Migrate gitian-build.sh to python #13623

pull ken2812221 wants to merge 1 commits into bitcoin:master from ken2812221:python-gitian-build changing 2 files +201 −413
  1. ken2812221 commented at 2:32 PM on July 10, 2018: contributor

    Fixes #13620

  2. ken2812221 force-pushed on Jul 10, 2018
  3. ken2812221 force-pushed on Jul 10, 2018
  4. laanwj added the label Build system on Jul 10, 2018
  5. laanwj commented at 3:17 PM on July 10, 2018: member

    Thanks // Concept ACK, code looks good to me at first glance but ofcourse needs manual testing (as it's not tested by the test framework).

  6. MarcoFalke commented at 3:45 PM on July 10, 2018: member

    Could remove the bash script in the same commit?

  7. ken2812221 force-pushed on Jul 10, 2018
  8. ken2812221 renamed this:
    [WIP] Migrate gitian-build.sh to python
    Migrate gitian-build.sh to python
    on Jul 10, 2018
  9. ken2812221 force-pushed on Jul 10, 2018
  10. DrahtBot commented at 4:27 PM on July 10, 2018: member

    <!--e57a25ab6845829454e8d69fc972939a-->Note to reviewers: This pull request conflicts with the following ones:

    • #13643 (Switch to NSIS 3.03 to avoid DLL hijacking by h4x3rotab)
    • #13368 (Update gitian-build.sh for docker by achow101)
    • #13171 (Change gitian-descriptors to use bionic instead by ken2812221)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  11. jtimon commented at 8:18 PM on July 10, 2018: contributor

    Concept ACK

  12. dongcarl commented at 9:07 PM on July 10, 2018: member

    As gitian-build.sh is mostly calling other executables, I think bash/sh is still the most sensible/readable/least-dependencies choice. According to #13620 there are edge cases to fix, sure, but I'm not convinced that there's a need for a python rewrite.

    Static analysis tools run against shell scripts in the check pipeline can eliminate/mitigate edge cases. I'd recommend: https://github.com/koalaman/shellcheck

  13. ken2812221 force-pushed on Jul 11, 2018
  14. ken2812221 force-pushed on Jul 11, 2018
  15. laanwj commented at 11:34 AM on July 11, 2018: member

    As gitian-build.sh is mostly calling other executables, I think bash/sh is still the most sensible/readable/least-dependencies choice.

    The point is that most of the developers in this project have a much easier time reviewing and maintaining python code. Shell script has turned out to be a continuous struggle against shell differences, bad performance, bugs and other edge cases due to obscure quoting practices, and so on.

    You might disagree personally--obviously everything is possible with shell script as well, but porting this to python is more of a social consensus. (as for dependencies, I don't think that is a big thing here, Python 3 is already required to build the project and this requires no external modules)

  16. MarcoFalke commented at 11:37 AM on July 11, 2018: member

    Also, the resulting python script is a lot shorter. Means less code weight to maintain in the future :)

  17. in contrib/gitian-build.py:138 in bc284da7f0 outdated 
     125 | +    parser.add_argument('-m', '--memory', dest='memory', default=2000, help='Memory to allocate in MiB. Default %(default)s')
 126 | +    parser.add_argument('-k', '--kvm', action='store_true', dest='kvm', help='Use KVM instead of LXC')
 127 | +    parser.add_argument('-S', '--setup', action='store_true', dest='setup', help='Set up the Gitian building environment. Uses LXC. If you want to use KVM, use the --kvm option. Only works on Debian-based systems (Ubuntu, Debian)')
 128 | +    parser.add_argument('-d', '--detach-sign', action='store_true', dest='detach_sign', help='Create the assert file for detached signing. Will not commit anything.')
 129 | +    parser.add_argument('-n', '--no-commit', action='store_false', dest='commit_files', help='Do not commit anything to git')
 130 | +    parser.add_argument('signer', help='GPG signer to sign each build assert file')
    mcdallas commented at 4:34 PM on July 11, 2018:

    You can add the parameter nargs=1 to make signer and version mandatory and skip lines 155-162. It will produce a list of one item. See https://docs.python.org/3/library/argparse.html#nargs

    achow101 commented at 9:24 PM on July 11, 2018:

    This isn't necessary since signer and version are positional arguments so if they aren't provided then an error will always be thrown. The checks later are still necessary since you can still pass in the empty string as an argument regardless of nargs.

    mcdallas commented at 10:00 PM on July 11, 2018:

    Oh I missed the point of the checks. Still if we want to guard against empty string we can use the type argument with a custom callable (saves a few lines)

  18. ken2812221 force-pushed on Jul 12, 2018
  19. ken2812221 commented at 2:45 AM on July 12, 2018: contributor

    Update: exit 1 if signer or version is empty.

