Skip to content

Commit

Permalink
Fix bitcoin build instructions
Browse files Browse the repository at this point in the history
  • Loading branch information
@bigspider
bigspider committed Sep 9, 2024
1 parent 3606a87 commit ee4ca1f
Showing 1 changed file with 6 additions and 8 deletions.
14 changes: 6 additions & 8 deletions .github/workflows/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,24 +7,22 @@ FROM ghcr.io/ledgerhq/speculos:latest
RUN apt update -y && apt install -y git curl

# install autotools bitcoin-core build dependencies
RUN apt install -y automake autotools-dev bsdmainutils build-essential ccache git libboost-dev libboost-filesystem-dev libboost-system-dev libboost-test-dev libevent-dev libminiupnpc-dev libnatpmp-dev libqt5gui5 libqt5core5a libqt5dbus5 libsqlite3-dev libtool libzmq3-dev pkg-config python3 qttools5-dev qttools5-dev-tools qtwayland5 systemtap-sdt-dev
RUN apt install -y bsdmainutils build-essential cmake pkg-config ccache git libboost-dev libboost-filesystem-dev libboost-system-dev libboost-test-dev libevent-dev libminiupnpc-dev libnatpmp-dev libqt5gui5 libqt5core5a libqt5dbus5 libsqlite3-dev libtool libzmq3-dev pkg-config python3 qttools5-dev qttools5-dev-tools qtwayland5 systemtap-sdt-dev

Check warning on line 10 in .github/workflows/Dockerfile

View check run for this annotation

Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner

Run Using apt 

Rule ID: 853ed0e2-f329-4e58-95bb-9094a29691a7
Severity: Medium
Resource: FROM={{ghcr.io/ledgerhq/speculos:latest}}.{{RUN apt install -y bsdmainutils build-essential cmake pkg-config ccache git libboost-dev libboost-filesystem-dev libboost-system-dev libboost-test-dev libevent-dev libminiupnpc-dev libnatpmp-dev libqt5gui5 libqt5core5a libqt5dbus5 libsqlite3-dev libtool libzmq3-dev pkg-config python3 qttools5-dev qttools5-dev-tools qtwayland5 systemtap-sdt-dev}}

apt is discouraged by the Linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stable apt-get and apt-cache
Raw output 
Expected: RUN instructions should not use the 'apt' program
Found: RUN instruction is invoking the 'apt' program

# clone bitcoin-core from github and compile it
RUN cd / && \
git clone --depth=1 https://github.com/bitcoin/bitcoin.git && \
cd bitcoin && \
./autogen.sh && \
./configure --enable-suppress-external-warnings && \
make -j "$(($(nproc)+1))" && \
mkdir bin && \
cp src/bitcoind src/bitcoin-cli src/bitcoin-tx src/bitcoin-util src/bitcoin-wallet ./bin
cmake -B build && \
cmake --build build && \
cmake --install build


FROM ghcr.io/ledgerhq/speculos:latest
COPY --from=0 /bitcoin/bin /bitcoin/bin
COPY --from=0 /usr/local/bin/ /usr/local/bin/

Check warning on line 22 in .github/workflows/Dockerfile

View check run for this annotation

Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner

COPY '--from' Without FROM Alias Defined Previously 

Rule ID: 3cc68033-2ce9-4f64-9949-a0d36aeff197
Severity: Medium
Resource: FROM={{ghcr.io/ledgerhq/speculos:latest}}.{{COPY --from=0 /usr/local/bin/ /usr/local/bin/}}

COPY command with the flag '--from' should mention a previously defined FROM alias
Raw output 
Expected: COPY '--from' should reference a previously defined FROM alias
Found: COPY '--from' does not reference a previously defined FROM alias

# install runtime dependencies for bitcoind
RUN apt update -y && apt install -y libminiupnpc-dev libminiupnpc-dev libnatpmp-dev libevent-dev libzmq3-dev

# Add bitcoin binaries to path
ENV PATH=/bitcoin/bin:$PATH
ENV PATH=/usr/local/bin/:$PATH

0 comments on commit ee4ca1f

Please sign in to comment.