This is not what I meant. You still have volumes mounted on the local machine:
-v $PWD:/build -v $PWD/srtool-out:/out -v srtool-cache:/home/builder/cargo
I was thinking about letting docker manage its volume and build the runtime inside and then fetch the result (binary, hash…) from the inside of the container. But I have to take a docker lesson with you in particular for network and volumes part.
You’re right, this is not what you meant. This proposal aims to solve the permission problem when using srtool to check the wasm runtime hash.
I’m not sure what you want to accomplish by preventing bind volume usage, but for the use case above, sticking to bind volumes and dealing with permissions inside the container is simpler (in my opinion).
You’re welcome. It would be more efficient to discuss this in audio. Please suggest me a slot for an evening call in the next days.
Merci pour le correctif ! Ça a résolu une partie du problème. Ça va plus loin, c’est du progrès. À présent j’ai un autre problème 
duniter-v2s (runtime/gtest-1100)> cargo xtask release runtime build gtest
Compiling xtask v0.1.0 (/home/moul/projects/ML/duniter-v2s/xtask)
Finished `dev` profile [unoptimized + debuginfo] target(s) in 5.19s
Running `target/debug/xtask release runtime build gtest`
rustc 1.88.0 (6b00bc388 2025-06-23)
cargo 1.88.0 (873a06493 2025-05-10)
🚀 Construction du runtime avec srtool: gtest
Docker version 29.2.1, build 2.fc43
📄 SRTOOL_OUTPUT = release/srtool_output_gtest.json
🐳 Lancement du conteneur srtool...
🚀 Démarrage de srtool...
📁 Répertoire de travail: /build
🔧 Runtime: gtest
📄 Sortie: release/srtool_output_gtest.json
🔨 Construction du runtime avec srtool...
🧰 Substrate Runtime Toolbox - srtool v0.18.3 🧰
- by Chevdor -
info: override toolchain for '/build' set to '1.88.0-x86_64-unknown-linux-gnu'
info: component 'rust-std' for target 'wasm32-unknown-unknown' is up to date
info: component 'rust-src' is up to date
🏗 Building gtest-runtime as release using rustc 1.88.0 (6b00bc388 2025-06-23)
⏳ That can take a little while, be patient... subsequent builds may be faster.
Since you have to wait a little, you may want to learn more about Substrate runtimes:
https://docs.substrate.io/learn/architecture/
Updating git repository `https://github.com/duniter/duniter-polkadot-sdk`
warning: spurious network error (3 tries remaining): failed to resolve address for github.com: Temporary failure in name resolution; class=Net (12)
warning: spurious network error (2 tries remaining): failed to resolve address for github.com: Temporary failure in name resolution; class=Net (12)
warning: spurious network error (1 tries remaining): failed to resolve address for github.com: Temporary failure in name resolution; class=Net (12)
error: failed to get `frame-support` as a dependency of package `dc-distance v1.0.0 (/build/client/distance)`
Caused by:
failed to load source for dependency `frame-support`
Caused by:
Unable to update https://github.com/duniter/duniter-polkadot-sdk?branch=duniter-substrate-v1.19.1#b3107832
Caused by:
failed to clone into: /home/builder/cargo/git/db/duniter-polkadot-sdk-e5370cbca9345ad4
Caused by:
revision b310783213f03d42d155d1d054fa4f86910734c3 not found
Caused by:
network failure seems to have happened
if a proxy or similar is necessary `net.git-fetch-with-cli` may help here
https://doc.rust-lang.org/cargo/reference/config.html#netgit-fetch-with-cli
Caused by:
failed to resolve address for github.com: Temporary failure in name resolution; class=Net (12)
📦 Déplacement du fichier WASM...
mv: cannot stat '/build/runtime/gtest/target/srtool/release/wbuild/gtest-runtime/gtest_runtime.compact.compressed.wasm': No such file or directory
Error: Échec de la construction du runtime avec srtool
Je vais continuer d’utiliser ma méthode pour contourner le problème.
