tenku/docker/gitian-host/README.md

Gitian host docker container
============================

The provided [Dockerfile](http://docs.docker.io/reference/builder/) allows to generate a [gitian-builder](https://gitian.org/) host image, that can subsequently be used for reproducible builds using LXC VMs.

How this works:
<img src="diagram.png">

Some of the discussions leading to the creation of this set of Dockerfiles/scripts are available on [this issue](https://github.com/devrandom/gitian-builder/issues/53).

Preamble
--------

It is **necessary** that before you using these scripts you read them and understand what they do.
Why? Because your goal is to create a gitian build (deterministic) that has not been tampered with, thus trust shall be correctly attributed during your process.

For example, in this repository I provide the [Debian Archive keyring](../keyrings/debian-archive-keyring.gpg) that is used for the original debootstrap,
however you **must** verify its authenticity and that it is exactly [as provided officially by Debian](https://packages.debian.org/wheezy/all/debian-archive-keyring/download)
in order to continue using a trusted chain of systems.

See also:
- https://gitian.org/
- https://en.wikipedia.org/wiki/Web_of_trust
- http://www.dwheeler.com/trusting-trust/
- https://www.debian.org/
- https://wiki.debian.org/SecureApt
- https://www.docker.io/
- http://www.ubuntu.com/

How to build the image
----------------------
Images have not been pushed images to my [Docker Registry](https://index.docker.io/) account, this is on purpose because even if generated images have my repository prefix ('gdm85/') you are supposed
to create them from scratch.

**NOTE:** you must have debootstrap on your real host to run this script successfully, and also make sure you have a keyring with APT keys, see also https://wiki.debian.org/SecureApt

First steps:
- run **scripts/build-wheezy.sh** to get a Debian Wheezy image debootstrapped from Debian repositories.
- run **scripts/create-gitian-host.sh**, this will simply build the Dockerfile that installs the few necessary dependencies inside the prepared image, plus generate a second image with the i386 and amd64 VMs (see [build-base-vms.sh](build-base-vms.sh)).

**NOTE:** when I say "run", what I really mean is "read the script, study it for your own learning purposes, then run it" ;)

After steps above you will have prepared a full gitian builder environment for deterministic builds.
The image that contains the VMs is called *gdm85/gitian-host-vms*; in future you can spawn containers with this image for new gitian-builder environments.

Example:
```
$ scripts/spawn-gitian-host.sh
You can now SSH into container 8a955ff5607b62d4c295745f27bbc38f2e8e011ea93053e641617d50ad2aa5a2:
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.2
$ 
```
This will create a privileged running container that you can access with the SSH command displayed.

Derived images
--------------
A [bitcoin gitian host container](../gitian-bitcoin-host/README.md) is available.

Credits
-------
Thanks to jpetazzo for [dind](https://github.com/jpetazzo/dind) and to #docker & bitcoin-dev IRC users for the help&assistance!
* added documentation & scripts for full automation of gitian bitcoin builds 2014-06-03 08:27:47 +00:00			`Gitian host docker container`
			`============================`
* completed documentation * added prefix to image tags 2014-06-02 00:01:18 +00:00
* added generation of gitian-host-vms image * simplified necessary steps * fixed issue with parallel package missing 2014-06-07 10:22:30 +00:00			`The provided [Dockerfile](http://docs.docker.io/reference/builder/) allows to generate a [gitian-builder](https://gitian.org/) host image, that can subsequently be used for reproducible builds using LXC VMs.`
* completed documentation * added prefix to image tags 2014-06-02 00:01:18 +00:00
* added (horrible) diagram 2014-06-03 09:04:51 +00:00			`How this works:`
			`<img src="diagram.png">`
* completed documentation * added prefix to image tags 2014-06-02 00:01:18 +00:00
* added generation of gitian-host-vms image * simplified necessary steps * fixed issue with parallel package missing 2014-06-07 10:22:30 +00:00			`Some of the discussions leading to the creation of this set of Dockerfiles/scripts are available on [this issue](https://github.com/devrandom/gitian-builder/issues/53).`

			`Preamble`
			`--------`

			`It is necessary that before you using these scripts you read them and understand what they do.`
			`Why? Because your goal is to create a gitian build (deterministic) that has not been tampered with, thus trust shall be correctly attributed during your process.`

