Support docker for gitian builds

Building with docker is arguably easier and more familiar to most people
than either kvm, or lxc.

This commit also relaxes the back compat requirement a bit. 32 bit linux
now uses glibc version 2.0. Also, the docker shell could not handle gcc arguments
containing spaces, so the explicit '-DFELT_TYPE' declaration was dropped.

Lastly, this removes some packages from the osx descriptor.
This commit is contained in:
TheCharlatan 2019-02-09 14:43:01 +01:00
parent 31bdf7bd11
commit 4a9257b464
No known key found for this signature in database
GPG key ID: 9B79B45691DB4173
5 changed files with 62 additions and 21 deletions

View file

@ -687,7 +687,6 @@ else()
endif() endif()
if(BACKCOMPAT) if(BACKCOMPAT)
add_definitions(-DFDELT_TYPE=long\ int)
add_linker_flag_if_supported(-Wl,--wrap=__divmoddi4 LD_BACKCOMPAT_FLAGS) add_linker_flag_if_supported(-Wl,--wrap=__divmoddi4 LD_BACKCOMPAT_FLAGS)
add_linker_flag_if_supported(-Wl,--wrap=glob LD_BACKCOMPAT_FLAGS) add_linker_flag_if_supported(-Wl,--wrap=glob LD_BACKCOMPAT_FLAGS)
message(STATUS "Using Lib C back compat flags: ${LD_BACKCOMPAT_FLAGS}") message(STATUS "Using Lib C back compat flags: ${LD_BACKCOMPAT_FLAGS}")