  20. in contrib/gitian-build.py:179 in a67812d15e outdated 
     161 | +    if args.version == '':
 162 | +        print(script_name+': Missing version.')
 163 | +        print('Try '+script_name+' --help for more information')
 164 | +        exit(1)
 165 | +
 166 | +    # Add leading 'v' for tags
    jb55 commented at 6:05 AM on July 13, 2018:

    is this option necessary? if there's a v you could just include it in the argument. I found this confusing when I ran the command, it was trying to checkout vmaster because I didn't have the --commit option.

    ken2812221 commented at 7:07 AM on July 13, 2018:

    The version without 'v' prefix is still used in gsign.

  21. in contrib/gitian-build.py:186 in a67812d15e outdated 
     168 | +    print(args.commit)
 169 | +
 170 | +    if args.setup:
 171 | +        setup()
 172 | +
 173 | +    os.chdir('bitcoin')
    jb55 commented at 6:06 AM on July 13, 2018:

    this assumes you would be running the command from outside the bitcoin directory. is this correct? I found I had to cd .. and then run ./bitcoin/contrib/gitian-builder.py to make the command work?

    ken2812221 commented at 6:28 AM on July 13, 2018:

    From the instruction from https://github.com/bitcoin-core/docs/blob/master/gitian-building.md , you should copy the script to the same level as bitcoin folder

    jb55 commented at 4:59 PM on July 13, 2018:

    ah ok thanks

  22. in contrib/gitian-build.py:191 in a67812d15e outdated 
     173 | +    os.chdir('bitcoin')
 174 | +    subprocess.check_call(['git', 'fetch'])
 175 | +    subprocess.check_call(['git', 'checkout', args.commit])
 176 | +    os.chdir(workdir)
 177 | +
 178 | +    if args.build:
    jb55 commented at 6:11 AM on July 13, 2018:

    perhaps we could default to build? or at least throw an error when all three are not selected?

  23. jb55 changes_requested
  24. jb55 commented at 6:12 AM on July 13, 2018: member

    I only tested some of the basic ergonomics since I don't have the gitian builder set up on my machine yet.

  25. fanquake commented at 9:57 AM on July 13, 2018: member

    Using a67812d if I pass --setup and already have one of the required repos cloned I see:

    Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for ufw (0.35-5) ...
fatal: destination path 'gitian.sigs' already exists and is not an empty directory.
Traceback (most recent call last):
  File "./gitian-build.py", line 188, in <module>
    main()
  File "./gitian-build.py", line 171, in main
    setup()
  File "./gitian-build.py", line 16, in setup
    subprocess.check_call(['git', 'clone', 'https://github.com/bitcoin-core/gitian.sigs.git'])
  File "/usr/lib/python3.6/subprocess.py", line 291, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['git', 'clone', 'https://github.com/bitcoin-core/gitian.sigs.git']' returned non-zero exit status 128.
ubuntu@ubuntu:~$ ls

    Removed the repos and re-ran with --setup:

    |               E |
+----[SHA256]-----+
sudo: debootstrap: command not found
Traceback (most recent call last):
  File "./gitian-build.py", line 188, in <module>
    main()
  File "./gitian-build.py", line 171, in main
    setup()
  File "./gitian-build.py", line 23, in setup
    subprocess.check_call(make_image_prog)
  File "/usr/lib/python3.6/subprocess.py", line 291, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['bin/make-base-vm', '--suite', 'trusty', '--arch', 'amd64', '--lxc']' returned non-zero exit status 1.

    --setup --kvm

    invoke-rc.d: policy-rc.d denied execution of restart.

Configuration file '/etc/sudoers'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** sudoers (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing package sudo (--configure):
 EOF on stdin at conffile prompt
invoke-rc.d: policy-rc.d denied execution of restart.
Errors were encountered while processing:
 sudo
E: Sub-process /usr/bin/dpkg returned an error code (1)

Traceback (most recent call last):
  File "./gitian-build.py", line 188, in <module>
    main()
  File "./gitian-build.py", line 171, in main
    setup()
  File "./gitian-build.py", line 23, in setup
    subprocess.check_call(make_image_prog)
  File "/usr/lib/python3.6/subprocess.py", line 291, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['bin/make-base-vm', '--suite', 'trusty', '--arch', 'amd64']' returned non-zero exit status 1.
  26. ken2812221 force-pushed on Jul 13, 2018
  27. ken2812221 commented at 11:48 AM on July 13, 2018: contributor

    I don't know how to deal with KVM errors since I haven't used KVM ever, I just follow the same command with the original script. Can anyone give a hint?

  28. fanquake commented at 11:44 PM on July 15, 2018: member

    @ken2812221 Now that #13368 has been merged, can you update the new Python script to add Docker support. I will retest the changes here shortly.

  29. ken2812221 force-pushed on Jul 16, 2018
  30. ken2812221 force-pushed on Jul 16, 2018
  31. ken2812221 force-pushed on Jul 16, 2018
  32. DrahtBot added the label Needs rebase on Jul 16, 2018
  33. DrahtBot commented at 11:16 AM on July 16, 2018: member

    <!--cf906140f33d8803c4a75a2196329ecb-->Needs rebase

  34. Migrate gitian-build.sh to python 78f06e4af7
  35. ken2812221 force-pushed on Jul 16, 2018
  36. fanquake removed the label Needs rebase on Jul 17, 2018
  37. Sjors commented at 4:17 PM on July 17, 2018: member

    This is great, especially not having to worry about the exact sequence of arguments (the bash script had some quirks).

