Skip to content

Commit cb6de6a

Browse files
willcl-arkdanvergara
willcl-ark
authored and
danvergara
committed
Use docker buildx bake to build images
This is much cleaner than maintaining a list of complet shell commands.
1 parent 24b4969 commit cb6de6a

File tree

3 files changed

+235
-198
lines changed

3 files changed

+235
-198
lines changed

docker-bake.hcl

Lines changed: 218 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,218 @@
1+
group "all" {
2+
targets = [
3+
"bitcoin-28",
4+
"bitcoin-27",
5+
"bitcoin-26",
6+
"v0-21-1",
7+
"v0-20-0",
8+
"v0-19-2",
9+
"v0-17-0",
10+
"v0-16-1",
11+
"bitcoin-unknown-message",
12+
"bitcoin-invalid-blocks",
13+
"bitcoin-50-orphans",
14+
"bitcoin-no-mp-trim",
15+
"bitcoin-disabled-opcodes",
16+
"bitcoin-5k-inv"
17+
]
18+
}
19+
20+
group "maintained" {
21+
targets = [
22+
"bitcoin-28",
23+
"bitcoin-27",
24+
"bitcoin-26"
25+
]
26+
}
27+
28+
group "practice" {
29+
targets = [
30+
"bitcoin-unknown-message",
31+
"bitcoin-invalid-blocks",
32+
"bitcoin-50-orphans",
33+
"bitcoin-no-mp-trim",
34+
"bitcoin-disabled-opcodes",
35+
"bitcoin-5k-inv"
36+
]
37+
}
38+
39+
group "vulnerable" {
40+
targets = [
41+
"v0-21-1",
42+
"v0-20-0",
43+
"v0-19-2",
44+
"v0-17-0",
45+
"v0-16-1",
46+
]
47+
}
48+
49+
target "maintained-base" {
50+
dockerfile = "./Dockerfile"
51+
context = "./resources/images/bitcoin"
52+
args = {
53+
REPO = "bitcoin"
54+
BUILD_ARGS = "--disable-tests --without-gui --disable-bench --disable-fuzz-binary --enable-suppress-external-warnings "
55+
}
56+
platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7"]
57+
}
58+
59+
target "bitcoin-28" {
60+
inherits = ["maintained-base"]
61+
tags = ["bitcoindevproject/bitcoin:28.0"]
62+
args = {
63+
COMMIT_SHA = "110183746150428e6385880c79f8c5733b1361ba"
64+
}
65+
}
66+
67+
target "bitcoin-27" {
68+
inherits = ["maintained-base"]
69+
tags = ["bitcoindevproject/bitcoin:27.2"]
70+
args = {
71+
COMMIT_SHA = "bf03c458e994abab9be85486ed8a6d8813313579"
72+
}
73+
}
74+
75+
target "bitcoin-26" {
76+
inherits = ["maintained-base"]
77+
tags = ["bitcoindevproject/bitcoin:26.2"]
78+
args = {
79+
COMMIT_SHA = "7b7041019ba5e7df7bde1416aa6916414a04f3db"
80+
}
81+
}
82+
83+
target "practice-base" {
84+
dockerfile = "./Dockerfile"
85+
context = "./resources/images/bitcoin/insecure"
86+
contexts = {
87+
bitcoin-src = "."
88+
}
89+
args = {
90+
ALPINE_VERSION = "3.20"
91+
BITCOIN_VERSION = "28.1.1"
92+
EXTRA_PACKAGES = "sqlite-dev"
93+
EXTRA_RUNTIME_PACKAGES = ""
94+
REPO = "willcl-ark/bitcoin"
95+
}
96+
platforms = ["linux/amd64", "linux/armhf"]
97+
}
98+
99+
target "bitcoin-unknown-message" {
100+
inherits = ["practice-base"]
101+
tags = ["bitcoindevproject/bitcoin:99.0.0-unknown-message"]
102+
args = {
103+
COMMIT_SHA = "ae999611026e941eca5c0b61f22012c3b3f3d8dc"
104+
}
105+
}
106+
107+
target "bitcoin-invalid-blocks" {
108+
inherits = ["practice-base"]
109+
tags = ["bitcoindevproject/bitcoin:98.0.0-invalid-blocks"]
110+
args = {
111+
COMMIT_SHA = "9713324368e5a966ec330389a533ae8ad7a0ea8f"
112+
}
113+
}
114+
115+
target "bitcoin-50-orphans" {
116+
inherits = ["practice-base"]
117+
tags = ["bitcoindevproject/bitcoin:97.0.0-50-orphans"]
118+
args = {
119+
COMMIT_SHA = "cbcb308eb29621c0db3a105e1a1c1788fb0dab6b"
120+
}
121+
}
122+
123+
target "bitcoin-no-mp-trim" {
124+
inherits = ["practice-base"]
125+
tags = ["bitcoindevproject/bitcoin:96.0.0-no-mp-trim"]
126+
args = {
127+
COMMIT_SHA = "a3a15a9a06dd541d1dafba068c00eedf07e1d5f8"
128+
}
129+
}
130+
131+
target "bitcoin-disabled-opcodes" {
132+
inherits = ["practice-base"]
133+
tags = ["bitcoindevproject/bitcoin:95.0.0-disabled-opcodes"]
134+
args = {
135+
COMMIT_SHA = "5bdb8c52a8612cac9aa928c84a499dd701542b2a"
