAGS=cr' src/secp256k1/configure.ac && sed -i 's:sys/fcntl.h:fcntl.h:' src/compat.h" + } +} + +target "v0-17-0" { + inherits = ["CVE-base"] + tags = ["bitcoindevproject/bitcoin:0.17.0"] + args = { + ALPINE_VERSION = "3.9" + BITCOIN_VERSION = "0.17.0" + COMMIT_SHA = "f6b2db49a707e7ad433d958aee25ce561c66521a" + EXTRA_PACKAGES = "protobuf-dev libressl-dev" + EXTRA_RUNTIME_PACKAGES = "boost boost-program_options libressl sqlite-dev" + } +} + +target "v0-19-2" { + inherits = ["CVE-base"] + tags = ["bitcoindevproject/bitcoin:0.19.2"] + args = { + ALPINE_VERSION = "3.12.12" + BITCOIN_VERSION = "0.19.2" + COMMIT_SHA = "e20f83eb5466a7d68227af14a9d0cf66fb520ffc" + EXTRA_PACKAGES = "sqlite-dev libressl-dev" + EXTRA_RUNTIME_PACKAGES = "boost boost-program_options libressl sqlite-dev" + } +} + +target "v0-20-0" { + inherits = ["CVE-base"] + tags = ["bitcoindevproject/bitcoin:0.20.0"] + args = { + ALPINE_VERSION = "3.12.12" + BITCOIN_VERSION = "0.20.0" + COMMIT_SHA = "0bbff8feff0acf1693dfe41184d9a4fd52001d3f" + EXTRA_PACKAGES = "sqlite-dev miniupnpc" + EXTRA_RUNTIME_PACKAGES = "boost-filesystem sqlite-dev" + } +} + +target "v0-21-1" { + inherits = ["CVE-base"] + tags = ["bitcoindevproject/bitcoin:0.21.1"] + args = { + ALPINE_VERSION = "3.17" + BITCOIN_VERSION = "0.21.1" + COMMIT_SHA = "e0a22f14c15b4877ef6221f9ee2dfe510092d734" + EXTRA_PACKAGES = "sqlite-dev" + EXTRA_RUNTIME_PACKAGES = "boost-filesystem sqlite-dev" + } +} diff --git a/docs/developer-notes.md b/docs/developer-notes.md index 061336d9a..a6de1b9aa 100644 --- a/docs/developer-notes.md +++ b/docs/developer-notes.md @@ -72,3 +72,20 @@ python3 -m build # Upload to Pypi python3 -m twine upload dist/* ``` + +## Building docker images + +The Bitcoin Core docker images used by warnet are specified in the *docker-bake.hcl* file. +This uses the (experimental) `bake` build functionality of docker buildx. +We use [HCL language](https://github.com/hashicorp/hcl) in the declaration file itself. +See the `bake` [documentation](https://docs.docker.com/build/bake/) for more information on specifications, and how to e.g. override arguments. + +In order to build (or "bake") a certain image, find the image's target (name) in the *docker-bake.hcl* file, and then run `docker buildx bake `. + +```bash +# build the dummy image that will crash on 5k invs +docker buildx bake bitcoin-5k-inv + +# build the same image, but set platform to only linux/amd64 +docker buildx bake bitcoin-5k-inv --set bitcoin-5k-inv.platform=linux/amd64 +``` diff --git a/resources/images/bitcoin/insecure/build.md b/resources/images/bitcoin/insecure/build.md deleted file mode 100644 index a824a8316..000000000 --- a/resources/images/bitcoin/insecure/build.md +++ /dev/null @@ -1,198 +0,0 @@ -# Historic CVE images - -These images are for old versions of Bitcoin Core with known CVEs. These images have signet backported -and the addrman and isroutable patches applied. - -# Build incantations - -Run from top-level of project - -## v0.21.1 - -```bash -docker buildx build \ - --platform linux/amd64,linux/armhf \ - --build-context bitcoin-src="." \ - --build-arg ALPINE_VERSION="3.17" \ - --build-arg BITCOIN_VERSION="0.21.1" \ - --build-arg EXTRA_PACKAGES="sqlite-dev" \ - --build-arg EXTRA_RUNTIME_PACKAGES="boost-filesystem sqlite-dev" \ - --build-arg