Je reviens sur cette idée avec plus de connaissances docker, et voici ce que je propose :
# monter le code dans /build, mais un volume dans /build/runtime/gtest/target
$ podman run --rm -i \
-e PACKAGE=gtest-runtime \
-e RUNTIME_DIR=runtime/gtest \
-v $PWD:/build \
-v srtooloutput:/build/runtime/gtest/target \
docker.io/paritytech/srtool:1.88.0 build --app --json -cM
Si vous voulez récupérer le binaire wasm pour l’uploader par exemple, il est dans le volume srtooloutput :
# utiliser la même image en montant le volume conservé
$ podman run --rm -i -v srtooloutput:/srtooloutput --entrypoint bash docker.io/paritytech/srtool:1.88.0
# regarder ce qu'il y a dedans
$ ls -lh /srtooloutput/srtool/release/wbuild/gtest-runtime/gtest_runtime.compact.compressed.wasm
-rw-r--r-- 1 builder builder 743K Mar 4 13:21 /srtooloutput/srtool/release/wbuild/gtest-runtime/gtest_runtime.compact.compressed.wasm
Le résultat en json ressemble à ça :
{
"gen": "srtool v0.18.3",
"src": "git",
"version": "1.0.0",
"commit": "e205c35a0aa985167289e963bd1d8d57e0bf45cc",
"tag": "runtime-1100",
"branch": "hugo/local",
"rustc": "rustc 1.88.0 (6b00bc388 2025-06-23)",
"pkg": "gtest-runtime",
"tmsp": "2026-03-04T13:23:00Z",
"size": "760816",
"prop": "0x2cdca5ab77fc8afdeaea8297cdb03e77a50fabfb84d599713a5a9255aa300060",
"authorize_upgrade_prop": "0x26c01e9b4311b6e8fd35bf8fd41d86207ae42618bde587c346ff73183c7f13b1",
"ipfs": "QmZQvnwkFLor5dKuyxGbj1A7nWvDf57cXLhCgZNbG3otjG",
"sha256": "0x68f4e31e3a197979a5525e1bd868e2a1d268b7015db71880cc6696a30bdf8ac3",
"wasm": "runtime/gtest/target/srtool/release/wbuild/gtest-runtime/gtest_runtime.compact.compressed.wasm",
"info": {
"generator": {
"name": "srtool",
"version": "0.18.3"
},
"src": "git",
"version": "1.0.0",
"git": {
"commit": "e205c35a0aa985167289e963bd1d8d57e0bf45cc",
"tag": "",
"branch": "hugo/local"
},
"rustc": "rustc 1.88.0 (6b00bc388 2025-06-23)",
"pkg": "gtest-runtime",
"profile": "release"
},
"context": {
"package": "gtest-runtime",
"runtime_dir": "runtime/gtest",
"docker": {
"image": "paritytech/srtool",
"tag": "1.88.0"
},
"profile": "release"
},
"runtimes": {
"compact": {
"tmsp": "2026-03-04T13:22:55Z",
"size": "3308717",
"prop": "0x887dbc60298bb5eba24215a3c0cf90e124822a439998aaf849bcf9da05f0efe5",
"authorize_upgrade_prop": "0xb5a2df88f3d27ab0933232f4d94a349ba3bf675ccef2a166e8839ba8f4d11caa",
"blake2_256": "0x1ae8b409f8e1fd11f013d5f3dd73ea6b97fae4e19cf2791580aa9f163c83a3f4",
"ipfs": "QmSV2bYAQX441hVchPgQe4YY36FCjRzbfd8My9GUF2y2bX",
"sha256": "0x3fa041ba398a5cd09f9e7ef6f07d015c1b65b53a73f83bed5855d1a97f2db7e6",
"wasm": "runtime/gtest/target/srtool/release/wbuild/gtest-runtime/gtest_runtime.compact.wasm",
"subwasm": {
"size": 3308717,
"compression": {
"size_compressed": 3308717,
"size_decompressed": 3308717,
"compressed": false
},
"reserved_meta": [
109,
101,
116,
97
],
"reserved_meta_valid": true,
"metadata_version": 14,
"core_version": {
"specName": "gtest",
"implName": "duniter-gtest",
"authoringVersion": 1,
"specVersion": 1100,
"implVersion": 1,
"apis": [
