contrib: create Guix container with interactive abilities

2024-12-26 12:32:48 +01:00 · 2023-06-27 14:50:42 +00:00 · 2023-06-27 14:50:42 +00:00 · 38b8344ea5
commit 38b8344ea5
parent 0e53540f64
6 changed files with 163 additions and 0 deletions
--- a/contrib/containers/guix/Dockerfile
+++ b/contrib/containers/guix/Dockerfile
@ -0,0 +1,91 @@
 # Note: Using 'docker compose up' will leave you hanging, you need
 #       to use 'docker compose run guix_ubuntu' to drop into an
 #       interactive shell
 FROM ubuntu:focal
 SHELL ["/bin/bash", "-c"]
 RUN apt-get update && \
    apt-get install -y --no-install-recommends --no-upgrade \
    build-essential \
    bzip2 \
    ca-certificates \
    curl \
    git \
    locales \
    netbase \
    sudo \
    wget \
    xz-utils && \
    rm -rf /var/lib/apt/lists/*
 ARG guix_download_path=ftp://ftp.gnu.org/gnu/guix
 ARG guix_version=1.4.0
 ARG guix_checksum_aarch64=72d807392889919940b7ec9632c45a259555e6b0942ea7bfd131101e08ebfcf4
 ARG guix_checksum_x86_64=236ca7c9c5958b1f396c2924fcc5bc9d6fdebcb1b4cf3c7c6d46d4bf660ed9c9
 ARG builder_count=32
 ENV PATH /usr/local/bin:/usr/local/guix/current/bin:$PATH
 # Application Setup
 # https://guix.gnu.org/manual/en/html_node/Application-Setup.html
 ENV GUIX_LOCPATH="/usr/local/guix/profile" \
    LC_ALL="C"
 RUN guix_file_name=guix-binary-${guix_version}.$(uname -m)-linux.tar.xz          && \
    eval "guix_checksum=\${guix_checksum_$(uname -m)}"                           && \
    cd /tmp                                                                      && \
    wget -q -O "$guix_file_name" "${guix_download_path}/${guix_file_name}"       && \
    echo "${guix_checksum}  ${guix_file_name}" | sha256sum -c                    && \
    tar xJf "$guix_file_name"                                                    && \
    mv var/guix /var/                                                            && \
    mv gnu /                                                                     && \
    mkdir -p /usr/local/guix                                                     && \
    ln -sf /var/guix/profiles/per-user/root/current-guix /usr/local/guix/current && \
    ln -sf /var/guix/profiles/per-user/root/guix-profile /usr/local/guix/profile && \
    chmod 1777 /tmp /var/tmp                                                     && \
    source /usr/local/guix/current/etc/profile
 RUN touch /etc/nsswitch.conf
 RUN guix archive --authorize < /usr/local/guix/current/share/guix/ci.guix.gnu.org.pub && \
    guix archive --authorize < /usr/local/guix/current/share/guix/bordeaux.guix.gnu.org.pub
 # Build Environment Setup
 # https://guix.gnu.org/manual/en/html_node/Build-Environment-Setup.html
 RUN groupadd --system guixbuild && \
    for i in $(seq -w 1 ${builder_count}); do    \
      useradd -g guixbuild -G guixbuild          \
              -d /var/empty -s $(which nologin)  \
              -c "Guix build user ${i}" --system \
              "guixbuilder${i}" ;                \
    done
 # Create unprivileged user
 ARG USER_ID=1000 \
    GROUP_ID=1000 \
    USERNAME=ubuntu
 RUN groupadd -g ${GROUP_ID} ${USERNAME} && \
    useradd -u ${USER_ID} -g ${USERNAME} -s /bin/bash -m -d /home/${USERNAME} ${USERNAME}
 # Grant it passwordless admin permissions
 RUN usermod -aG sudo ${USERNAME} && \
    echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
 # Copy required files to container
 COPY ./motd.txt           /etc/motd
 COPY ./scripts/entrypoint /usr/local/bin/entrypoint
 COPY ./scripts/guix-check /usr/local/bin/guix-check
 COPY ./scripts/guix-start /usr/local/bin/guix-start
 # Create directory for mounting and grant necessary permissions
 RUN mkdir -p /src/dash && \
    chown -R ${USER_ID}:${GROUP_ID} /src
 WORKDIR "/src/dash"
 # Switch to unprivileged context
 USER ${USERNAME}
 # Set entrypoint to copied file
 ENTRYPOINT ["/usr/local/bin/entrypoint"]
--- a/contrib/containers/guix/docker-compose.yml
+++ b/contrib/containers/guix/docker-compose.yml
@ -0,0 +1,16 @@
 version: "3.9"
 services:
  guix_ubuntu:
    build:
      context: '.'