REPO="josibake/bitcoin" \ - --build-arg COMMIT_SHA="e0a22f14c15b4877ef6221f9ee2dfe510092d734" \ - --tag bitcoindevproject/bitcoin:0.21.1 \ - resources/images/bitcoin/insecure -``` - -## v0.20.0 - -```bash -docker buildx build \ - --platform linux/amd64,linux/armhf \ - --build-context bitcoin-src="." \ - --build-arg ALPINE_VERSION="3.12.12" \ - --build-arg BITCOIN_VERSION="0.20.0" \ - --build-arg EXTRA_PACKAGES="sqlite-dev miniupnpc" \ - --build-arg EXTRA_RUNTIME_PACKAGES="boost-filesystem sqlite-dev" \ - --build-arg REPO="josibake/bitcoin" \ - --build-arg COMMIT_SHA="0bbff8feff0acf1693dfe41184d9a4fd52001d3f" \ - --tag bitcoindevproject/bitcoin:0.20.0 \ - resources/images/bitcoin/insecure -``` - -## v0.19.2 - -```bash -docker buildx build \ - --platform linux/amd64,linux/armhf \ - --build-context bitcoin-src="." \ - --build-arg ALPINE_VERSION="3.12.12" \ - --build-arg BITCOIN_VERSION="0.19.2" \ - --build-arg EXTRA_PACKAGES="sqlite-dev libressl-dev" \ - --build-arg EXTRA_RUNTIME_PACKAGES="boost-chrono boost-filesystem libressl sqlite-dev" \ - --build-arg REPO="josibake/bitcoin" \ - --build-arg COMMIT_SHA="e20f83eb5466a7d68227af14a9d0cf66fb520ffc" \ - --tag bitcoindevproject/bitcoin:0.19.2 \ - resources/images/bitcoin/insecure -``` - -## v0.17.0 - -```bash -docker buildx build \ - --platform linux/amd64,linux/armhf \ - --build-context bitcoin-src="." \ - --build-arg ALPINE_VERSION="3.9" \ - --build-arg BITCOIN_VERSION="0.17.0" \ - --build-arg EXTRA_PACKAGES="protobuf-dev libressl-dev" \ - --build-arg EXTRA_RUNTIME_PACKAGES="boost boost-program_options libressl sqlite-dev" \ - --build-arg REPO="josibake/bitcoin" \ - --build-arg COMMIT_SHA="f6b2db49a707e7ad433d958aee25ce561c66521a" \ - --tag bitcoindevproject/bitcoin:0.17.0 \ - resources/images/bitcoin/insecure -``` - -## v0.16.1 - -```bash -docker buildx build \ - --platform linux/amd64,linux/armhf \ - --build-context bitcoin-src="." \ - --build-arg ALPINE_VERSION="3.7" \ - --build-arg BITCOIN_VERSION="0.16.1" \ - --build-arg EXTRA_PACKAGES="protobuf-dev libressl-dev" \ - --build-arg PRE_CONFIGURE_COMMANDS="sed -i '/AC_PREREQ/a\AR_FLAGS=cr' src/univalue/configure.ac && sed -i '/AX_PROG_CC_FOR_BUILD/a\AR_FLAGS=cr' src/secp256k1/configure.ac && sed -i 's:sys/fcntl.h:fcntl.h:' src/compat.h" \ - --build-arg EXTRA_RUNTIME_PACKAGES="boost boost-program_options libressl" \ - --build-arg REPO="josibake/bitcoin" \ - --build-arg COMMIT_SHA="dc94c00e58c60412a4e1a540abdf0b56093179e8" \ - --tag bitcoindevproject/bitcoin:0.16.1 \ - resources/images/bitcoin/insecure -``` - -## unknown p2p message crash - -Will crash when sent an "unknown" P2P message is received from a node using protocol version >= 70016 - -```bash -docker buildx build \ - --platform linux/amd64,linux/armhf \ - --build-context bitcoin-src="." \ - --build-arg ALPINE_VERSION="3.20" \ - --build-arg BITCOIN_VERSION="28.1.1" \ - --build-arg EXTRA_PACKAGES="sqlite-dev" \ - --build-arg EXTRA_RUNTIME_PACKAGES="" \ - --build-arg REPO="willcl-ark/bitcoin" \ - --build-arg COMMIT_SHA="df1768325cca49bb867b7919675ae06c964b5ffa" \ - --tag bitcoindevproject/bitcoin:99.1.0-unknown-message \ - resources/images/bitcoin/insecure -``` - -## invalid blocks crash - -Will crash when sent an invalid block - -```bash -docker buildx build \ - --platform linux/amd64,linux/armhf \ - --build-context bitcoin-src="." \ - --build-arg ALPINE_VERSION="3.20" \ - --build-arg BITCOIN_VERSION="28.1.1" \ - --build-arg EXTRA_PACKAGES="sqlite-dev" \ - --build-arg EXTRA_RUNTIME_PACKAGES="" \ - --build-arg REPO="willcl-ark/bitcoin" \ - --build-arg COMMIT_SHA="f72bc595fc762c7afcbd156f4f84bf48f7ff4fdb" \ - --tag bitcoindevproject/bitcoin:99.1.0-invalid-blocks \ - resources/images/bitcoin/insecure -``` - -## too many orphans crash - -Will crash when we have 50 orphans in the orphanage - -```bash -docker buildx build \ - --platform linux/amd64,linux/armhf \ - --build-context bitcoin-src="." \ - --build-arg ALPINE_VERSION="3.20" \ - --build-arg BITCOIN_VERSION="28.1.1" \ - --build-arg EXTRA_PACKAGES="sqlite-dev" \ - --build-arg EXTRA_RUNTIME_PACKAGES="" \ - --build-arg REPO="willcl-ark/bitcoin" \ - --build-arg COMMIT_SHA="38aff9d695f5aa187fc3b75f08228248963372ee" \ - --tag bitcoindevproject/bitcoin:99.1.0-50-orphans \ - resources/images/bitcoin/insecure -``` - -## full mempool crash - -Will crash when we would normally trim the mempool size. -Mempool set to 50MB by default. - -```bash -docker buildx build \ - --platform linux/amd64,linux/armhf \ - --build-context bitcoin-src="." \ - --build-arg ALPINE_VERSION="3.20" \ - --build-arg BITCOIN_VERSION="28.1.1" \ - --build-arg EXTRA_PACKAGES="sqlite-dev" \ - --build-arg EXTRA_RUNTIME_PACKAGES="" \ - --build-arg REPO="willcl-ark/bitcoin" \ - --build-arg COMMIT_SHA="d30f8112611c4732ccb01f0a0216eb7ed10e04a7" \ - --tag bitcoindevproject/bitcoin:99.1.0-no-mp-trim\ - resources/images/bitcoin/insecure -``` - -## disabled opcodes crash - -Will crash when processing a disabled opcode - -```bash -docker buildx build \ - --platform linux/amd64,linux/armhf \ - --build-context bitcoin-src="." \ - --build-arg ALPINE_VERSION="3.20" \ - --build-arg BITCOIN_VERSION="28.1.1" \ - --build-arg EXTRA_PACKAGES="sqlite-dev" \ - --build-arg EXTRA_RUNTIME_PACKAGES="" \ - --build-arg REPO="willcl-ark/bitcoin" \ - --build-arg COMMIT_SHA="51e068ed42727eee08af62e09eb5789d8b910f61" \ - --tag bitcoindevproject/bitcoin:99.1.0-disabled-opcodes \ - resources/images/bitcoin/insecure -``` - -## crash when 5k inv messages received - -Will crash when we receive a total of 5k `INV` p2p messages are received from a single peer. - -```bash -docker buildx build \ - --platform linux/amd64,linux/armhf \ - --build-context bitcoin-src="." \ - --build-arg ALPINE_VERSION="3.20" \ - --build-arg BITCOIN_VERSION="28.1.1" \ - --build-arg EXTRA_PACKAGES="sqlite-dev" \ - --build-arg EXTRA_RUNTIME_PACKAGES="" \ - --build-arg REPO="willcl-ark/bitcoin" \ - --build-arg COMMIT_SHA="3e1ce7de0d19f791315fa87e0d29504ee0c80fe8" \ - --tag bitcoindevproject/bitcoin:99.1.0-5k-inv \ - resources/images/bitcoin/insecure -``` From 09428221e44d9ba237302f010c4bef38aebffbc0 Mon Sep 17 00:00:00 2001 From: willcl-ark Date: Thu, 21 Nov 2024 10:15:22 +0000 Subject: [PATCH 2/5] patch to enable aarch64 --- resources/images/bitcoin/insecure/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/resources/images/bitcoin/insecure/Dockerfile b/resources/images/bitcoin/insecure/Dockerfile index 6f59a4c2e..ce6699872 100644 --- a/resources/images/bitcoin/insecure/Dockerfile +++ b/resources/images/bitcoin/insecure/Dockerfile @@ -48,7 +48,12 @@ RUN mkdir -p ${BERKELEYDB_PREFIX} WORKDIR /${BERKELEYDB_VERSION}/build_unix -RUN ../dist/configure --enable-cxx --disable-shared --with-pic --prefix=${BERKELEYDB_PREFIX} +ARG TARGETPLATFORM +RUN if [ "$TARGETPLATFORM" = "linux/arm64" ]; then \ + ../dist/configure --enable-cxx --disable-shared --with-pic --prefix=${BERKELEYDB_PREFIX} --build=aarch64-unknown-linux-gnu; \ +else \ + ../dist/configure --enable-cxx --disable-shared --with-pic --prefix=${BERKELEYDB_PREFIX}; \ +fi RUN make -j$(nproc) RUN make install RUN rm -rf ${BERKELEYDB_PREFIX}/docs From 79da159eb6a217d2c8acccd39a2145e6b10d1525 Mon Sep 17 00:00:00 2001 From: willcl-ark Date: Thu, 21 Nov 2024 10:31:11 +0000 Subject: [PATCH 3/5] add miniupnp-dev to v0.20.0 --- docker-bake.hcl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-bake.hcl b/docker-bake.hcl index 9cc787a95..e24b4dfb3 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -200,8 +200,8 @@ target "v0-20-0" { ALPINE_VERSION = "3.12.12" BITCOIN_VERSION = "0.20.0" COMMIT_SHA = "0bbff8feff0acf1693dfe41184d9a4fd52001d3f" - EXTRA_PACKAGES = "sqlite-dev miniupnpc" - EXTRA_RUNTIME_PACKAGES = "boost-filesystem sqlite-dev" + EXTRA_PACKAGES = "sqlite-dev miniupnpc-dev" + EXTRA_RUNTIME_PACKAGES = "boost-filesystem miniupnpc-dev sqlite-dev" } } From fadf038a7085ea6b0be9f1791393043f8f15dc6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Omar=20Vergara=20P=C3=A9rez?= Date: Wed, 5 Mar 2025 21:28:52 -0600 Subject: [PATCH 4/5] image build: use cmake with docker buildx bake --- docker-bake.hcl | 32 ++++++++-- resources/images/bitcoin/Dockerfile.dev | 80 +++++++++++++++++++++++++ 2 files changed, 106 insertions(+), 6 deletions(-) create mode 100644 resources/images/bitcoin/Dockerfile.dev diff --git a/docker-bake.hcl b/docker-bake.hcl index e24b4dfb3..49db08eaa 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -47,17 +47,37 @@ group "vulnerable" { } target "maintained-base" { - dockerfile = "./Dockerfile" context = "./resources/images/bitcoin" args = { - REPO = "bitcoin" - BUILD_ARGS = "--disable-tests --without-gui --disable-bench --disable-fuzz-binary --enable-suppress-external-warnings " + REPO = "bitcoin/bitcoin" + BUILD_ARGS = "--disable-tests --without-gui --disable-bench --disable-fuzz-binary --enable-suppress-external-warnings" } platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7"] } -target "bitcoin-28" { +target "cmake-base" { inherits = ["maintained-base"] + dockerfile = "./Dockerfile.dev" + args = { + BUILD_ARGS = "-DBUILD_TESTS=OFF -DBUILD_GUI=OFF -DBUILD_BENCH=OFF -DBUILD_FUZZ_BINARY=OFF -DWITH_ZMQ=ON" + } +} + +target "autogen-base" { + inherits = ["maintained-base"] + dockerfile = "./Dockerfile" +} + +target "bitcoin-master" { + inherits = ["cmake-base"] + tags = ["bitcoindevproject/bitcoin:28.1"] + args = { + COMMIT_SHA = "bd0ee07310c3dcdd08633c69eac330e2e567b235" + } +} + +target "bitcoin-28" { + inherits = ["autogen-base"] tags = ["bitcoindevproject/bitcoin:28.0"] args = { COMMIT_SHA = "110183746150428e6385880c79f8c5733b1361ba" @@ -65,7 +85,7 @@ target "bitcoin-28" { } target "bitcoin-27" { - inherits = ["maintained-base"] + inherits = ["autogen-base"] tags = ["bitcoindevproject/bitcoin:27.2"] args = { COMMIT_SHA = "bf03c458e994abab9be85486ed8a6d8813313579" @@ -73,7 +93,7 @@ target "bitcoin-27" { } target "bitcoin-26" { - inherits = ["maintained-base"] + inherits = ["autogen-base"] tags = ["bitcoindevproject/bitcoin:26.2"] args = { COMMIT_SHA = "7b7041019ba5e7df7bde1416aa6916414a04f3db" diff --git a/resources/images/bitcoin/Dockerfile.dev b/resources/images/bitcoin/Dockerfile.dev new file mode 100644 index 000000000..d64b6aff2 --- /dev/null +++ b/resources/images/bitcoin/Dockerfile.dev @@ -0,0 +1,80 @@ +# Setup deps stage +FROM alpine AS deps +ARG REPO +ARG COMMIT_SHA +ARG BUILD_ARGS + +RUN --mount=type=cache,target=/var/cache/apk \ + sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories \ + && apk --no-cache add \ + cmake \ + python3 \ + boost-dev \ + build-base \ + chrpath \ + file \ + gnupg \ + git \ + libevent-dev \ + libressl \ + libtool \ + linux-headers \ + sqlite-dev \ + zeromq-dev + +COPY isroutable.patch /tmp/ +COPY addrman.patch /tmp/ + + +# Clone and patch and build stage +FROM deps AS build +ENV BITCOIN_PREFIX=/opt/bitcoin +WORKDIR /build + +RUN set -ex \ + && cd /build \ + && git clone --depth 1 "https://github.com/${REPO}" \ + && cd bitcoin \ + && git fetch --depth 1 origin "$COMMIT_SHA" \ + && git checkout "$COMMIT_SHA" \ + && git apply /tmp/isroutable.patch \ + && git apply /tmp/addrman.patch \ + && sed -i s:sys/fcntl.h:fcntl.h: src/compat/compat.h \ + && cmake -B build \ + -DCMAKE_INSTALL_PREFIX=${BITCOIN_PREFIX} \ + ${BUILD_ARGS} \ + && cmake --build build -j$(nproc) \ + && cmake --install build \ + && strip ${BITCOIN_PREFIX}/bin/bitcoin-cli \ + && strip ${BITCOIN_PREFIX}/bin/bitcoind \ + && rm -f ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.a \ + && rm -f ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 + +# Final clean stage +FROM alpine +ARG UID=100 +ARG GID=101 +ENV BITCOIN_DATA=/root/.bitcoin +ENV BITCOIN_PREFIX=/opt/bitcoin +ENV PATH=${BITCOIN_PREFIX}/bin:$PATH +LABEL maintainer.0="bitcoindevproject" + +RUN addgroup bitcoin --gid ${GID} --system \ + && adduser --uid ${UID} --system bitcoin --ingroup bitcoin +RUN --mount=type=cache,target=/var/cache/apk sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories \ + && apk --no-cache add \ + bash \ + libevent \ + libzmq \ + shadow \ + sqlite-dev \ + su-exec + +COPY --from=build /opt/bitcoin /usr/local +COPY entrypoint.sh / + +VOLUME ["/home/bitcoin/.bitcoin"] +EXPOSE 8332 8333 18332 18333 18443 18444 38333 38332 + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["bitcoind"] From 92f7719ca933cdec60771464562ecb1e6f4279cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Omar=20Vergara=20P=C3=A9rez?= Date: Tue, 11 Mar 2025 23:09:54 -0600 Subject: [PATCH 5/5] add docs on how to use load and push options --- docs/developer-notes.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/developer-notes.md b/docs/developer-notes.md index a6de1b9aa..3a1d80081 100644 --- a/docs/developer-notes.md +++ b/docs/developer-notes.md @@ -89,3 +89,17 @@ docker buildx bake bitcoin-5k-inv # build the same image, but set platform to only linux/amd64 docker buildx bake bitcoin-5k-inv --set bitcoin-5k-inv.platform=linux/amd64 ``` + +To load the single-platform build result to `docker images`, run: + +```bash +docker buildx bake --load bitcoin-5k-inv +``` + +Push the build result to a registry by running: + +```bash +docker buildx bake --push bitcoin-5k-inv +``` + +It will automatically push the build result to registry.