From 35611fb24e37880e27c7db3c594b2596da8e0fc3 Mon Sep 17 00:00:00 2001 From: gdm85 Date: Fri, 6 Jun 2014 12:17:13 +0200 Subject: [PATCH] * proper fix for SSH environment pollution (see https://bugzilla.mindrot.org/show_bug.cgi?id=1285) --- docker/gitian-bitcoin-host/Dockerfile | 5 ++--- docker/gitian-bitcoin-host/README.md | 6 ++---- docker/gitian-bitcoin-host/build-bitcoin.sh | 19 +++++++++---------- docker/gitian-host/Dockerfile | 6 ++---- docker/gitian-host/README.md | 2 +- docker/scripts/spawn-gitian-bitcoin-host.sh | 2 +- docker/scripts/spawn-gitian-host.sh | 2 +- 7 files changed, 18 insertions(+), 24 deletions(-) diff --git a/docker/gitian-bitcoin-host/Dockerfile b/docker/gitian-bitcoin-host/Dockerfile index 1514a53..80eebf8 100644 --- a/docker/gitian-bitcoin-host/Dockerfile +++ b/docker/gitian-bitcoin-host/Dockerfile @@ -11,11 +11,10 @@ RUN apt-get install -y parallel patch ADD gitian.patch /home/debian/ -WORKDIR /home/debian - ## patch to allow paralle creation of VMs -RUN cd gitian-builder && patch -p1 < ../gitian.patch +RUN cd /home/debian/gitian-builder && patch -p1 < ../gitian.patch +ADD input-sources/ /home/debian/input-sources/ ADD build-bitcoin.sh /home/debian/ ADD sign.sh /home/debian/ diff --git a/docker/gitian-bitcoin-host/README.md b/docker/gitian-bitcoin-host/README.md index 2706b31..c22e7ca 100644 --- a/docker/gitian-bitcoin-host/README.md +++ b/docker/gitian-bitcoin-host/README.md @@ -34,13 +34,11 @@ This script will create the running docker container and provide details about h ``` $ scripts/spawn-gitian-bitcoin-host.sh You can now SSH into container 3bc0d0611374ca4d4730fd5fb1067808b1bcfd072ec7cf029393a7fd99ec856e: -ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.3 +ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.3 $ ``` -Use this specific SSH command line to get a shell in the container and proceed to next steps. - -**NOTE:** the SendEnv= is there to overcome an [issue](https://github.com/devrandom/gitian-builder/issues/56) in gitian-builder that allows pollution of the LXC environment. +You can use this specific SSH command line to get a shell in the container and proceed to next steps. Preparing the gitian environment -------------------------------- diff --git a/docker/gitian-bitcoin-host/build-bitcoin.sh b/docker/gitian-bitcoin-host/build-bitcoin.sh index bcee26a..e291062 100755 --- a/docker/gitian-bitcoin-host/build-bitcoin.sh +++ b/docker/gitian-bitcoin-host/build-bitcoin.sh @@ -1,5 +1,4 @@ #!/bin/bash -set -e if [[ ! $# -eq 1 ]]; then echo "Please specify version" 1>&2 @@ -8,12 +7,12 @@ fi VERSION="$1" -git clone https://github.com/bitcoin/bitcoin.git -cd bitcoin -git checkout v${VERSION} +git clone https://github.com/bitcoin/bitcoin.git && \ +cd bitcoin && \ +git checkout v${VERSION} || exit $? -cd ../gitian-builder -mkdir -p inputs; cd inputs/ +cd ../gitian-builder && \ +mkdir -p inputs && cd inputs/ || exit $? ## get each dependency ## they are validated afterwards by gbuild @@ -21,12 +20,12 @@ while read -r URL FNAME; do if [ -z "$URL" ]; then continue fi - wget --no-check-certificate "$URL" -O "$FNAME" -done < ../input-sources/${VERSION}.txt + wget --no-check-certificate "$URL" -O "$FNAME" || exit $? +done < ../input-sources/${VERSION}.txt || exit $? cd .. -./bin/gbuild ../bitcoin/contrib/gitian-descriptors/boost-linux.yml +./bin/gbuild ../bitcoin/contrib/gitian-descriptors/boost-linux.yml || exit $? mv build/out/boost-*.zip inputs/ -./bin/gbuild ../bitcoin/contrib/gitian-descriptors/deps-linux.yml +./bin/gbuild ../bitcoin/contrib/gitian-descriptors/deps-linux.yml || exit $? mv build/out/bitcoin-deps-*.zip inputs/ ./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml diff --git a/docker/gitian-host/Dockerfile b/docker/gitian-host/Dockerfile index 8d140b0..e0cd10b 100644 --- a/docker/gitian-host/Dockerfile +++ b/docker/gitian-host/Dockerfile @@ -51,15 +51,13 @@ RUN wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_ RUN tar -zxvf vm-builder_0.12.4+bzr489.orig.tar.gz && cd vm-builder-0.12.4+bzr489 && python setup.py install ## these must always be loaded when you login as 'debian' user -RUN echo 'export USE_LXC=1' >> .bash_profile -RUN echo 'export GITIAN_HOST_IP=10.0.3.2' >> .bash_profile -RUN echo 'export LXC_GUEST_IP=10.0.3.5' >> .bash_profile +ADD bash_profile /home/debian/.bash_profile ## script used to build base VMs ADD build-base-vms.sh /home/debian/ RUN git clone https://github.com/devrandom/gitian-builder.git --depth=1 -RUN chown -R debian.debian . && chown -R apt-cacher-ng.apt-cacher-ng /var/cache/apt-cacher-ng/ +RUN chown -R debian.debian .bash_profile . && chown -R apt-cacher-ng.apt-cacher-ng /var/cache/apt-cacher-ng/ ## suggested: run this image with mounted volumes for pre-downloaded inputs and apt-cacher-ng cache ## -v inputs:/home/debian/gitian-builder/inputs -v apt-cacher-ng:/var/cache/apt-cacher-ng diff --git a/docker/gitian-host/README.md b/docker/gitian-host/README.md index e6f6158..e8a10ed 100644 --- a/docker/gitian-host/README.md +++ b/docker/gitian-host/README.md @@ -23,7 +23,7 @@ Afterwards you can spawn a gitian-host container as follows: ``` $ scripts/spawn-gitian-host.sh You can now SSH into container 8a955ff5607b62d4c295745f27bbc38f2e8e011ea93053e641617d50ad2aa5a2: -ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.2 +ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.2 $ ``` diff --git a/docker/scripts/spawn-gitian-bitcoin-host.sh b/docker/scripts/spawn-gitian-bitcoin-host.sh index 499bda9..fca047f 100755 --- a/docker/scripts/spawn-gitian-bitcoin-host.sh +++ b/docker/scripts/spawn-gitian-bitcoin-host.sh @@ -6,4 +6,4 @@ CID=$(docker run -d --privileged gdm85/gitian-bitcoin-host) || exit $? IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID) || exit $? echo "You can now SSH into container $CID:" -echo "ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP" +echo "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP" diff --git a/docker/scripts/spawn-gitian-host.sh b/docker/scripts/spawn-gitian-host.sh index 7235795..49d8dd3 100755 --- a/docker/scripts/spawn-gitian-host.sh +++ b/docker/scripts/spawn-gitian-host.sh @@ -6,4 +6,4 @@ CID=$(docker run -d --privileged gdm85/gitian-host) || exit $? IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' $CID) || exit $? echo "You can now SSH into container $CID:" -echo "ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP" +echo "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@$IP"