      dockerfile: './Dockerfile'
      args:
        USER_ID: 1000   # set this to $(id -u) of the host
        GROUP_ID: 1000  # set this to $(id -g) of the host
    container_name: guix_ubuntu
    tty: true
    stdin_open: true
    privileged: true
    network_mode: host
    volumes:
      - "../../..:/src/dash:rw"
--- a/contrib/containers/guix/motd.txt
+++ b/contrib/containers/guix/motd.txt
@ -0,0 +1,4 @@
 #####################################################
 To get started, run 'guix-start' and then calculate
 hashes using 'guix-check'
 #####################################################
--- a/contrib/containers/guix/scripts/entrypoint
+++ b/contrib/containers/guix/scripts/entrypoint
@ -0,0 +1,15 @@
 #!/usr/bin/env bash
 set -eo pipefail
 # Read instructions
 cat /etc/motd
 # Start the Guix daemon
 sudo env PATH=${PATH} guix-daemon \
  --build-users-group='guixbuild' \
  --substitute-urls='https://bordeaux.guix.gnu.org https://ci.guix.gnu.org' < /dev/null 2>&1 |
  sudo tee /var/log/guix.log > /dev/null &
 # Hand over control
 exec bash
--- a/contrib/containers/guix/scripts/guix-check
+++ b/contrib/containers/guix/scripts/guix-check
@ -0,0 +1,17 @@
 #!/usr/bin/env bash
 set -eo pipefail
 cd /src/dash
 COMMIT_ID=$(git rev-parse --short=12 HEAD)
 printf "Binaries:\n"
 ( \
 SRC_PATH_PREFIX=guix-build-${COMMIT_ID}/distsrc- && \
 sha256sum ${SRC_PATH_PREFIX}*/src/dash{d,-cli,-tx,-wallet}{,.exe} && \
 sha256sum ${SRC_PATH_PREFIX}*/src/qt/dash-qt{,.exe} && \
 sha256sum ${SRC_PATH_PREFIX}*/src/test/test_dash{,.exe} \
 ) | sort -k 2
 printf "Archives:\n"
 find guix-build-"${COMMIT_ID}"/output -type f | grep -v SHA256 | xargs sha256sum | sort -k 2
--- a/contrib/containers/guix/scripts/guix-start
+++ b/contrib/containers/guix/scripts/guix-start
@ -0,0 +1,20 @@
 #!/usr/bin/env bash
 set -eo pipefail
 XCODE_VERSION="12.1"
 XCODE_RELEASE="12A7403"
 XCODE_ARCHIVE="Xcode-${XCODE_VERSION}-${XCODE_RELEASE}-extracted-SDK-with-libcxx-headers"
 # Check if macOS SDK is present, if not, download it
 if [ ! -d "/src/dash/depends/SDKs/${XCODE_ARCHIVE}" ]
 then
    mkdir -p /src/dash/depends/SDKs
    curl -L https://bitcoincore.org/depends-sources/sdks/${XCODE_ARCHIVE}.tar.gz | tar -xz -C /src/dash/depends/SDKs
 fi
 cd /src/dash
 git status >> /dev/null
 git config --global --add safe.directory /src/dash
 ./contrib/guix/guix-build