-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
93 lines (70 loc) · 2.38 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
ARG UBUNTU_DIST=""
ARG REFERENCE_LOC=/bin/geth-reference
ARG REPRODUCE_LOC=/bin/geth-reproduce
FROM ubuntu:${UBUNTU_DIST} as builder
ARG REFERENCE_LOC
ARG REPRODUCE_LOC
# Artifact spec
ARG OS=""
ARG ARCH=""
ARG GETH_VERSION=""
ARG COMMIT=""
ARG SHORT_COMMIT=""
# Toolchain spec
ARG GO_VERSION=""
ARG BUILD_CMD=""
ARG TOOLCHAIN_DEPS=""
# Environment spec
ARG URL_SLUG=""
ARG GOARM=""
ARG ELF_TARGET=""
ARG UTIL_DEPS=""
# For cross compilation, CGO must initially be disabled to avoid error
# CGO is enabled later on in the geth build script
ARG CGO_ENABLED=""
# Install packages
RUN apt-get update && apt-get install -yq --no-install-recommends --force-yes \
${TOOLCHAIN_DEPS} \
${UTIL_DEPS}
#RUN ln -s /usr/include/asm-generic /usr/include/asm
# Install Go
RUN wget https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz && \
rm -rf /usr/local/go && \
tar -C /usr/local -xzf go${GO_VERSION}.linux-amd64.tar.gz
ENV PATH=$PATH:/usr/local/go/bin
# Fetch reference binary and strip symbols + build ids
ENV BIN_DIR=${URL_SLUG}
ENV TAR_DIR="${BIN_DIR}.tar.gz"
ENV REF_URL="https://gethstore.blob.core.windows.net/builds/${TAR_DIR}"
RUN wget ${REF_URL} && \
tar -xvf ${TAR_DIR} && \
cd ${BIN_DIR} && \
strip --input-target=${ELF_TARGET} --remove-section .note.go.buildid --remove-section .note.gnu.build-id geth && \
mv geth ${REFERENCE_LOC}
# Copy local geth repo
ENV GETH_SRC_DIR=./tmp/go-ethereum
ENV GETH_DIR=/go-ethereum
COPY ${GETH_SRC_DIR} ${GETH_DIR}
# Rebuild the reference binary
WORKDIR ${GETH_DIR}
RUN git fetch && git checkout -b geth-reproduce ${COMMIT} && \
${BUILD_CMD} ./cmd/geth
# Strip symbols and build ids
WORKDIR ${GETH_DIR}/build/bin
RUN strip --input-target=${ELF_TARGET} --remove-section .note.go.buildid --remove-section .note.gnu.build-id geth && \
mv geth ${REPRODUCE_LOC}
# Second stage build for compact final image
FROM alpine:latest
# Copy produced binaries
ARG REFERENCE_LOC
ARG REPRODUCE_LOC
COPY --from=builder ${REFERENCE_LOC} ${REFERENCE_LOC}
COPY --from=builder ${REPRODUCE_LOC} ${REPRODUCE_LOC}
# Get binary comparison script
#TODO send in as ARG
ENV SCRIPT_SRC=./internal/scripts/compare_binary_SHA.sh
ENV COMPARE_SCRIPT=/bin/compare_binary_SHA.sh
COPY ${SCRIPT_SRC} ${COMPARE_SCRIPT}
RUN chmod +x ${COMPARE_SCRIPT}
# Run binary verification/comparison on run
CMD ["/bin/compare_binary_SHA.sh", "/bin/geth-reference", "/bin/geth-reproduce"]