Browse Source

Merge pull request #6116

d1a3866 build: Cope with spaces in filenames when creating/applying OSX sigs (Cory Fields)
7cef321 [Mac only] rename Bitcoin-Qt.app to "Bitcoin Core.app" (Jonas Schnelli)
0.13
Wladimir J. van der Laan 10 years ago
parent
commit
30dc3c1b38
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
  1. 6
      Makefile.am
  2. 2
      contrib/gitian-descriptors/gitian-osx-signer.yml
  3. 2
      contrib/gitian-descriptors/gitian-osx.yml
  4. BIN
      contrib/macdeploy/DS_Store
  5. 2
      contrib/macdeploy/README.md
  6. 21
      contrib/macdeploy/detached-sig-apply.sh
  7. 22
      contrib/macdeploy/detached-sig-create.sh
  8. 2
      contrib/macdeploy/fancy.plist
  9. 6
      contrib/macdeploy/macdeployqtplus
  10. 4
      doc/build-osx.md
  11. 4
      share/certs/PrivateKeyNotes.md

6
Makefile.am

@ -14,8 +14,8 @@ BITCOIN_QT_BIN=$(top_builddir)/src/qt/bitcoin-qt$(EXEEXT)
BITCOIN_CLI_BIN=$(top_builddir)/src/bitcoin-cli$(EXEEXT) BITCOIN_CLI_BIN=$(top_builddir)/src/bitcoin-cli$(EXEEXT)
BITCOIN_WIN_INSTALLER=$(PACKAGE)-$(PACKAGE_VERSION)-win$(WINDOWS_BITS)-setup$(EXEEXT) BITCOIN_WIN_INSTALLER=$(PACKAGE)-$(PACKAGE_VERSION)-win$(WINDOWS_BITS)-setup$(EXEEXT)
OSX_APP=Bitcoin-Qt.app OSX_APP=Bitcoin-Core.app
OSX_DMG=Bitcoin-Qt.dmg OSX_DMG=Bitcoin-Core.dmg
OSX_BACKGROUND_IMAGE=background.tiff OSX_BACKGROUND_IMAGE=background.tiff
OSX_DEPLOY_SCRIPT=$(top_srcdir)/contrib/macdeploy/macdeployqtplus OSX_DEPLOY_SCRIPT=$(top_srcdir)/contrib/macdeploy/macdeployqtplus
OSX_FANCY_PLIST=$(top_srcdir)/contrib/macdeploy/fancy.plist OSX_FANCY_PLIST=$(top_srcdir)/contrib/macdeploy/fancy.plist
@ -106,7 +106,7 @@ $(APP_DIST_DIR)/Applications:
$(APP_DIST_EXTRAS): $(APP_DIST_DIR)/$(OSX_APP)/Contents/MacOS/Bitcoin-Qt $(APP_DIST_EXTRAS): $(APP_DIST_DIR)/$(OSX_APP)/Contents/MacOS/Bitcoin-Qt
$(OSX_DMG): $(APP_DIST_EXTRAS) $(OSX_DMG): $(APP_DIST_EXTRAS)
$(GENISOIMAGE) -no-cache-inodes -D -l -probe -V "Bitcoin-Qt" -no-pad -r -apple -o $@ dist $(GENISOIMAGE) -no-cache-inodes -D -l -probe -V "Bitcoin-Core" -no-pad -r -apple -o $@ dist
$(APP_DIST_DIR)/.background/$(OSX_BACKGROUND_IMAGE): contrib/macdeploy/$(OSX_BACKGROUND_IMAGE) $(APP_DIST_DIR)/.background/$(OSX_BACKGROUND_IMAGE): contrib/macdeploy/$(OSX_BACKGROUND_IMAGE)
$(MKDIR_P) $(@D) $(MKDIR_P) $(@D)

2
contrib/gitian-descriptors/gitian-osx-signer.yml

@ -33,5 +33,5 @@ script: |
tar -xf ${UNSIGNED} tar -xf ${UNSIGNED}
./detached-sig-apply.sh ${UNSIGNED} signature.tar.gz ./detached-sig-apply.sh ${UNSIGNED} signature.tar.gz
${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "Bitcoin-Qt" -no-pad -r -apple -o uncompressed.dmg signed-app ${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "Bitcoin-Core" -no-pad -r -apple -o uncompressed.dmg signed-app
${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED} ${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}

