Skip to content

Commit 1e10908

Browse files
jenniferbergerjenniferberger
committed
reproducible build of binary artifacts
- create a container definition for the android npk - install java and gradle - bash script to download, check, compile and verify artifacts - build boost - build ssl (using the logic from build-all-arch) so that the openssl version can be increased correct OpenSSL checksum for 1.0.2o - build monero using the m2049r/monero repository with the latest tag - build apk using the m2049r/xmrwallet repository with the latest tag - compile checksums from non-volitale files, skipping META-INF directories from apk and check them with a artifacts-verification version
1 parent f50629f commit 1e10908

File tree

6 files changed

+767
-46
lines changed

6 files changed

+767
-46
lines changed

external-libs/build/.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
artifacts/
2+
distfiles/
3+
.docker_image

external-libs/build/Dockerfile

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
###############################
2+
# Dockerfile to build xmrwallet
3+
###############################
4+
FROM ubuntu:18.04
5+
MAINTAINER miner2049er@women-at-work.org
6+
7+
ENV NDK=android-ndk-r16b \
8+
NDK_SUM=bcdea4f5353773b2ffa85b5a9a2ae35544ce88ec5b507301d8cf6a76b765d901 \
9+
SDK_TOOL_FILE=sdk-tools-linux-3859397.zip \
10+
SDK_TOOL_SUM=444e22ce8ca0f67353bda4b85175ed3731cae3ffa695ca18119cbacef1c1bea0 \
11+
GRADLE_VERSION=4.7 \
12+
GRADLE_SUM=fca5087dc8b50c64655c000989635664a73b11b9bd3703c7d6cabd31b7dcdb04 \
13+
GRADLE_HOME=/opt/gradle
14+
ENV NDK_FILE=${NDK}-linux-x86_64.zip \
15+
GRADLE_FILE=gradle-${GRADLE_VERSION}-bin.zip
16+
17+
# prepare ubuntu environment
18+
RUN apt-get update \
19+
&& apt-get --no-install-recommends --yes install \
20+
ca-certificates \
21+
cmake \
22+
g++ \
23+
make \
24+
pkg-config \
25+
graphviz \
26+
doxygen \
27+
git \
28+
curl \
29+
libtool-bin \
30+
autoconf \
31+
build-essential cmake tofrodos \
32+
wget unzip python \
33+
openjdk-8-jdk
34+
35+
# install android ndk
36+
RUN mkdir /opt/android \
37+
&& cd /opt/android \
38+
&& wget https://dl.google.com/android/repository/${NDK_FILE} \
39+
&& echo "${NDK_SUM} ${NDK_FILE}" > /tmp/ndk_sum_signed \
40+
&& sha256sum -c /tmp/ndk_sum_signed \
41+
&& unzip "${NDK_FILE}" \
42+
&& rm -rf "${NDK_FILE}"
43+
44+
# prepare standalone toolchain
45+
RUN cd /opt/android \
46+
&& /opt/android/${NDK}/build/tools/make_standalone_toolchain.py \
47+
--api 21 --stl=libc++ --arch arm --install-dir /opt/android/tool/arm \
48+
&& /opt/android/${NDK}/build/tools/make_standalone_toolchain.py \
49+
--api 21 --stl=libc++ --arch arm64 --install-dir /opt/android/tool/arm64 \
50+
&& /opt/android/${NDK}/build/tools/make_standalone_toolchain.py \
51+
--api 21 --stl=libc++ --arch x86 --install-dir /opt/android/tool/x86 \
52+
&& /opt/android/${NDK}/build/tools/make_standalone_toolchain.py \
53+
--api 21 --stl=libc++ --arch x86_64 --install-dir /opt/android/tool/x86_64
54+
55+
# install android sdk CLI tool
56+
RUN mkdir /opt/android/sdk \
57+
&& cd /opt/android/sdk \
58+
&& wget https://dl.google.com/android/repository/${SDK_TOOL_FILE} \
59+
&& echo "${SDK_TOOL_SUM} ${SDK_TOOL_FILE}" > /tmp/sdk_tool_sum_signed \
60+
&& sha256sum -c /tmp/sdk_tool_sum_signed \
61+
&& unzip "${SDK_TOOL_FILE}" \
62+
&& rm -rf "${SDK_TOOL_FILE}"
63+
64+
# accept sdk license
65+
RUN yes | /opt/android/sdk/tools/bin/sdkmanager --licenses
66+
67+
# install recent gradle
68+
RUN cd /opt/ \
69+
&& wget https://services.gradle.org/distributions/${GRADLE_FILE} \
70+
&& echo "${GRADLE_SUM} ${GRADLE_FILE}" > /tmp/gradle_sum_signed \
71+
&& sha256sum -c /tmp/gradle_sum_signed \
72+
&& unzip "${GRADLE_FILE}" \
73+
&& rm -rf "${GRADLE_FILE}" \
74+
&& mv "gradle-${GRADLE_VERSION}" "gradle"
75+
76+
# prepare reproduceable build container
77+
ADD build-artifacts.sh /usr/local/bin/build-artifacts.sh
78+
79+
RUN chmod +x /usr/local/bin/build-artifacts.sh
80+
81+
ENTRYPOINT ["/usr/local/bin/build-artifacts.sh"]

