How to patch with Bitcoin, build and deploy GnuCash in Docker on Ubuntu PPA

Main goal of this article is to document high level steps. Steps to patch, build, and deploy GnuCash on Ubuntu PPA (Personal Package Archive). Targeted audience is mid-level technical people. Also others who want to learn more about package building, Docker practices, and Linux.

Docker builds the image. GPG (Gnu Privacy Guard) signs package. dput publishes packages on Ubuntu PPA. From GnuCash perspective added value is finding all the puzzles pieces. At the end I will compare this build process with Archlinux pkgbuild.

Motivation and background

There is no official Bitcoin support in GnuCash. It seems like there won't be one in future from GnuCash developers. On Archlinux I'm using gnucash-xbt from AUR. On my other Ubuntu machine I wanted to use the same. There was no PPA with Bitcoin support in GnuCash. So I created Ubuntu PPA for myself and others. This wasn't my first build of debian like package. In past I hacked a Makefile to generate opkg package for OpenWRT. It was useful knowledge to have for this task.

Where is the code?

You can find code on github repo and skip over this article. You can find Ubuntu PPA packages and install them right away.

What puzzle pieces did you use?

Thanks goes to all this work before mine. It was much easier to solve all the problems because of these people 💗

What prerequisites understanding is necessary?

Ubuntu Packaging Guide is good starting point, has many useful information. Guide also depends on debian packaging policies and tools. It is important to know that there are many ways/tools to build debian package. But two main categories are:

Upstream Developer way

Debian packager way

Quoting from askubuntu:

> In the normal workflow, packager starts by
> downloading *.orig.tar.gz archive then
> extracting.
>    Debian packages can be split into two kinds:
>    -  native '3.0 (native)' and
>    -  non-native '3.0 (quilt)'.
>    They have a slight different way in building.

Check DebianMentorsFaq for difference between native and non-native. This project uses Debian packager way with non-native(quilt) type.

Why would you build inside Docker?

Infrastructure as Code principle is valuable and something Docker forces you to do. Also I don't want to clutter mine laptop with build dependencies. There are other ways to do that but, I also wanted to gather some more experiences with Docker.

Main procedures

Docker image will

  • build the environment for building GnuCash
  • patch GnuCash with Bitcoin currency type
  • build debian source package
  • sign it with gpg (works with YubiKey)
  • upload it to the Ubuntu PPA (Personal Package Archive)

Interesting parts: Dockerfile

First job of docker is to install all needed dependencies for build tools and for GnuCash itself. Other interesting thing is headache less permissions with docker volume. For that we create user and group in Dockerfile. They will have the same UID and GID as user which is building the container

RUN groupadd --system \
    --gid ${GID:-1000} \

RUN useradd --system \
    --create-home \
    --home-dir /home/ubuntu \
    --shell /bin/bash \
    --uid ${UID:-1000} \
    --gid ${GID:-1000} \
    --groups sudo \
    --password "$(openssl passwd -1 ubuntu)" \

USER ubuntu
WORKDIR /home/ubuntu/ppa-gnucash-xbt

CMD ./

Then we create docker container with volumes from user that created docker image

docker run --rm --tty --interactive \
  --volume ${HOME}/.gnupg/:/home/ubuntu/.gnupg/:ro \
  --volume /run/user/$(id -u)/:/run/user/$(id -u)/:ro  \
  --volume ${HOME}/path/to/ppa-gnucash-xbt/:/home/ubuntu/ppa-gnucash-xbt/ \
  --name dpkg-build-gnucash \
  gnucash-xbt-ubuntu-bionic-pkgbuild bash

Now data from repo is available both on host and container. Nobody will mess up owner, group or permissions.

What happens on new upstream release?

On new upstream release needs change. Latest upstream source url, sha256 checksum of that source need modification. Other steps are automatic.

Interesting parts: script

In current form only builds debian source package. It doesn't compile GnuCash itself. To build it for local use and testing run container with bash and issue after running

cd ppa_builddir
dpkg-buildpackage --build=binary

How long will I maintain PPA?

I will maintain it as long as I use GnuCash. I used it for last 5 years. So if we go by Lindy Effect I will maintain it for 5 more years. But beware I'm looking at HLedger as a replacement. Feel free to take over maintaining when PPA becomes out of date.


So looking back and seeing how much time it would take me to patch and build GnuCash for Ubuntu I can say that my intuition was completely off... It took me 5 times more time then I anticipated. Comparing that to building on Archlinux's, it is complex. But I get way there is so many tools and policies in Ubuntu/Debian world. History and compatibility need preservation. But it takes a while to get gist of things. Also Docker and GPG issues took time as well. Hand in hand it is valuable experience for me, especially because Ubuntu Bionic is my main OS now. For a junior level Linux guy, if such category can be defined at all. It is real pain to build, patch and deploy dpkg package. If you are still reading. Thank you. Hope you got something out of it. 💗

Show Comments