2
contrib/gitian-descriptors/gitian-osx.yml

@ -120,7 +120,7 @@ script: |
popd popd
make deploy make deploy
${WRAP_DIR}/dmg dmg Bitcoin-Qt.dmg ${OUTDIR}/${DISTNAME}-osx-unsigned.dmg ${WRAP_DIR}/dmg dmg Bitcoin-Core.dmg ${OUTDIR}/${DISTNAME}-osx-unsigned.dmg
cd installed cd installed
find . -name "lib*.la" -delete find . -name "lib*.la" -delete

BIN
contrib/macdeploy/DS_Store

Binary file not shown.

2
contrib/macdeploy/README.md

@ -11,5 +11,5 @@ This script should not be run manually, instead, after building as usual:
During the process, the disk image window will pop up briefly where the fancy During the process, the disk image window will pop up briefly where the fancy
settings are applied. This is normal, please do not interfere. settings are applied. This is normal, please do not interfere.
When finished, it will produce `Bitcoin-Qt.dmg`. When finished, it will produce `Bitcoin-Core.dmg`.

21
contrib/macdeploy/detached-sig-apply.sh

@ -1,11 +1,10 @@
#!/bin/sh #!/bin/sh
set -e set -e
UNSIGNED=$1 UNSIGNED="$1"
SIGNATURE=$2 SIGNATURE="$2"
ARCH=x86_64 ARCH=x86_64
ROOTDIR=dist ROOTDIR=dist
BUNDLE=${ROOTDIR}/Bitcoin-Qt.app
TEMPDIR=signed.temp TEMPDIR=signed.temp
OUTDIR=signed-app OUTDIR=signed-app
@ -31,21 +30,21 @@ if [ -z "${CODESIGN_ALLOCATE}" ]; then
CODESIGN_ALLOCATE=${TEMPDIR}/codesign_allocate CODESIGN_ALLOCATE=${TEMPDIR}/codesign_allocate
fi fi
for i in `find ${TEMPDIR} -name "*.sign"`; do find ${TEMPDIR} -name "*.sign" | while read i; do
SIZE=`stat -c %s ${i}` SIZE=`stat -c %s "${i}"`
TARGET_FILE=`echo ${i} | sed 's/\.sign$//'` TARGET_FILE="`echo "${i}" | sed 's/\.sign$//'`"
echo "Allocating space for the signature of size ${SIZE} in ${TARGET_FILE}" echo "Allocating space for the signature of size ${SIZE} in ${TARGET_FILE}"
${CODESIGN_ALLOCATE} -i ${TARGET_FILE} -a ${ARCH} ${SIZE} -o ${i}.tmp ${CODESIGN_ALLOCATE} -i "${TARGET_FILE}" -a ${ARCH} ${SIZE} -o "${i}.tmp"
OFFSET=`${PAGESTUFF} ${i}.tmp -p | tail -2 | grep offset | sed 's/[^0-9]*//g'` OFFSET=`${PAGESTUFF} "${i}.tmp" -p | tail -2 | grep offset | sed 's/[^0-9]*//g'`
if [ -z ${QUIET} ]; then if [ -z ${QUIET} ]; then
echo "Attaching signature at offset ${OFFSET}" echo "Attaching signature at offset ${OFFSET}"
fi fi
dd if=$i of=${i}.tmp bs=1 seek=${OFFSET} count=${SIZE} 2>/dev/null dd if="$i" of="${i}.tmp" bs=1 seek=${OFFSET} count=${SIZE} 2>/dev/null
mv ${i}.tmp ${TARGET_FILE} mv "${i}.tmp" "${TARGET_FILE}"
rm ${i} rm "${i}"
echo "Success." echo "Success."
done done
mv ${TEMPDIR}/${ROOTDIR} ${OUTDIR} mv ${TEMPDIR}/${ROOTDIR} ${OUTDIR}