[
"0x687ad44ad37f03c2",
1
],
[
"0xcbca25e39f142387",
2
],
[
"0xdf6acb689907609b",
5
],
[
"0x37e397fc7c91f5e4",
2
],
[
"0x40fe3ad401f8959a",
6
],
[
"0xd2bc9897eed08f15",
3
],
[
"0xf78b278be53f454c",
2
],
[
"0xab3c0572291feb8b",
1
],
[
"0xed99c5acb25eedf5",
3
],
[
"0xbc9d89904f5b923f",
1
],
[
"0x37c8bb1350a9a2a8",
4
],
[
"0x507611b657f74689",
1
],
[
"0xe777217989a89d9e",
1
],
[
"0xfbc577b9d747efd6",
1
]
],
"transactionVersion": 1,
"stateVersion": 1
},
"proposal_hash": "0x887dbc60298bb5eba24215a3c0cf90e124822a439998aaf849bcf9da05f0efe5",
"parachain_authorize_upgrade_hash": "0xb5a2df88f3d27ab0933232f4d94a349ba3bf675ccef2a166e8839ba8f4d11caa",
"ipfs_hash": "QmSV2bYAQX441hVchPgQe4YY36FCjRzbfd8My9GUF2y2bX",
"blake2_256": "0x1ae8b409f8e1fd11f013d5f3dd73ea6b97fae4e19cf2791580aa9f163c83a3f4"
}
},
"compressed": {
"tmsp": "2026-03-04T13:21:52Z",
"size": "760816",
"prop": "0x2cdca5ab77fc8afdeaea8297cdb03e77a50fabfb84d599713a5a9255aa300060",
"authorize_upgrade_prop": "0x26c01e9b4311b6e8fd35bf8fd41d86207ae42618bde587c346ff73183c7f13b1",
"blake2_256": "0x87592e7a3f47558f2bb2194e236629bab8fbe894675a5d3e91662499c07c9cf8",
"ipfs": "QmZQvnwkFLor5dKuyxGbj1A7nWvDf57cXLhCgZNbG3otjG",
"sha256": "0x68f4e31e3a197979a5525e1bd868e2a1d268b7015db71880cc6696a30bdf8ac3",
"wasm": "runtime/gtest/target/srtool/release/wbuild/gtest-runtime/gtest_runtime.compact.compressed.wasm",
"subwasm": {
"size": 760816,
"compression": {
"size_compressed": 760816,
"size_decompressed": 3308717,
"compressed": true
},
"reserved_meta": [
109,
101,
116,
97
],
"reserved_meta_valid": true,
"metadata_version": 14,
"core_version": {
"specName": "gtest",
"implName": "duniter-gtest",
"authoringVersion": 1,
"specVersion": 1100,
"implVersion": 1,
"apis": [
[
"0x687ad44ad37f03c2",
1
],
[
"0xcbca25e39f142387",
2
],
[
"0xdf6acb689907609b",
5
],
[
"0x37e397fc7c91f5e4",
2
],
[
"0x40fe3ad401f8959a",
6
],
[
"0xd2bc9897eed08f15",
3
],
[
"0xf78b278be53f454c",
2
],
[
"0xab3c0572291feb8b",
1
],
[
"0xed99c5acb25eedf5",
3
],
[
"0xbc9d89904f5b923f",
1
],
[
"0x37c8bb1350a9a2a8",
4
],
[
"0x507611b657f74689",
1
],
[
"0xe777217989a89d9e",
1
],
[
"0xfbc577b9d747efd6",
1
]
],
"transactionVersion": 1,
"stateVersion": 1
},
"proposal_hash": "0x2cdca5ab77fc8afdeaea8297cdb03e77a50fabfb84d599713a5a9255aa300060",
"parachain_authorize_upgrade_hash": "0x26c01e9b4311b6e8fd35bf8fd41d86207ae42618bde587c346ff73183c7f13b1",
"ipfs_hash": "QmZQvnwkFLor5dKuyxGbj1A7nWvDf57cXLhCgZNbG3otjG",
"blake2_256": "0x87592e7a3f47558f2bb2194e236629bab8fbe894675a5d3e91662499c07c9cf8"
}
}
}
}
C’est déjà ce qui avait été mis en place par poka : Merge branch 'fix-build-permission' into 'runtime/gtest-1100' (cfa0f284) · Commits · nodes / rust / Duniter v2S · GitLab
Il restait un pb de droit car le script lancé dans le docker lance la commande srtool puis fait un mv du fichier généré après le build et c’est ce mv qui prend un permission denied. Si on veut garder cette approche il faut faire ce mv dans un autre docker qui monte le volume de cache et lance le mv avec le bon uid.