|
|
|
|
ARG VERSION="0.19.1"
|
|
|
|
|
|
|
|
|
|
ARG LEGACY_BITCOIN_CORE_RELEASE_KEY="01EA5486DE18A882D4C2684590C8019E36C2E964"
|
|
|
|
|
ARG ANDREW_CHOW="152812300785C96444D3334D17565732E08E5E41"
|
|
|
|
|
ARG JON_ATACK="82921A4B88FD454B7EB8CE3C796C4109063D4EAF"
|
|
|
|
|
ARG JONAS_SCHNELLI="32EE5C4C3FA15CCADB46ABE529D4BCB6416F53EC"
|
|
|
|
|
ARG MATT_CORALLO="07DF3E57A548CCFB7530709189BBB8663E2E65CE"
|
|
|
|
|
ARG LUKE_DASHJR="E463A93F5F3117EEDE6C7316BD02942421F4889F"
|
|
|
|
|
ARG PETER_TODD="37EC7D7B0A217CDB4B4E007E7FAB114267E4FA04"
|
|
|
|
|
ARG PIETER_WUILLE="133EAC179436F14A5CF1B794860FEB804E669320"
|
|
|
|
|
ARG SJORS_PROVOOST="ED9BDF7AD6A55E232E84524257FF9BDBCC301009"
|
|
|
|
|
ARG KEYS="${LEGACY_BITCOIN_CORE_RELEASE_KEY} ${ANDREW_CHOW} ${JON_ATACK} ${JONAS_SCHNELLI} ${MATT_CORALLO} ${LUKE_DASHJR} ${PETER_TODD} ${PIETER_WUILLE} ${SJORS_PROVOOST}"
|
|
|
|
|
|
|
|
|
|
# Build stage
|
|
|
|
|
FROM --platform=$BUILDPLATFORM debian:stable-slim as builder
|
|
|
|
|
LABEL maintainer="Luke Childs <lukechilds123@gmail.com>"
|
|
|
|
|
|
|
|
|
|
ARG TARGETARCH
|
|
|
|
|
|
|
|
|
|
ARG ARCH
|
|
|
|
|
ARG VERSION
|
|
|
|
|
ARG KEYS
|
|
|
|
|
|
|
|
|
|
WORKDIR /build
|
|
|
|
|
|
|
|
|
|
RUN echo "Installing build deps"
|
|
|
|
|
RUN apt-get update
|
|
|
|
|
RUN apt-get install -y wget pgp
|
|
|
|
|
|
|
|
|
|
RUN echo "Deriving tarball name from \$TARGETARCH"
|
|
|
|
|
RUN [ "${TARGETARCH}" = "amd64" ] && echo "bitcoin-${VERSION}-x86_64-linux-gnu.tar.gz" > /tarball-name || true
|
|
|
|
|
RUN [ "${TARGETARCH}" = "arm64" ] && echo "bitcoin-${VERSION}-aarch64-linux-gnu.tar.gz" > /tarball-name || true
|
|
|
|
|
RUN [ "${TARGETARCH}" = "arm" ] && echo "bitcoin-${VERSION}-arm-linux-gnueabihf.tar.gz" > /tarball-name || true
|
|
|
|
|
RUN echo "Tarball name: $(cat /tarball-name)"
|
|
|
|
|
|
|
|
|
|
RUN echo "Downloading release assets"
|
|
|
|
|
RUN wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/$(cat /tarball-name)
|
|
|
|
|
RUN wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS.asc
|
|
|
|
|
# This file only exists after v22 so allow it to fail
|
|
|
|
|
RUN wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS || true
|
|
|
|
|
RUN echo "Downloaded release assets:" && ls
|
|
|
|
|
|
|
|
|
|
RUN echo "Verifying PGP signatures"
|
|
|
|
|
RUN gpg --keyserver keyserver.ubuntu.com --recv-keys $KEYS
|
|
|
|
|
RUN gpg --verify SHA256SUMS.asc 2>&1 >/dev/null | grep "^gpg: Good signature from" || { echo "No valid signature"; exit 1; }
|
|
|
|
|
RUN echo "PGP signature verification passed"
|
|
|
|
|
|
|
|
|
|
RUN echo "Verifying checksums"
|
|
|
|
|
RUN [ -f SHA256SUMS ] && cp SHA256SUMS /sha256sums || cp SHA256SUMS.asc /sha256sums
|
|
|
|
|
RUN grep $(cat /tarball-name) /sha256sums | sha256sum -c
|
|
|
|
|
RUN echo "Chucksums verified ok"
|
|
|
|
|
|
|
|
|
|
RUN echo "Extracting release assets"
|
|
|
|
|
RUN tar -zxvf $(cat /tarball-name) --strip-components=1
|
|
|
|
|
|
|
|
|
|
# Final image
|
|
|
|
|
FROM debian:stable-slim
|
|
|
|
|
|
|
|
|
|
COPY --from=builder /build/bin/bitcoind /bin
|
|
|
|
|
COPY --from=builder /build/bin/bitcoin-cli /bin
|
|
|
|
|
|
|
|
|
|
ENV HOME /data
|
|
|
|
|
VOLUME /data/.bitcoin
|
|
|
|
|
|
|
|
|
|
EXPOSE 8332 8333 18332 18333 18443 18444
|
|
|
|
|
|
|
|
|
|
ENTRYPOINT ["bitcoind"]
|
