bitcoind: v26.0 handle gpg failure

- gpg returns error code 2 for untrusted keys accept it for now - refresh gpg keys - directory changes for configure.ac file Signed-off-by: Lakshya Singh <lakshay.singh1108@gmail.com>
2024-03-13 22:09:24 +05:30 · 2024-03-13 22:09:24 +05:30 · aee7a57c95
commit aee7a57c95
parent 5002b0bb29
2 changed files with 22 additions and 13 deletions
--- a/bitcoind/Dockerfile
+++ b/bitcoind/Dockerfile
@ -25,30 +25,27 @@ RUN mkdir $GNUPGHOME && set -ex \
    152812300785C96444D3334D17565732E08E5E41 \
    0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 \
    590B7292695AFFA5B672CBB2E13FC145CD3F4304 \
-    28F5900B1BB5D1A4B6B6D1A9ED357015286A333D \
-    637DB1E23370F84AFF88CCE03152347D07DA627C \
    CFB16E21C950F67FA95E558F2EEB9F5CC09526C1 \
    F4FC70F07310028424EFC20A8E4256593F177720 \
    D1DBF2C4B96F2DEBF4C16654410108112E7EA81F \
    287AE4CA1187C68C08B49CB2D11BD4F33F1DB499 \
-    F9A8737BF4FF5C89C903DF31DD78544CF91B1514 \
    9DEAE0DC7063249FB05474681E4AED62986CD25D \
-    E463A93F5F3117EEDE6C7316BD02942421F4889F \
-    9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C \
-    4DAF18FE948E7A965B30F9457E296D555E7F63A7 \
+    3EB0DEE6004A13BE5A0CC758BF2978B068054311 \
+    ED9BDF7AD6A55E232E84524257FF9BDBCC301009 \
    28E72909F1717FE9607754F8A7BEB2621678D37D \
-    74E2DEF5D77260B98BC19438099BAD163C70FBFA \
  ; do \
    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" || \
    gpg --batch --keyserver keys.openpgp.org --recv-keys "$key" || \
+    gpg --batch --keyserver pgp.mit.edu --recv-keys "$key" || \
    gpg --batch --keyserver keyserver.pgp.com --recv-keys "$key" || \
    gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key" || \
    gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" ; \
-  done && \
-  wget -O- https://raw.githubusercontent.com/Kvaciral/kvaciral/main/kvaciral.asc | gpg --import
-
+  done
+RUN gpg --keyserver hkps://keys.openpgp.org --refresh-keys
 RUN gpg -kv

+COPY verify.sh verify.sh
+
 ARG BITCOIN_VERSION
 ARG BITCOIN_PREFIX=/opt/bitcoin-${BITCOIN_VERSION}
 ARG BITCOIN_SHA256SUMS_HASH
@ -56,16 +53,16 @@ RUN echo "Building bitcoin core version $BITCOIN_VERSION"
 RUN wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS && \
    wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS.asc && \
    wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/bitcoin-${BITCOIN_VERSION}.tar.gz && \
-    gpg --batch --verify SHA256SUMS.asc SHA256SUMS && \
+    ./verify.sh && \
    echo "${BITCOIN_SHA256SUMS_HASH} SHA256SUMS" | sha256sum -c - && \
    grep " bitcoin-${BITCOIN_VERSION}.tar.gz\$" SHA256SUMS | sha256sum -c - && \
    tar -xzf *.tar.gz

 WORKDIR /bitcoin-${BITCOIN_VERSION}

-RUN sed -i '/AC_PREREQ/a\AR_FLAGS=cr' src/univalue/configure.ac && \
+RUN sed -i '/AC_PREREQ/a\AR_FLAGS=cr' configure.ac && \
    sed -i '/AX_PROG_CC_FOR_BUILD/a\AR_FLAGS=cr' src/secp256k1/configure.ac && \
-    sed -i s:sys/fcntl.h:fcntl.h: src/compat.h && \
+    sed -i s:sys/fcntl.h:fcntl.h: src/compat/compat.h && \
    ./autogen.sh && \
    ./configure LDFLAGS=-L`ls -d /opt/db*`/lib/ CPPFLAGS=-I`ls -d /opt/db*`/include/ \
    --prefix=${BITCOIN_PREFIX} \
--- a/bitcoind/verify.sh
+++ b/bitcoind/verify.sh
@ -0,0 +1,12 @@
+#!/bin/sh
+
+# verify SHA256SUMS
+gpg --batch --verify SHA256SUMS.asc SHA256SUMS
+ret_val=$?
+
+# allow 2 as well in case of untrusted keys
+if [ $ret_val -eq 0 ] || [ $ret_val -eq 2 ]; then
+  exit 0
+else
+  exit $ret_val
+fi