Merge pull request #25 from jamesob/22.0-update

jamesob · web-flow · commit fb7daad11e6f · 2022-06-30T12:46:44.000-04:00
Support 22.0+
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 FROM buildpack-deps:buster-curl as builder
-LABEL MAINTAINER="James O'Beirne <mail@jameso.be>"
+LABEL MAINTAINER="James O'Beirne <wild-dockerbitcoind@au92.org>"
 
 # This buildarg can be set during container build time with --build-arg VERSION=[version]
 ARG VERSION=0.20.1
diff --git a/bin/build_tag_push.sh b/bin/build_tag_push.sh
@@ -2,15 +2,22 @@
 
 set -eu
 
-VERSIONS=$(./bin/get-bitcoin.sh 2>&1 | grep '^  0' | tr -d '  ')
+VERSIONS_ABOVE=${VERSIONS_ABOVE:-0.0}
+VERSIONS=$(./bin/get-bitcoin.sh 2>&1 | grep '^  ' | tr -d '  ')
 
-docker login
+docker login docker.io
 
 for ver in $VERSIONS; do
+
+  if ! [[ "$ver" > "$VERSIONS_ABOVE" ]]; then
+      echo "--- skipping version $ver"
+      continue
+  fi
+
   echo "--- building bitcoin $ver"
   echo
   echo
   docker build -t "jamesob/bitcoind:${ver}" --build-arg "VERSION=${ver}" .
   read -p "Push? (y/N): " confirm && [[ $confirm == [yY] ]] && \
-  docker push "jamesob/bitcoind:${ver}"
+  docker push "jamesob/bitcoind:${ver}" "docker://docker.io/jamesob/bitcoind:${ver}"
 done
diff --git a/bin/get-bitcoin.sh b/bin/get-bitcoin.sh
@@ -27,6 +27,12 @@ VERSIONS=(
 0.19.1
 0.20.0
 0.20.1
+0.20.2
+0.21.0
+0.21.1
+0.21.2
+22.0
+23.0
 )
 
 err() {
@@ -57,24 +63,59 @@ if [ -z "${VERSION}" ]; then
   exit 1
 fi
 
+set -x
+
 TMPDIR=$(mktemp -d)
 cd "$TMPDIR"
 
-# Verify this signing key fingerprint here:
-#
-#   https://github.com/bitcoin/bitcoin/tree/master/contrib/verifybinaries
+# Verify signing key fingerprints here:
 #
-gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 01EA5486DE18A882D4C2684590C8019E36C2E964
+#   https://github.com/bitcoin/bitcoin/tree/master/contrib/builder-keys
 
 curl -O "${URL_BASE}/SHA256SUMS.asc"
 curl -O "${URL_BASE}/${FILENAME}"
 
-sha256sum --ignore-missing --check SHA256SUMS.asc \
-  | tee - | grep -o "${FILENAME}: OK"
-
-gpg --verify SHA256SUMS.asc >gpg_verify_out 2>&1
-grep '^gpg: Good signature from "Wladimir J. van der Laan' gpg_verify_out
-grep '^Primary key fingerprint: 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964' gpg_verify_out
+# In version 22.0, release signing changed from a single key signing in 
+# SHA256SUMS.asc to multiple keys signing SHA256SUMS. 
+#
+# See here for more information: https://github.com/bitcoin/bitcoin/pull/23020
+
+if [[ "$VERSION" < "22.0" ]]; then
+  gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 01EA5486DE18A882D4C2684590C8019E36C2E964
+  sha256sum --ignore-missing --check SHA256SUMS.asc \
+    | tee - | grep -o "${FILENAME}: OK"
+  gpg --verify SHA256SUMS.asc >gpg_verify_out 2>&1
+  grep '^gpg: Good signature from "Wladimir J. van der Laan' gpg_verify_out
+  grep '^Primary key fingerprint: 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964' gpg_verify_out
+
+else
+  # See bitcoin/contrib/builder-keys/keys.txt for current values.
+  #
+  # I've chosen a subset of builder keys here who are well-known and reliably 
+  # sign for releases.
+
+  # Wladimir
+  gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 71A3B16735405025D447E8F274810B012346C9A6
+  # Hebasto
+  gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys D1DBF2C4B96F2DEBF4C16654410108112E7EA81F
+  # Fanquake
+  gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys E777299FC265DD04793070EB944D35F9AC3DB76A
+
+  curl -O "${URL_BASE}/SHA256SUMS"
+  gpg --verify SHA256SUMS.asc SHA256SUMS >gpg_verify_out 2>&1 || true
+  cat gpg_verify_out
+
+  grep '^gpg: Good signature from "Wladimir J. van der Laan' gpg_verify_out
+  grep '^Primary key fingerprint: 71A3 B167 3540 5025 D447  E8F2 7481 0B01 2346 C9A6' gpg_verify_out
+
+  grep '^gpg: Good signature from "Hennadii Stepanov' gpg_verify_out
+  grep '^Primary key fingerprint: D1DB F2C4 B96F 2DEB F4C1  6654 4101 0811 2E7E A81F' gpg_verify_out
+
+  grep '^gpg: Good signature from "Michael Ford' gpg_verify_out
+  grep '^Primary key fingerprint: E777 299F C265 DD04 7930  70EB 944D 35F9 AC3D B76A' gpg_verify_out
+
+  sha256sum --ignore-missing --check SHA256SUMS | tee - | grep -o "${FILENAME}: OK"
+fi
 
 tar -xzvf "${FILENAME}"
 DIR=$(find . -name 'bitcoin-*' -type d | head -n 1)