View file

@ -1,7 +1,7 @@
Gitian building Gitian building
================ ================
*Setup instructions for a Gitian build of Monero using a VM or physical system.* *Setup instructions for a Gitian build of Monero.*
Gitian is the deterministic build process that is used to build the Monero CLI Gitian is the deterministic build process that is used to build the Monero CLI
executables. It provides a way to be reasonably sure that the executables. It provides a way to be reasonably sure that the
@ -13,6 +13,10 @@ Multiple developers build the source code by following a specific descriptor
These results are compared and only if they match, the build is accepted and provided These results are compared and only if they match, the build is accepted and provided
for download. for download.
Gitian runs compilation steps in an isolated container. It is flexible and gives you full
control over the build environment, while still ensuring reproducibility and consistent output
formats.
More independent Gitian builders are needed, which is why this guide exists. More independent Gitian builders are needed, which is why this guide exists.
It is preferred you follow these steps yourself instead of using someone else's It is preferred you follow these steps yourself instead of using someone else's
VM image to avoid 'contaminating' the build. VM image to avoid 'contaminating' the build.
@ -22,11 +26,17 @@ Preparing the Gitian builder host
The first step is to prepare the host environment that will be used to perform the Gitian builds. The first step is to prepare the host environment that will be used to perform the Gitian builds.
This guide explains how to set up the environment, and how to start the builds. This guide explains how to set up the environment, and how to start the builds.
Gitian offers to build with either `kvm`, `docker` or `lxc`. The default build
path chosen is `lxc`, but its setup is more complicated. You need to be logged in as the `gitianuser`.
If this user does not exist yet on your system, create it. Gitian can use
either kvm, lxc or docker as a host environment. This documentation will show
how to build with lxc and docker. While the docker setup is easy, the lxc setup
is more involved.
Gitian builds are for now executed on Ubuntu 18.04 "Bionic Beaver". A solution is being worked on to run LXC
it in docker in the future. Please run Ubuntu in either a VM, or on your physical machine. ---
You need to be logged in as the `gitianuser` in order to build gitian builds. If this user does not exist yet on your system,
create it. LXC builds should be run on Ubuntu 18.04 "Bionic Beaver".
Note that a version of `lxc-execute` higher or equal to 2.1.1 is required. Note that a version of `lxc-execute` higher or equal to 2.1.1 is required.
You can check the version with `lxc-execute --version`. You can check the version with `lxc-execute --version`.
@ -63,15 +73,28 @@ reboot
This setup is required to enable networking in the container. This setup is required to enable networking in the container.
Docker
------
Building in docker does not require much setup. Install docker on your host, then type the following:
```bash
sudo apt-get install git make curl
sudo usermod -aG docker gitianuser
```
Manual and Building Manual and Building
------------------- -------------------
The instructions below use the automated script [gitian-build.py](https://github.com/betcoin/bitcoin/blob/master/contrib/gitian-build.py) which only works in Ubuntu.
It calls all available descriptors. Help for the build steps taken can be accessed with `./gitian-build.py --help`. The instructions below use the automated script [gitian-build.py](gitian-build.py) which only works in Ubuntu.
It calls all available .yml descriptors, which in turn pass the build configurations for different platforms to gitian.
Help for the build steps taken can be accessed with `./gitian-build.py --help`.
Initial Gitian Setup Initial Gitian Setup
-------------------- --------------------
The `gitian-build.py` script will checkout different release tags, so it's best to copy it:
The `gitian-build.py` script will checkout different release tags, so it's best to copy it to the top level directory:
```bash ```bash
cp monero/contrib/gitian/gitian-build.py . cp monero/contrib/gitian/gitian-build.py .
@ -79,11 +102,16 @@ cp monero/contrib/gitian/gitian-build.py .
Setup the required environment, you only need to do this once: Setup the required environment, you only need to do this once:
``` ```bash
./gitian-build.py --setup fluffypony v0.14.0 ./gitian-build.py --setup fluffypony v0.14.0
``` ```
Where `fluffypony` is your Github name and `v0.14.0` is the version tag you want to build. Where `fluffypony` is your Github name and `v0.14.0` is the version tag you want to build.
If you are using docker, run it with:
```bash
./gitian-build.py --setup --docker fluffypony v0.14.0
```
While gitian and this build script does provide a way for you to sign the build directly, it is recommended to sign in a seperate step. While gitian and this build script does provide a way for you to sign the build directly, it is recommended to sign in a seperate step.
This script is only there for convenience. Seperate steps for building can still be taken. This script is only there for convenience. Seperate steps for building can still be taken.
@ -98,9 +126,11 @@ git remote add fluffypony git@github.com:fluffypony/gitian.sigs.git
Build Binaries Build Binaries
