From 5bb3e263e25077cd02e6f425468ad8823f0cdd7f Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Thu, 19 Nov 2015 13:11:50 +0100 Subject: [PATCH] build: Make networking work inside LXC builder in gitian-building.md These are changes I needed to get gitian building to work with Debian 8.2, which is the version we tell to use. - Set up NAT, so that container can access network beyond host - Remove explicit cgroup setup - these are mounted automatically now - gitian: Need `ca-certificates` and `python` for LXC builds Github-Pull: #7060 Rebased-From: 99fda26de0661afcbe43d5e862c382e3c2e3aa5e 3b468a0e609147c7d7afd8ed97bf271f2356daef --- contrib/gitian-descriptors/gitian-linux.yml | 2 ++ contrib/gitian-descriptors/gitian-osx.yml | 2 ++ contrib/gitian-descriptors/gitian-win.yml | 2 ++ doc/gitian-building.md | 6 +++--- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index 80571fb05..d13ae8b10 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -15,6 +15,8 @@ packages: - "faketime" - "bsdmainutils" - "binutils-gold" +- "ca-certificates" +- "python" reference_datetime: "2016-01-01 00:00:00" remotes: - "url": "https://github.com/bitcoin/bitcoin.git" diff --git a/contrib/gitian-descriptors/gitian-osx.yml b/contrib/gitian-descriptors/gitian-osx.yml index 8064804b9..81888dea0 100644 --- a/contrib/gitian-descriptors/gitian-osx.yml +++ b/contrib/gitian-descriptors/gitian-osx.yml @@ -18,6 +18,8 @@ packages: - "libcap-dev" - "libz-dev" - "libbz2-dev" +- "ca-certificates" +- "python" reference_datetime: "2016-01-01 00:00:00" remotes: - "url": "https://github.com/bitcoin/bitcoin.git" diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index 1475cd7eb..66077e0d5 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -18,6 +18,8 @@ packages: - "g++-mingw-w64" - "nsis" - "zip" +- "ca-certificates" +- "python" reference_datetime: "2016-01-01 00:00:00" remotes: - "url": "https://github.com/bitcoin/bitcoin.git" diff --git a/doc/gitian-building.md b/doc/gitian-building.md index 019e85169..e3fb94438 100644 --- a/doc/gitian-building.md +++ b/doc/gitian-building.md @@ -259,15 +259,15 @@ adduser debian sudo Then set up LXC and the rest with the following, which is a complex jumble of settings and workarounds: ```bash -# the version of lxc-start in Debian 7.4 needs to run as root, so make sure +# the version of lxc-start in Debian needs to run as root, so make sure # that the build script can execute it without providing a password echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc -# add cgroup for LXC -echo "cgroup /sys/fs/cgroup cgroup defaults 0 0" >> /etc/fstab # make /etc/rc.local script that sets up bridge between guest and host echo '#!/bin/sh -e' > /etc/rc.local echo 'brctl addbr br0' >> /etc/rc.local echo 'ifconfig br0 10.0.3.2/24 up' >> /etc/rc.local +echo 'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' >> /etc/rc.local +echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >> /etc/rc.local echo 'exit 0' >> /etc/rc.local # make sure that USE_LXC is always set when logging in as debian, # and configure LXC IP addresses