-
Notifications
You must be signed in to change notification settings - Fork 208
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c3984aa
commit a63ae03
Showing
6 changed files
with
270 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,6 +8,8 @@ jobs: | |
strategy: | ||
matrix: | ||
version: | ||
- '26' | ||
- '26/alpine' | ||
- '25' | ||
- '25/alpine' | ||
- '24' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
FROM debian:bookworm-slim as builder | ||
|
||
LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ | ||
maintainer.1="Pedro Branco (@pedrobranco)" \ | ||
maintainer.2="Rui Marinho (@ruimarinho)" | ||
|
||
RUN apt-get update -y \ | ||
&& apt-get install -y ca-certificates curl git gnupg gosu python3 wget --no-install-recommends \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* | ||
|
||
ARG TARGETPLATFORM | ||
ENV BITCOIN_VERSION=26.1 | ||
ENV SIGS_REPO_URL="https://github.com/bitcoin-core/guix.sigs.git" | ||
ENV SIGS_CLONE_DIR="guix.sigs" | ||
ENV VERIFY_SCRIPT_URL="https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/verify-binaries/verify.py" | ||
ENV TMPDIR="/tmp/bitcoin_verify_binaries" | ||
|
||
RUN set -ex \ | ||
&& if [ "${TARGETPLATFORM}" = "linux/amd64" ]; then export TARGETPLATFORM=x86_64-linux-gnu; fi \ | ||
&& if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then export TARGETPLATFORM=aarch64-linux-gnu; fi \ | ||
&& if [ "${TARGETPLATFORM}" = "linux/arm/v7" ]; then export TARGETPLATFORM=arm-linux-gnueabihf; fi \ | ||
&& git clone ${SIGS_REPO_URL} ${SIGS_CLONE_DIR} \ | ||
&& gpg --import "${SIGS_CLONE_DIR}"/builder-keys/* \ | ||
&& curl -o verify.py ${VERIFY_SCRIPT_URL} \ | ||
&& chmod +x verify.py \ | ||
&& ./verify.py \ | ||
--min-good-sigs 6 pub "${BITCOIN_VERSION}-linux" \ | ||
&& tar -xzf "${TMPDIR}.${BITCOIN_VERSION}-linux/bitcoin-${BITCOIN_VERSION}-${TARGETPLATFORM}.tar.gz" -C /opt \ | ||
&& rm -rf ${SIGS_CLONE_DIR} \ | ||
&& rm -rf ${TMPDIR} \ | ||
&& rm -rf /opt/bitcoin-${BITCOIN_VERSION}/bin/bitcoin-qt | ||
|
||
# Second stage | ||
FROM debian:bookworm-slim | ||
|
||
ARG UID=101 | ||
ARG GID=101 | ||
|
||
ENV BITCOIN_DATA=/home/bitcoin/.bitcoin | ||
ENV BITCOIN_VERSION=26.1 | ||
ENV PATH=/opt/bitcoin-${BITCOIN_VERSION}/bin:$PATH | ||
|
||
RUN groupadd --gid ${GID} bitcoin \ | ||
&& useradd --create-home --no-log-init -u ${UID} -g ${GID} bitcoin \ | ||
&& apt-get update -y \ | ||
&& apt-get install -y gosu --no-install-recommends \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* | ||
|
||
COPY --from=builder /opt/bitcoin-${BITCOIN_VERSION} /opt/bitcoin-${BITCOIN_VERSION} | ||
|
||
COPY docker-entrypoint.sh /entrypoint.sh | ||
|
||
VOLUME ["/home/bitcoin/.bitcoin"] | ||
EXPOSE 8332 8333 18332 18333 18443 18444 38333 38332 | ||
|
||
ENTRYPOINT ["/entrypoint.sh"] | ||
RUN bitcoind -version | grep "Bitcoin Core version v${BITCOIN_VERSION}" | ||
CMD ["bitcoind"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
# Build stage for BerkeleyDB | ||
FROM alpine as berkeleydb | ||
|
||
RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories | ||
RUN apk --no-cache add autoconf | ||
RUN apk --no-cache add automake | ||
RUN apk --no-cache add build-base | ||
RUN apk --no-cache add libressl | ||
|
||
ENV BERKELEYDB_VERSION=db-4.8.30.NC | ||