----------------------------- -----------------------------
To build the most recent tag: To build the most recent tag (pass in `--docker` after setting up with docker):
`./gitian-build.py --detach-sign --no-commit -b fluffypony v0.14.0` ```bash
./gitian-build.py --detach-sign --no-commit -b fluffypony v0.14.0
```
To speed up the build, use `-j 5 -m 5000` as the first arguments, where `5` is the number of CPU's you allocated to the VM plus one, and 5000 is a little bit less than then the MB's of RAM you allocated. If there is memory corruption on your machine, try to tweak these values. To speed up the build, use `-j 5 -m 5000` as the first arguments, where `5` is the number of CPU's you allocated to the VM plus one, and 5000 is a little bit less than then the MB's of RAM you allocated. If there is memory corruption on your machine, try to tweak these values.
@ -108,7 +138,7 @@ If all went well, this produces a number of (uncommited) `.assert` files in the
If you do detached, offline signing, you need to copy these uncommited changes to your host machine, where you can sign them. For example: If you do detached, offline signing, you need to copy these uncommited changes to your host machine, where you can sign them. For example:
``` ```bash
export NAME=fluffypony export NAME=fluffypony
export VERSION=v0.14.0 export VERSION=v0.14.0
gpg --output $VERSION-linux/$NAME/monero-linux-$VERSION-build.assert.sig --detach-sign $VERSION-linux/$NAME/monero-linux-$VERSION-build.assert gpg --output $VERSION-linux/$NAME/monero-linux-$VERSION-build.assert.sig --detach-sign $VERSION-linux/$NAME/monero-linux-$VERSION-build.assert
@ -119,7 +149,7 @@ gpg --output $VERSION-win-unsigned/$NAME/monero-win-$VERSION-build.assert.sig --
Make a pull request (both the `.assert` and `.assert.sig` files) to the Make a pull request (both the `.assert` and `.assert.sig` files) to the
[monero-project/gitian.sigs](https://github.com/monero-project/gitian.sigs/) repository: [monero-project/gitian.sigs](https://github.com/monero-project/gitian.sigs/) repository:
``` ```bash
git checkout -b v0.14.0 git checkout -b v0.14.0
git commit -S -a -m "Add $NAME v0.14.0" git commit -S -a -m "Add $NAME v0.14.0"
git push --set-upstream $NAME v0.14.0 git push --set-upstream $NAME v0.14.0
@ -131,3 +161,19 @@ git push --set-upstream $NAME v0.14.0
gpg --detach-sign ${VERSION}-osx-unsigned/${SIGNER}/monero-osx-*-build.assert gpg --detach-sign ${VERSION}-osx-unsigned/${SIGNER}/monero-osx-*-build.assert
``` ```
More Build Options
------------------
You can choose your own remote and commit hash by running for example:
```bash
./gitian-build.py --detach-sign --no-commit --url https://github.com/moneromooo-monero/bitmonero -b moneromooo 1f5680c8db8f4cc7acc04a04c724b832003440fd
```
Note that you won't be able to build commits authored before the gitian scripts
were added. Gitian clones the source files from the given url, be sure to push
to the remote you provide before building.
To get all build options run:
```bash
./gitian-build.py --help
```

View file

@ -116,7 +116,7 @@ def main():
parser.add_argument('-D', '--detach-sign', action='store_true', dest='detach_sign', help='Create the assert file for detached signing. Will not commit anything.') parser.add_argument('-D', '--detach-sign', action='store_true', dest='detach_sign', help='Create the assert file for detached signing. Will not commit anything.')
parser.add_argument('-n', '--no-commit', action='store_false', dest='commit_files', help='Do not commit anything to git') parser.add_argument('-n', '--no-commit', action='store_false', dest='commit_files', help='Do not commit anything to git')
parser.add_argument('signer', help='GPG signer to sign each build assert file') parser.add_argument('signer', help='GPG signer to sign each build assert file')
parser.add_argument('version', help='Version number, commit, or branch to build. If building a commit or branch, the -c option must be specified') parser.add_argument('version', help='Version number, commit, or branch to build.')
args = parser.parse_args() args = parser.parse_args()
workdir = os.getcwd() workdir = os.getcwd()

View file

@ -12,21 +12,17 @@ packages:
- "git" - "git"
- "pkg-config" - "pkg-config"
- "autoconf" - "autoconf"
- "librsvg2-bin"
- "libtiff-tools"
- "libtool" - "libtool"
- "automake" - "automake"
- "faketime" - "faketime"
- "bsdmainutils" - "bsdmainutils"
- "cmake" - "cmake"
- "imagemagick"
- "libcap-dev" - "libcap-dev"
- "libz-dev" - "libz-dev"
- "libbz2-dev" - "libbz2-dev"
- "python" - "python"
- "python-dev" - "python-dev"
- "python-setuptools" - "python-setuptools"
- "fonts-tuffy"
remotes: remotes:
- "url": "https://github.com/monero-project/monero.git" - "url": "https://github.com/monero-project/monero.git"
"dir": "monero" "dir": "monero"

View file

@ -82,7 +82,7 @@ __explicit_bzero_chk (void *dst, size_t len, size_t dstlen)
#undef glob #undef glob
extern "C" int glob_old(const char * pattern, int flags, int (*errfunc) (const char *epath, int eerrno), glob_t *pglob); extern "C" int glob_old(const char * pattern, int flags, int (*errfunc) (const char *epath, int eerrno), glob_t *pglob);
#ifdef __i386__ #ifdef __i386__
__asm__(".symver glob_old,glob@GLIBC_2.1"); __asm__(".symver glob_old,glob@GLIBC_2.0");
#elif defined(__amd64__) #elif defined(__amd64__)
__asm__(".symver glob_old,glob@GLIBC_2.2.5"); __asm__(".symver glob_old,glob@GLIBC_2.2.5");
#elif defined(__arm__) #elif defined(__arm__)