You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
75 lines
3.5 KiB
Markdown
75 lines
3.5 KiB
Markdown
Building bitcoin with a gitian-builder Docker container
|
|
=======================================================
|
|
|
|
This image allows automated gitian builds of bitcoin using a docker container.
|
|
Before proceeding make sure you have created the necessary *wheezy* and *gitian-host* images, see [these instructions](../gitian-host/README.md) for the creation of both.
|
|
|
|
Afterwards you can create the *gitian-bitcoin-host* image by running [scripts/create-gitian-bitcoin-host.sh](../scripts/create-gitian-bitcoin-host.sh).
|
|
|
|
NOTE: this image currently supports only building of bitcoin 0.9.1, but it can be easily adapted to build other versions.
|
|
You can submit the source lists for other versions as a patch or pull request, see directory [input-sources/](input-sources/) for currently available versions.
|
|
|
|
Preamble
|
|
--------
|
|
|
|
It is **necessary** that before you using these scripts you read them and understand what they do.
|
|
Why? Because your goal is to create a gitian build (deterministic) that has not been tampered with.
|
|
|
|
See also:
|
|
- https://gitian.org/
|
|
- https://en.wikipedia.org/wiki/Web_of_trust
|
|
- http://www.dwheeler.com/trusting-trust/
|
|
- https://www.debian.org/
|
|
- https://www.docker.io/
|
|
- http://www.ubuntu.com/
|
|
|
|
Spawning a container
|
|
--------------------
|
|
|
|
You can spawn a new container for Gitian bitcoin builds with:
|
|
|
|
- [scripts/spawn-gitian-bitcoin-host.sh](scripts/spawn-gitian-bitcoin-host.sh)
|
|
|
|
This script will create the running docker container and provide details about how to connect via SSH to the container, example:
|
|
```
|
|
$ scripts/spawn-gitian-bitcoin-host.sh
|
|
You can now SSH into container 3bc0d0611374ca4d4730fd5fb1067808b1bcfd072ec7cf029393a7fd99ec856e:
|
|
ssh -o SendEnv= -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no debian@172.17.0.3
|
|
$
|
|
```
|
|
|
|
Use this specific SSH command line to get a shell in the container and proceed to next steps.
|
|
|
|
**NOTE:** the SendEnv= is there to overcome an [issue](https://github.com/devrandom/gitian-builder/issues/56) in gitian-builder that allows pollution of the LXC environment.
|
|
|
|
Preparing the gitian environment
|
|
--------------------------------
|
|
|
|
First prepare the base VMs inside the gitian host container by running:
|
|
|
|
- [./build-base-vms.sh](../gitian-host/build-base-vms.sh)
|
|
|
|
This operation will take a while; afterwards you can proceed to building bitcoin with:
|
|
|
|
- [./build-bitcoin.sh](build-bitcoin.sh) 0.9.1
|
|
|
|
Notice the parameter 0.9.1, that is the version we are going to build.
|
|
|
|
[build-bitcoin.sh](build-bitcoin.sh) is a script that will download & build all the dependencies and then bitcoin itself, for both i386 and amd64 Linux architectures.
|
|
|
|
Signing
|
|
-------
|
|
|
|
Now you have completed the build of bitcoin and only the signing part is left.
|
|
Before doing that, you can verify if signatures are matching with those of [other developers](https://github.com/bitcoin/gitian.sigs) by peeking inside *~/gitian.sigs* of the running container.
|
|
|
|
In order to sign you have to either put your private key in the container's *~/.gnupg* or perform the signing externally, at your option.
|
|
|
|
If you have the private key in the container (also displayed by `gpg -K`), then you can use the [sign.sh](sign.sh) script that is already in the running container, otherwise
|
|
run it (with failure) and then copy the *~/gitian.sigs~ directory to another machine to apply the GPG signature.
|
|
|
|
Submitting your signature
|
|
-------------------------
|
|
|
|
If everything went well, you can fork the [gitian sigs repo](https://github.com/bitcoin/gitian.sigs), commit your signatures and submit a pull request for inclusion.
|