22
contrib/macdeploy/detached-sig-create.sh

@ -2,7 +2,7 @@
set -e set -e
ROOTDIR=dist ROOTDIR=dist
BUNDLE=${ROOTDIR}/Bitcoin-Qt.app BUNDLE="${ROOTDIR}/Bitcoin Core.app"
CODESIGN=codesign CODESIGN=codesign
TEMPDIR=sign.temp TEMPDIR=sign.temp
TEMPLIST=${TEMPDIR}/signatures.txt TEMPLIST=${TEMPDIR}/signatures.txt
@ -19,19 +19,19 @@ mkdir -p ${TEMPDIR}
${CODESIGN} -f --file-list ${TEMPLIST} "$@" "${BUNDLE}" ${CODESIGN} -f --file-list ${TEMPLIST} "$@" "${BUNDLE}"
for i in `grep -v CodeResources ${TEMPLIST}`; do grep -v CodeResources < "${TEMPLIST}" | while read i; do
TARGETFILE="${BUNDLE}/`echo ${i} | sed "s|.*${BUNDLE}/||"`" TARGETFILE="${BUNDLE}/`echo "${i}" | sed "s|.*${BUNDLE}/||"`"
SIZE=`pagestuff $i -p | tail -2 | grep size | sed 's/[^0-9]*//g'` SIZE=`pagestuff "$i" -p | tail -2 | grep size | sed 's/[^0-9]*//g'`
OFFSET=`pagestuff $i -p | tail -2 | grep offset | sed 's/[^0-9]*//g'` OFFSET=`pagestuff "$i" -p | tail -2 | grep offset | sed 's/[^0-9]*//g'`
SIGNFILE="${TEMPDIR}/${TARGETFILE}.sign" SIGNFILE="${TEMPDIR}/${TARGETFILE}.sign"
DIRNAME="`dirname ${SIGNFILE}`" DIRNAME="`dirname "${SIGNFILE}"`"
mkdir -p "${DIRNAME}" mkdir -p "${DIRNAME}"
echo "Adding detached signature for: ${TARGETFILE}. Size: ${SIZE}. Offset: ${OFFSET}" echo "Adding detached signature for: ${TARGETFILE}. Size: ${SIZE}. Offset: ${OFFSET}"
dd if=$i of=${SIGNFILE} bs=1 skip=${OFFSET} count=${SIZE} 2>/dev/null dd if="$i" of="${SIGNFILE}" bs=1 skip=${OFFSET} count=${SIZE} 2>/dev/null
done done
for i in `grep CodeResources ${TEMPLIST}`; do grep CodeResources < "${TEMPLIST}" | while read i; do
TARGETFILE="${BUNDLE}/`echo ${i} | sed "s|.*${BUNDLE}/||"`" TARGETFILE="${BUNDLE}/`echo "${i}" | sed "s|.*${BUNDLE}/||"`"
RESOURCE="${TEMPDIR}/${TARGETFILE}" RESOURCE="${TEMPDIR}/${TARGETFILE}"
DIRNAME="`dirname "${RESOURCE}"`" DIRNAME="`dirname "${RESOURCE}"`"
mkdir -p "${DIRNAME}" mkdir -p "${DIRNAME}"
@ -41,6 +41,6 @@ done
rm ${TEMPLIST} rm ${TEMPLIST}
tar -C ${TEMPDIR} -czf ${OUT} . tar -C "${TEMPDIR}" -czf "${OUT}" .
rm -rf ${TEMPDIR} rm -rf "${TEMPDIR}"
echo "Created ${OUT}" echo "Created ${OUT}"

2
contrib/macdeploy/fancy.plist

@ -22,7 +22,7 @@
<integer>370</integer> <integer>370</integer>
<integer>156</integer> <integer>156</integer>
</array> </array>
<key>Bitcoin-Qt.app</key> <key>Bitcoin Core.app</key>
<array> <array>
<integer>128</integer> <integer>128</integer>
<integer>156</integer> <integer>156</integer>