* added Debian Archive keyring * added questions to user about keyring differences/trust * added documentation notes about the Debian Archive keyring 2014-06-07 10:57:59 +00:00			`For example, in this repository I provide the [Debian Archive keyring](../keyrings/debian-archive-keyring.gpg) that is used for the original debootstrap,`
			`however you must verify its authenticity and that it is exactly [as provided officially by Debian](https://packages.debian.org/wheezy/all/debian-archive-keyring/download)`
			`in order to continue using a trusted chain of systems.`

* added generation of gitian-host-vms image * simplified necessary steps * fixed issue with parallel package missing 2014-06-07 10:22:30 +00:00			`See also:`
			`- https://gitian.org/`
			`- https://en.wikipedia.org/wiki/Web_of_trust`
			`- http://www.dwheeler.com/trusting-trust/`
			`- https://www.debian.org/`
* added Debian Archive keyring * added questions to user about keyring differences/trust * added documentation notes about the Debian Archive keyring 2014-06-07 10:57:59 +00:00			`- https://wiki.debian.org/SecureApt`
* added generation of gitian-host-vms image * simplified necessary steps * fixed issue with parallel package missing 2014-06-07 10:22:30 +00:00			`- https://www.docker.io/`
			`- http://www.ubuntu.com/`
* completed documentation * added prefix to image tags 2014-06-02 00:01:18 +00:00
			`How to build the image`
			`----------------------`
* added generation of gitian-host-vms image * simplified necessary steps * fixed issue with parallel package missing 2014-06-07 10:22:30 +00:00			`Images have not been pushed images to my [Docker Registry](https://index.docker.io/) account, this is on purpose because even if generated images have my repository prefix ('gdm85/') you are supposed`
			`to create them from scratch.`
* completed documentation * added prefix to image tags 2014-06-02 00:01:18 +00:00
			`NOTE: you must have debootstrap on your real host to run this script successfully, and also make sure you have a keyring with APT keys, see also https://wiki.debian.org/SecureApt`

* added generation of gitian-host-vms image * simplified necessary steps * fixed issue with parallel package missing 2014-06-07 10:22:30 +00:00			`First steps:`
			`- run scripts/build-wheezy.sh to get a Debian Wheezy image debootstrapped from Debian repositories.`
			`- run scripts/create-gitian-host.sh, this will simply build the Dockerfile that installs the few necessary dependencies inside the prepared image, plus generate a second image with the i386 and amd64 VMs (see [build-base-vms.sh](build-base-vms.sh)).`

			`NOTE: when I say "run", what I really mean is "read the script, study it for your own learning purposes, then run it" ;)`
* improve readability 2015-01-14 09:48:59 +00:00
* added generation of gitian-host-vms image * simplified necessary steps * fixed issue with parallel package missing 2014-06-07 10:22:30 +00:00			`After steps above you will have prepared a full gitian builder environment for deterministic builds.`
			`The image that contains the VMs is called gdm85/gitian-host-vms; in future you can spawn containers with this image for new gitian-builder environments.`
* completed documentation * added prefix to image tags 2014-06-02 00:01:18 +00:00
* added generation of gitian-host-vms image * simplified necessary steps * fixed issue with parallel package missing 2014-06-07 10:22:30 +00:00			`Example:`
* completed documentation * added prefix to image tags 2014-06-02 00:01:18 +00:00			```
			`$ scripts/spawn-gitian-host.sh`
			`You can now SSH into container 8a955ff5607b62d4c295745f27bbc38f2e8e011ea93053e641617d50ad2aa5a2:`
* proper fix for SSH environment pollution (see https://bugzilla.mindrot.org/show_bug.cgi?id=1285) 2014-06-06 10:17:13 +00:00			`ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.2`
* completed documentation * added prefix to image tags 2014-06-02 00:01:18 +00:00			`$`
			```
* added generation of gitian-host-vms image * simplified necessary steps * fixed issue with parallel package missing 2014-06-07 10:22:30 +00:00			`This will create a privileged running container that you can access with the SSH command displayed.`
* added documentation & scripts for full automation of gitian bitcoin builds 2014-06-03 08:27:47 +00:00
			`Derived images`
			`--------------`
Correct link to gitian bitcoin host container 2014-06-28 14:53:58 +00:00			`A [bitcoin gitian host container](../gitian-bitcoin-host/README.md) is available.`
* completed documentation * added prefix to image tags 2014-06-02 00:01:18 +00:00
			`Credits`
			`-------`
* improve readability 2015-01-14 09:48:59 +00:00			`Thanks to jpetazzo for [dind](https://github.com/jpetazzo/dind) and to #docker & bitcoin-dev IRC users for the help&assistance!`