136+
}
137+
}
138+
139+
target "bitcoin-5k-inv" {
140+
inherits = ["practice-base"]
141+
tags = ["bitcoindevproject/bitcoin:94.0.0-5k-inv"]
142+
args = {
143+
COMMIT_SHA = "e70e610e07eea3aeb0c49ae0bd9f4049ffc1b88c"
144+
}
145+
}
146+
147+
target "CVE-base" {
148+
dockerfile = "./Dockerfile"
149+
context = "./resources/images/bitcoin/insecure"
150+
contexts = {
151+
bitcoin-src = "."
152+
}
153+
platforms = ["linux/amd64", "linux/armhf"]
154+
args = {
155+
REPO = "josibake/bitcoin"
156+
}
157+
}
158+
159+
target "v0-16-1" {
160+
inherits = ["CVE-base"]
161+
tags = ["bitcoindevproject/bitcoin:0.16.1"]
162+
args = {
163+
ALPINE_VERSION = "3.7"
164+
BITCOIN_VERSION = "0.16.1"
165+
COMMIT_SHA = "dc94c00e58c60412a4e1a540abdf0b56093179e8"
166+
EXTRA_PACKAGES = "protobuf-dev libressl-dev"
167+
EXTRA_RUNTIME_PACKAGES = "boost boost-program_options libressl"
168+
PRE_CONFIGURE_COMMANDS = "sed -i '/AC_PREREQ/a\\AR_FLAGS=cr' src/univalue/configure.ac && sed -i '/AX_PROG_CC_FOR_BUILD/a\\AR_FLAGS=cr' src/secp256k1/configure.ac && sed -i 's:sys/fcntl.h:fcntl.h:' src/compat.h"
169+
}
170+
}
171+
172+
target "v0-17-0" {
173+
inherits = ["CVE-base"]
174+
tags = ["bitcoindevproject/bitcoin:0.17.0"]
175+
args = {
176+
ALPINE_VERSION = "3.9"
177+
BITCOIN_VERSION = "0.17.0"
178+
COMMIT_SHA = "f6b2db49a707e7ad433d958aee25ce561c66521a"
179+
EXTRA_PACKAGES = "protobuf-dev libressl-dev"
180+
EXTRA_RUNTIME_PACKAGES = "boost boost-program_options libressl sqlite-dev"
181+
}
182+
}
183+
184+
target "v0-19-2" {
185+
inherits = ["CVE-base"]
186+
tags = ["bitcoindevproject/bitcoin:0.19.2"]
187+
args = {
188+
ALPINE_VERSION = "3.12.12"
189+
BITCOIN_VERSION = "0.19.2"
190+
COMMIT_SHA = "e20f83eb5466a7d68227af14a9d0cf66fb520ffc"
191+
EXTRA_PACKAGES = "sqlite-dev libressl-dev"
192+
EXTRA_RUNTIME_PACKAGES = "boost boost-program_options libressl sqlite-dev"
193+
}
194+
}
195+
196+
target "v0-20-0" {
197+
inherits = ["CVE-base"]
198+
tags = ["bitcoindevproject/bitcoin:0.20.0"]
199+
args = {
200+
ALPINE_VERSION = "3.12.12"
201+
BITCOIN_VERSION = "0.20.0"
202+
COMMIT_SHA = "0bbff8feff0acf1693dfe41184d9a4fd52001d3f"
203+
EXTRA_PACKAGES = "sqlite-dev miniupnpc"
204+
EXTRA_RUNTIME_PACKAGES = "boost-filesystem sqlite-dev"
205+
}
206+
}
207+
208+
target "v0-21-1" {
209+
inherits = ["CVE-base"]
210+
tags = ["bitcoindevproject/bitcoin:0.21.1"]
211+
args = {
212+
ALPINE_VERSION = "3.17"
213+
BITCOIN_VERSION = "0.21.1"
214+
COMMIT_SHA = "e0a22f14c15b4877ef6221f9ee2dfe510092d734"
215+
EXTRA_PACKAGES = "sqlite-dev"
216+
EXTRA_RUNTIME_PACKAGES = "boost-filesystem sqlite-dev"
217+
}
218+
}

docs/developer-notes.md

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,3 +72,20 @@ python3 -m build
7272
# Upload to Pypi
7373
python3 -m twine upload dist/*
7474
```
75+
76+
## Building docker images
77+
78+
The Bitcoin Core docker images used by warnet are specified in the *docker-bake.hcl* file.
79+
This uses the (experimental) `bake` build functionality of docker buildx.
80+
We use [HCL language](https://github.com/hashicorp/hcl) in the declaration file itself.
81+
See the `bake` [documentation](https://docs.docker.com/build/bake/) for more information on specifications, and how to e.g. override arguments.
82+
83+
In order to build (or "bake") a certain image, find the image's target (name) in the *docker-bake.hcl* file, and then run `docker buildx bake <target>`.
84+
85+
```bash
86+
# build the dummy image that will crash on 5k invs
87+
docker buildx bake bitcoin-5k-inv
88+
89+
# build the same image, but set platform to only linux/amd64
90+
docker buildx bake bitcoin-5k-inv --set bitcoin-5k-inv.platform=linux/amd64
91+
```

0 commit comments

Comments
 (0)