6
contrib/macdeploy/macdeployqtplus

@ -155,7 +155,7 @@ class FrameworkInfo(object):
class ApplicationBundleInfo(object): class ApplicationBundleInfo(object):
def __init__(self, path): def __init__(self, path):
self.path = path self.path = path
appName = os.path.splitext(os.path.basename(path))[0] appName = "Bitcoin-Qt"
self.binaryPath = os.path.join(path, "Contents", "MacOS", appName) self.binaryPath = os.path.join(path, "Contents", "MacOS", appName)
if not os.path.exists(self.binaryPath): if not os.path.exists(self.binaryPath):
raise RuntimeError("Could not find bundle binary for " + path) raise RuntimeError("Could not find bundle binary for " + path)
@ -596,7 +596,7 @@ if os.path.exists("dist"):
# ------------------------------------------------ # ------------------------------------------------
target = os.path.join("dist", app_bundle) target = os.path.join("dist", "Bitcoin Core.app")
if verbose >= 2: if verbose >= 2:
print "+ Copying source bundle +" print "+ Copying source bundle +"
@ -837,7 +837,7 @@ if config.dmg is not None:
items_positions.append(itemscript.substitute(params)) items_positions.append(itemscript.substitute(params))
params = { params = {
"disk" : "Bitcoin-Qt", "disk" : "Bitcoin-Core",
"window_bounds" : "300,300,800,620", "window_bounds" : "300,300,800,620",
"icon_size" : "96", "icon_size" : "96",
"background_commands" : "", "background_commands" : "",

4
doc/build-osx.md

@ -100,7 +100,7 @@ Creating a release build
------------------------ ------------------------
You can ignore this section if you are building `bitcoind` for your own use. You can ignore this section if you are building `bitcoind` for your own use.
bitcoind/bitcoin-cli binaries are not included in the Bitcoin-Qt.app bundle. bitcoind/bitcoin-cli binaries are not included in the Bitcoin-Core.app bundle.
If you are building `bitcoind` or `Bitcoin-Qt` for others, your build machine should be set up If you are building `bitcoind` or `Bitcoin-Qt` for others, your build machine should be set up
as follows for maximum compatibility: as follows for maximum compatibility:
@ -111,7 +111,7 @@ All dependencies should be compiled with these flags:
-arch x86_64 -arch x86_64
-isysroot $(xcode-select --print-path)/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.7.sdk -isysroot $(xcode-select --print-path)/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.7.sdk
Once dependencies are compiled, see [doc/release-process.md](release-process.md) for how the Bitcoin-Qt.app Once dependencies are compiled, see [doc/release-process.md](release-process.md) for how the Bitcoin-Core.app
bundle is packaged and signed to create the .dmg disk image that is distributed. bundle is packaged and signed to create the .dmg disk image that is distributed.
Running Running

4
share/certs/PrivateKeyNotes.md

@ -7,7 +7,7 @@ signing requests.
For OSX, the private key was generated by Keychain.app on Gavin's main work machine. For OSX, the private key was generated by Keychain.app on Gavin's main work machine.
The key and certificate is in a separate, passphrase-protected keychain file that is The key and certificate is in a separate, passphrase-protected keychain file that is
unlocked to sign the Bitcoin-Qt.app bundle. unlocked to sign the Bitcoin-Core.app bundle.
For Windows, the private key was generated by Firefox running on Gavin's main work machine. For Windows, the private key was generated by Firefox running on Gavin's main work machine.
The key and certificate were exported into a separate, passphrase-protected PKCS#12 file, and The key and certificate were exported into a separate, passphrase-protected PKCS#12 file, and
@ -17,7 +17,7 @@ Threat analysis
-- --
Gavin is a single point of failure. He could be coerced to divulge the secret signing keys, Gavin is a single point of failure. He could be coerced to divulge the secret signing keys,
allowing somebody to distribute a Bitcoin-Qt.app or bitcoin-qt-setup.exe with a valid allowing somebody to distribute a Bitcoin-Core.app or bitcoin-qt-setup.exe with a valid
signature but containing a malicious binary. signature but containing a malicious binary.
Or the machine Gavin uses to sign the binaries could be compromised, either remotely or Or the machine Gavin uses to sign the binaries could be compromised, either remotely or

Loading…
Cancel
Save