6aa74c7386
Lets a node runner choose which Bitcoin Core / Knots version to install (latest pre-selected), then switch, pin, or opt into auto-update from the app's interface — all manifest/catalog-driven, rootless, signed-registry, zero-data-loss. Motivated by upcoming BIP-110 signalling: runners need a real choice of software version. Backend: - version_config.rs: per-app pin + auto-update persistence (atomic, merge- preserving), downgrade detection, auto-update enumeration (+ unit tests). - app_catalog.rs: CatalogVersion / versions[] schema, catalog_versions(), catalog_image_for_version() (same-repo guard); a pin suppresses the update badge. - prod_orchestrator.rs: pinned version wins over the catalog default on every install/recreate. - install.rs: install-time `version` param persisted (default = unpinned). - set_config.rs: package.versions (read) + package.set-config (write) RPCs; downgrade is gated behind explicit confirm (warn + confirm + allow). - update.rs/main.rs: hourly per-app auto-update tick via the orchestrator (opt-in, pin-respecting); fix handle_package_update to be non-fatal for orchestrator-managed apps lacking a catalog primary image (bitcoin-core). UI: - MarketplaceAppDetails.vue: install-time version selector (shown when an app offers >=2 versions). - appDetails/AppSidebar.vue: "Version & Updates" card (switch / pin / auto- update toggle / downgrade warning), per app. - rpc-client.ts + en.json: RPC methods, types, strings. Phase 0 image pipeline: - scripts/build-bitcoin-image.sh: download official tarball + SHA256SUMS(.asc), verify SHA-256 + pinned-maintainer OpenPGP signature (fail-closed), build a minimal rootless image, smoke-test, tag + push. - apps/bitcoin-core/Dockerfile rewritten (drops stale community base); apps/bitcoin-knots/Dockerfile added. - generate-app-catalog.sh: emit curated versions[]; published + catalog now offers Core 25.2/26.2/27.2/28.4/29.3/30.2/31.0 + Knots 29.3.knots20260508. docs/bitcoin-multi-version-design.md: live progress tracker. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
30 lines
1.3 KiB
Docker
30 lines
1.3 KiB
Docker
# Bitcoin Core — minimal rootless image built from the OFFICIAL upstream release.
|
|
#
|
|
# The CANONICAL, verified build path is scripts/build-bitcoin-image.sh, which
|
|
# downloads the upstream tarball, verifies SHA-256 + the OpenPGP signature
|
|
# (fail-closed), and tags/pushes <registry>/bitcoin:<version>. This Dockerfile
|
|
# mirrors that image for a manual/local build and replaces the old stale
|
|
# community base (`FROM bitcoin/bitcoin:24.0`).
|
|
#
|
|
# Build (binaries must be pre-fetched + verified into ./bin — see the script):
|
|
# scripts/build-bitcoin-image.sh core 31.0
|
|
FROM debian:bookworm-slim
|
|
ARG BITCOIN_VERSION=31.0
|
|
RUN set -eux; \
|
|
apt-get update; \
|
|
apt-get install -y --no-install-recommends ca-certificates; \
|
|
rm -rf /var/lib/apt/lists/*; \
|
|
useradd -m -u 1000 -s /bin/bash bitcoin; \
|
|
mkdir -p /home/bitcoin/.bitcoin; \
|
|
chown -R bitcoin:bitcoin /home/bitcoin
|
|
# bin/ holds the SHA-256 + GPG-verified bitcoind / bitcoin-cli (Guix-built,
|
|
# x86_64-linux-gnu) extracted from the official release tarball.
|
|
COPY bin/bitcoind /usr/local/bin/bitcoind
|
|
COPY bin/bitcoin-cli /usr/local/bin/bitcoin-cli
|
|
RUN chmod 0755 /usr/local/bin/bitcoind /usr/local/bin/bitcoin-cli
|
|
USER bitcoin
|
|
WORKDIR /home/bitcoin
|
|
VOLUME ["/home/bitcoin/.bitcoin"]
|
|
EXPOSE 8332 8333
|
|
ENTRYPOINT ["bitcoind"]
|