ENV BERKELEYDB_PREFIX=/opt/${BERKELEYDB_VERSION} | ||
|
||
RUN wget https://download.oracle.com/berkeley-db/${BERKELEYDB_VERSION}.tar.gz | ||
RUN tar -xzf *.tar.gz | ||
RUN sed s/__atomic_compare_exchange/__atomic_compare_exchange_db/g -i ${BERKELEYDB_VERSION}/dbinc/atomic.h | ||
RUN mkdir -p ${BERKELEYDB_PREFIX} | ||
|
||
WORKDIR /${BERKELEYDB_VERSION}/build_unix | ||
|
||
RUN ../dist/configure --enable-cxx --disable-shared --with-pic --prefix=${BERKELEYDB_PREFIX} --build=aarch64-unknown-linux-gnu | ||
RUN make -j4 | ||
RUN make install | ||
RUN rm -rf ${BERKELEYDB_PREFIX}/docs | ||
|
||
# Build stage for Bitcoin Core | ||
FROM alpine as bitcoin-core | ||
|
||
COPY --from=berkeleydb /opt /opt | ||
|
||
RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories | ||
RUN apk --no-cache add autoconf | ||
RUN apk --no-cache add automake | ||
RUN apk --no-cache add boost-dev | ||
RUN apk --no-cache add build-base | ||
RUN apk --no-cache add chrpath | ||
RUN apk --no-cache add file | ||
RUN apk --no-cache add gnupg | ||
RUN apk --no-cache add git | ||
RUN apk --no-cache add libevent-dev | ||
RUN apk --no-cache add libressl | ||
RUN apk --no-cache add libtool | ||
RUN apk --no-cache add linux-headers | ||
RUN apk --no-cache add sqlite-dev | ||
RUN apk --no-cache add zeromq-dev | ||
|
||
ENV BITCOIN_VERSION=26.1 | ||
ENV BITCOIN_PREFIX=/opt/bitcoin-${BITCOIN_VERSION} | ||
ENV BITCOIN_SOURCE_DIR=/bitcoin/src | ||
ENV SIGS_REPO_URL="https://github.com/bitcoin-core/guix.sigs.git" | ||
ENV SIGS_CLONE_DIR="guix.sigs" | ||
ENV VERIFY_SCRIPT_URL="https://github.com/bitcoin/bitcoin/raw/master/contrib/verify-binaries/verify.py" | ||
|
||
WORKDIR /bitcoin | ||
RUN set -ex \ | ||
&& wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/bitcoin-${BITCOIN_VERSION}.tar.gz \ | ||
&& wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS \ | ||
&& wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS.asc \ | ||
&& git clone ${SIGS_REPO_URL} ${SIGS_CLONE_DIR} \ | ||
&& gpg --import "${SIGS_CLONE_DIR}"/builder-keys/* \ | ||
&& wget -O verify.py ${VERIFY_SCRIPT_URL} \ | ||
&& chmod +x verify.py \ | ||
&& ./verify.py bin SHA256SUMS \ | ||
"bitcoin-${BITCOIN_VERSION}.tar.gz" \ | ||
&& mkdir -p ${BITCOIN_SOURCE_DIR} \ | ||
&& tar -xzf "bitcoin-${BITCOIN_VERSION}.tar.gz" -C ${BITCOIN_SOURCE_DIR} \ | ||
&& rm -rf ${SIGS_CLONE_DIR} | ||
|
||
WORKDIR "${BITCOIN_SOURCE_DIR}/bitcoin-${BITCOIN_VERSION}" | ||
|
||
RUN sed -i s:sys/fcntl.h:fcntl.h: src/compat/compat.h | ||
RUN ./autogen.sh | ||
RUN ./configure LDFLAGS=-L`ls -d /opt/db*`/lib/ CPPFLAGS=-I`ls -d /opt/db*`/include/ \ | ||
--prefix=${BITCOIN_PREFIX} \ | ||
--mandir=/usr/share/man \ | ||
--disable-tests \ | ||
--disable-bench \ | ||
--disable-ccache \ | ||
--with-gui=no \ | ||
--with-utils \ | ||
--with-libs \ | ||
--with-sqlite=yes \ | ||
--with-daemon | ||
RUN make -j4 | ||
RUN make install | ||
RUN strip ${BITCOIN_PREFIX}/bin/bitcoin-cli | ||
RUN strip ${BITCOIN_PREFIX}/bin/bitcoin-tx | ||
RUN strip ${BITCOIN_PREFIX}/bin/bitcoind | ||
RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.a | ||
RUN strip ${BITCOIN_PREFIX}/lib/libbitcoinconsensus.so.0.0.0 | ||
|
||
# Build stage for compiled artifacts | ||
FROM alpine | ||
|
||
ARG UID=100 | ||
ARG GID=101 | ||