external-libs/build/Makefile

Lines changed: 88 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
#!/usr/bin/env make
2+
3+
.PHONY: clean all
4+
5+
clean:
6+
rm -rf artifacts || true
7+
rm -rf artifacts-verification || true
8+
rm -rf distfiles || true
9+
rm .docker_image || true
10+
11+
all: distfiles artifacts/packages.checksum
12+
13+
distfiles: .docker_image
14+
docker run --rm -it \
15+
-v $(shell pwd)/distfiles:/var/src/distfiles \
16+
xmrwallet_build /bin/bash /usr/local/bin/build-artifacts.sh \
17+
download
18+
19+
artifacts/openssl: distfiles
20+
mkdir -p artifacts/openssl
21+
docker run --rm -it \
22+
-v $(shell pwd)/artifacts:/var/src/artifacts \
23+
-v $(shell pwd)/distfiles:/var/src/distfiles:ro \
24+
xmrwallet_build /bin/bash /usr/local/bin/build-artifacts.sh \
25+
openssl
26+
27+
artifacts/boost: distfiles
28+
mkdir -p artifacts/boost
29+
docker run --rm -it \
30+
-v $(shell pwd)/artifacts:/var/src/artifacts \
31+
-v $(shell pwd)/distfiles:/var/src/distfiles:ro \
32+
xmrwallet_build /bin/bash /usr/local/bin/build-artifacts.sh \
33+
boost
34+
35+
artifacts/monero: artifacts/boost artifacts/openssl
36+
mkdir -p artifacts/monero
37+
docker run --rm -it \
38+
-v $(shell pwd)/artifacts:/var/src/artifacts \
39+
-v $(shell pwd)/distfiles:/var/src/distfiles:ro \
40+
xmrwallet_build /bin/bash /usr/local/bin/build-artifacts.sh \
41+
monero
42+
43+
artifacts/apk: artifacts/monero
44+
mkdir -p artifacts/apk
45+
docker run --rm -it \
46+
-v $(shell pwd)/artifacts:/var/src/artifacts \
47+
-v $(shell pwd)/distfiles:/var/src/distfiles:ro \
48+
xmrwallet_build /bin/bash /usr/local/bin/build-artifacts.sh \
49+
apk
50+
51+
artifacts/packages.checksum: artifacts/apk
52+
docker run --rm -it \
53+
-v $(shell pwd)/artifacts:/var/src/artifacts \
54+
-v $(shell pwd)/distfiles:/var/src/distfiles:ro \
55+
xmrwallet_build /bin/bash /usr/local/bin/build-artifacts.sh \
56+
checksum
57+
58+
artifactsd: distfiles
59+
@echo "debugable build - enters the container and requires you to execute the commands"
60+
mkdir -p artifacts
61+
mkdir -p distfiles
62+
docker run --rm -it \
63+
-v $(shell pwd)/artifacts:/var/src/artifacts \
64+
-v $(shell pwd)/artifacts-verification:/var/src/artifacts-verification \
65+
-v $(shell pwd)/distfiles:/var/src/distfiles \
66+
-v $(shell pwd)/build-artifacts.sh:/usr/local/bin/build-artifacts.sh \
67+
--entrypoint /bin/bash \
68+
xmrwallet_build
69+
70+
artifacts-verification: distfiles artifacts/packages.checksum
71+
@echo "running a verification build that compares with a previous artifacts build"
72+
mkdir -p artifacts-verification
73+
mkdir -p distfiles
74+
docker run --rm -it \
75+
-v $(shell pwd)/artifacts-verification:/var/src/artifacts \
76+
-v $(shell pwd)/distfiles:/var/src/distfiles:ro \
77+
xmrwallet_build /bin/bash /usr/local/bin/build-artifacts.sh \
78+
openssl boost monero apk checksum
79+
80+
docker run --rm -it \
81+
-v $(shell pwd)/artifacts-verification:/var/src/artifacts-verification:ro \
82+
-v $(shell pwd)/artifacts:/var/src/artifacts:ro \
83+
xmrwallet_build /bin/bash /usr/local/bin/build-artifacts.sh \
84+
verify
85+
86+
.docker_image: build-artifacts.sh
87+
docker build . -t xmrwallet_build
88+
touch .docker_image

0 commit comments

Comments
 (0)