    I'm trying to sign master on a Bionic VM (haven't tried a Debian 9 host).

    # git clone bitcoin, gitian.sigs, etc
cp bitcoin/contrib/gitian-build.py .
# add MacOS stuff 
python3 gitian-build.py --setup sjors -c master
python3 gitian-build.py --detach-sign --no-commit -b sjors -c master

    This throws an error for me, see #13623. The original bash script also throws that error, so probably not related. Just means I can't test the rest of the process on this VM.

    When running --setup --docker it throws an error:

    ERRO[0000] failed to dial gRPC: cannot connect to the Docker daemon. Is 'docker daemon' running on this host?: dial unix /var/run/docker.sock: connect: permission denied

    docker ps also throws a permission error; sudo docker ps works. sudo usermod -aG docker $USER solves the problem. It creates an image base-bionic-amd64.

    Trying to build with Docker complains:

    Compiling master Linux
--- Building for bionic amd64 ---
Stopping target if it is up
Making a new image copy
Error: No such container: gitian-target

    The bash script throws the same complaint, so that's not related.

    When running gitian-build.py without arguments, it should probably just return --help (or otherwise point out that this exists).

    Is there a corresponding PR to update the instructions? (mostly just renaming .sh to .py)

    Can you add make to the dependencies installed during --setup?

    For another PR: having a config flag to get a Trusty base image can be useful when building backports.

  38. ken2812221 commented at 5:37 PM on July 17, 2018: contributor

    Compiling master Linux --- Building for bionic amd64 --- Stopping target if it is up Making a new image copy Error: No such container: gitian-target

    I believe the docker problem is already exist on gitian-build.sh because I saw the same error trying to use gitian-build.sh to create docker image.

    Can you add make to the dependencies installed during --setup?

    Why?

  39. Sjors commented at 5:53 PM on July 17, 2018: member

    Correct, it happens both with bash and python.

    Without "make" setup throws an error on a fresh Bionic machine (unless you install all dependencies recommended in the docs, which is overkill).

  40. MarcoFalke commented at 6:02 PM on July 17, 2018: member

    utACK 78f06e4af76b6e4550b8eed5a521684140a4

  41. MarcoFalke merged this on Jul 17, 2018
  42. MarcoFalke closed this on Jul 17, 2018
  43. MarcoFalke referenced this in commit 9cdb19fe67 on Jul 17, 2018
  44. ken2812221 deleted the branch on Jul 17, 2018
  45. Sjors commented at 6:35 PM on July 17, 2018: member

    On Debian 9, when trying to --setup with --docker, I'm getting Package 'docker.io' has no installation candidate.

    So I installed Docker manually, but get the same error. Disabling programs += ['docker.io'] does the trick.

  46. hebasto referenced this in commit 2608860ace on Aug 17, 2018
  47. hebasto referenced this in commit ad6db7f8c4 on Aug 17, 2018
  48. hebasto referenced this in commit a2a316e265 on Aug 19, 2018
  49. hebasto referenced this in commit a2b1d10189 on Sep 5, 2018
  50. hebasto referenced this in commit bc4ca468a0 on Sep 5, 2018
  51. hebasto referenced this in commit be88ede292 on Sep 6, 2018
  52. UdjinM6 referenced this in commit 3313bbd515 on Oct 21, 2018
  53. MarcoFalke referenced this in commit f49b8d4783 on May 20, 2019
  54. sidhujag referenced this in commit 19c473999e on May 20, 2019
  55. CryptoCentric referenced this in commit 2b0edc5565 on May 21, 2019
  56. CryptoCentric referenced this in commit 2a5ffd9808 on May 4, 2021
  57. CryptoCentric referenced this in commit b1d54c1ac3 on May 4, 2021
  58. UdjinM6 referenced this in commit 84b3c0b1ee on Sep 1, 2021
  59. UdjinM6 referenced this in commit 5baf92492b on Sep 2, 2021
  60. UdjinM6 referenced this in commit 10c56c07b9 on Sep 2, 2021
  61. UdjinM6 referenced this in commit 0f8ae5e6e6 on Sep 2, 2021
  62. UdjinM6 referenced this in commit 678e2af0f3 on Sep 2, 2021
  63. UdjinM6 referenced this in commit f512e704d5 on Sep 2, 2021
  64. MarcoFalke locked this on Dec 16, 2021
Contributors
ken2812221laanwjMarcoFalkeDrahtBotjtimondongcarlmcdallasachow101jb55fanquakeSjors
Labels
Build system
Linked (view graph)
#13620 Rewrite gitian-build.sh in Python#13998 Scripts and tools: gitian-build.py improvements and corrections
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 15:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me