|
||
LABEL maintainer.0="João Fonseca (@joaopaulofonseca)" \ | ||
maintainer.1="Pedro Branco (@pedrobranco)" \ | ||
maintainer.2="Rui Marinho (@ruimarinho)" | ||
|
||
RUN addgroup bitcoin --gid ${GID} --system | ||
RUN adduser --uid ${UID} --system bitcoin --ingroup bitcoin | ||
RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories | ||
RUN apk --no-cache add \ | ||
libevent \ | ||
libzmq \ | ||
shadow \ | ||
sqlite-dev \ | ||
su-exec | ||
|
||
ENV BITCOIN_DATA=/home/bitcoin/.bitcoin | ||
ENV BITCOIN_VERSION=26.1 | ||
ENV BITCOIN_PREFIX=/opt/bitcoin-${BITCOIN_VERSION} | ||
ENV PATH=${BITCOIN_PREFIX}/bin:$PATH | ||
|
||
COPY --from=bitcoin-core /opt /opt | ||
COPY docker-entrypoint.sh /entrypoint.sh | ||
|
||
VOLUME ["/home/bitcoin/.bitcoin"] | ||
|
||
EXPOSE 8332 8333 18332 18333 18444 | ||
|
||
ENTRYPOINT ["/entrypoint.sh"] | ||
|
||
RUN bitcoind -version | grep "Bitcoin Core version v${BITCOIN_VERSION}" | ||
|
||
CMD ["bitcoind"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
#!/bin/sh | ||
set -e | ||
|
||
if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then | ||
usermod -u "$UID" bitcoin | ||
fi | ||
|
||
if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then | ||
groupmod -g "$GID" bitcoin | ||
fi | ||
|
||
echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" | ||
|
||
if [ $(echo "$1" | cut -c1) = "-" ]; then | ||
echo "$0: assuming arguments for bitcoind" | ||
|
||
set -- bitcoind "$@" | ||
fi | ||
|
||
if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then | ||
mkdir -p "$BITCOIN_DATA" | ||
chmod 700 "$BITCOIN_DATA" | ||
# Fix permissions for home dir. | ||
chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" | ||
# Fix permissions for bitcoin data dir. | ||
chown -R bitcoin:bitcoin "$BITCOIN_DATA" | ||
|
||
echo "$0: setting data directory to $BITCOIN_DATA" | ||
|
||
set -- "$@" -datadir="$BITCOIN_DATA" | ||
fi | ||
|
||
if [ "$1" = "bitcoind" ] || [ "$1" = "bitcoin-cli" ] || [ "$1" = "bitcoin-tx" ]; then | ||
echo | ||
exec su-exec bitcoin "$@" | ||
fi | ||
|
||
echo | ||
exec "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
#!/bin/bash | ||
set -e | ||
|
||
if [ -n "${UID+x}" ] && [ "${UID}" != "0" ]; then | ||
usermod -u "$UID" bitcoin | ||
fi | ||
|
||
if [ -n "${GID+x}" ] && [ "${GID}" != "0" ]; then | ||
groupmod -g "$GID" bitcoin | ||
fi | ||
|
||
echo "$0: assuming uid:gid for bitcoin:bitcoin of $(id -u bitcoin):$(id -g bitcoin)" | ||
|
||
if [ $(echo "$1" | cut -c1) = "-" ]; then | ||
echo "$0: assuming arguments for bitcoind" | ||
|
||
set -- bitcoind "$@" | ||
fi | ||
|
||
if [ $(echo "$1" | cut -c1) = "-" ] || [ "$1" = "bitcoind" ]; then | ||
mkdir -p "$BITCOIN_DATA" | ||
chmod 700 "$BITCOIN_DATA" | ||
# Fix permissions for home dir. | ||
chown -R bitcoin:bitcoin "$(getent passwd bitcoin | cut -d: -f6)" | ||
# Fix permissions for bitcoin data dir. | ||
chown -R bitcoin:bitcoin "$BITCOIN_DATA" | ||
|
||
echo "$0: setting data directory to $BITCOIN_DATA" | ||
|
||
set -- "$@" -datadir="$BITCOIN_DATA" | ||
fi | ||
|
||
if [ "$1" = "bitcoind" ] || [ "$1" = "bitcoin-cli" ] || [ "$1" = "bitcoin-tx" ]; then | ||
echo | ||
exec gosu bitcoin "$@" | ||
fi | ||
|
||
echo | ||
exec "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters