From 3749058c21ed5d3ba3676dd8828f07c44cb76465 Mon Sep 17 00:00:00 2001 From: theborakompanioni Date: Fri, 18 Dec 2020 16:15:31 +0100 Subject: [PATCH 1/4] feature: verify sha512 checksum of downloaded electrum executable --- CHECKSUM_SHA512 | 1 + Dockerfile | 16 ++++++++++++---- Makefile | 2 ++ 3 files changed, 15 insertions(+), 4 deletions(-) create mode 100644 CHECKSUM_SHA512 diff --git a/CHECKSUM_SHA512 b/CHECKSUM_SHA512 new file mode 100644 index 0000000..601bf4f --- /dev/null +++ b/CHECKSUM_SHA512 @@ -0,0 +1 @@ +5f756da4d2df59c69997925c69f651011def07bfbdbc582f492ecc19386eee7d79b9951732a792e6041da902d776052d6590cbd2d7004bc93c8406bcf9093fe6 diff --git a/Dockerfile b/Dockerfile index 2311022..15fb041 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,7 @@ FROM python:3.7-alpine ARG BUILD_DATE ARG VCS_REF ARG VERSION +ARG CHECKSUM_SHA512 LABEL maintainer="osintsev@gmail.com" \ org.label-schema.vendor="Distirbuted Solutions, Inc." \ org.label-schema.build-date=$BUILD_DATE \ @@ -22,10 +23,17 @@ ENV ELECTRUM_USER electrum ENV ELECTRUM_PASSWORD electrumz # XXX: CHANGE REQUIRED! ENV ELECTRUM_HOME /home/$ELECTRUM_USER -RUN apk --update-cache add --virtual build-dependencies gcc musl-dev && \ - adduser -D $ELECTRUM_USER && \ - pip3 install https://download.electrum.org/${ELECTRUM_VERSION}/Electrum-${ELECTRUM_VERSION}.tar.gz && \ - apk del build-dependencies +# IMPORTANT: always verify gpg signature before changing a hash here! +ENV ELECTRUM_CHECKSUM_SHA512 $CHECKSUM_SHA512 + +RUN adduser -D $ELECTRUM_USER && \ + apk --no-cache add --virtual build-dependencies gcc musl-dev && \ + wget https://download.electrum.org/${ELECTRUM_VERSION}/Electrum-${ELECTRUM_VERSION}.tar.gz && \ + [ "${ELECTRUM_CHECKSUM_SHA512} Electrum-${ELECTRUM_VERSION}.tar.gz" = "$(sha512sum Electrum-${ELECTRUM_VERSION}.tar.gz)" ] && \ + echo -e "**************************\n SHA 512 Checksum OK\n**************************" && \ + pip3 install Electrum-${ELECTRUM_VERSION}.tar.gz && \ + rm -f Electrum-${ELECTRUM_VERSION}.tar.gz && \ + apk del build-dependencies RUN mkdir -p ${ELECTRUM_HOME}/.electrum/ /data && \ ln -sf ${ELECTRUM_HOME}/.electrum/ /data && \ diff --git a/Makefile b/Makefile index 5f992ed..4c138a1 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ ELECTRUM_VERSION = $(strip $(shell cat VERSION)) +ELECTRUM_CHECKSUM_SHA512 = $(strip $(shell cat CHECKSUM_SHA512)) GIT_COMMIT = $(strip $(shell git rev-parse --short HEAD)) DOCKER_IMAGE ?= osminogin/electrum-daemon @@ -16,6 +17,7 @@ docker_build: @docker build \ --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \ --build-arg VERSION=$(ELECTRUM_VERSION) \ + --build-arg CHECKSUM_SHA512=$(ELECTRUM_CHECKSUM_SHA512) \ --build-arg VCS_REF=$(GIT_COMMIT) \ -t $(DOCKER_IMAGE):$(DOCKER_TAG) . From 13bf6b89ac81d6693c6e18d6096ba5a35b8d636a Mon Sep 17 00:00:00 2001 From: theborakompanioni Date: Sat, 19 Dec 2020 19:05:36 +0100 Subject: [PATCH 2/4] upgrade base image from python:3.7-alpine to python:3.9.1-alpine --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2311022..ab13ec9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.7-alpine +FROM python:3.9.1-alpine ARG BUILD_DATE ARG VCS_REF From 2e0f7546151b387fad978378b3ac558be0ebc8a2 Mon Sep 17 00:00:00 2001 From: theborakompanioni Date: Sun, 20 Dec 2020 19:42:03 +0100 Subject: [PATCH 3/4] feature: support regtest and simnet networks adds the ability to specify the network electrum will run on. this commit introduces a new environment variable ELECTRUM_NETWORK that can hold "mainnet", "testnet", "regtest" or "simnet" as value, while keeping support for the existing environment variable TESTNET. --- Dockerfile | 1 + docker-entrypoint.sh | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2311022..cff38b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,6 +21,7 @@ ENV ELECTRUM_VERSION $VERSION ENV ELECTRUM_USER electrum ENV ELECTRUM_PASSWORD electrumz # XXX: CHANGE REQUIRED! ENV ELECTRUM_HOME /home/$ELECTRUM_USER +ENV ELECTRUM_NETWORK mainnet RUN apk --update-cache add --virtual build-dependencies gcc musl-dev && \ adduser -D $ELECTRUM_USER && \ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index c2f9d25..284636e 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,11 +1,16 @@ #!/usr/bin/env sh set -ex -# Testnet support -if [ "$TESTNET" = true ]; then +# Network switch +if [ "$TESTNET" = true ] || [ "$ELECTRUM_NETWORK" = "testnet" ]; then FLAGS='--testnet' +elif [ "$ELECTRUM_NETWORK" = "regtest" ]; then + FLAGS='--regtest' +elif [ "$ELECTRUM_NETWORK" = "simnet" ]; then + FLAGS='--simnet' fi + # Graceful shutdown trap 'pkill -TERM -P1; electrum daemon stop; exit 0' SIGTERM From 4b0c578da88342114ac1880d1585717ca816d67f Mon Sep 17 00:00:00 2001 From: theborakompanioni Date: Wed, 23 Dec 2020 15:16:54 +0100 Subject: [PATCH 4/4] feature: create wallet directories adds the ability to easily copy wallet files in the container. this is a precondition for a potentially implemented wallet auto-loading feature. --- Dockerfile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9a07c96..f281cad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,9 +36,13 @@ RUN adduser -D $ELECTRUM_USER && \ rm -f Electrum-${ELECTRUM_VERSION}.tar.gz && \ apk del build-dependencies -RUN mkdir -p ${ELECTRUM_HOME}/.electrum/ /data && \ +RUN mkdir -p /data \ + ${ELECTRUM_HOME}/.electrum/wallets/ \ + ${ELECTRUM_HOME}/.electrum/testnet/wallets/ \ + ${ELECTRUM_HOME}/.electrum/regtest/wallets/ \ + ${ELECTRUM_HOME}/.electrum/simnet/wallets/ && \ ln -sf ${ELECTRUM_HOME}/.electrum/ /data && \ - chown ${ELECTRUM_USER} ${ELECTRUM_HOME}/.electrum /data + chown -R ${ELECTRUM_USER} ${ELECTRUM_HOME}/.electrum /data USER $ELECTRUM_USER WORKDIR $ELECTRUM_HOME