kvazar
/
kevacoin
mirror of https://github.com/kvazar-network/kevacoin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #6354 

6e849b8 Ideal release process for Windows detached signing (Micha)
a3ba9a5 gitian: make the windows signing process match OSX (Cory Fields)
0.13
Wladimir J. van der Laan 10 years ago
parent
0564c5b795 6e849b8309
commit
da77a6f761
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
3 changed files with 27 additions and 20 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      contrib/gitian-descriptors/gitian-win-signer.yml
  2. 7
      contrib/gitian-descriptors/gitian-win.yml
  3. 25
      doc/release-process.md

15
contrib/gitian-descriptors/gitian-win-signer.yml
Unescape View File

@ -14,21 +14,26 @@ remotes:
files: files:
- "osslsigncode-1.7.1.tar.gz" - "osslsigncode-1.7.1.tar.gz"
- "osslsigncode-Backports-to-1.7.1.patch" - "osslsigncode-Backports-to-1.7.1.patch"
- "bitcoin-win32-setup.exe" - "bitcoin-win-unsigned.tar.gz"
- "bitcoin-win64-setup.exe"
script: | script: |
BUILD_DIR=`pwd` BUILD_DIR=`pwd`
SIGDIR=${BUILD_DIR}/signature/win SIGDIR=${BUILD_DIR}/signature/win
UNSIGNED_DIR=${BUILD_DIR}/unsigned
echo "f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 osslsigncode-1.7.1.tar.gz" | sha256sum -c echo "f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 osslsigncode-1.7.1.tar.gz" | sha256sum -c
echo "a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 osslsigncode-Backports-to-1.7.1.patch" | sha256sum -c echo "a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 osslsigncode-Backports-to-1.7.1.patch" | sha256sum -c
mkdir -p ${UNSIGNED_DIR}
tar -C ${UNSIGNED_DIR} -xf bitcoin-win-unsigned.tar.gz
tar xf osslsigncode-1.7.1.tar.gz tar xf osslsigncode-1.7.1.tar.gz
cd osslsigncode-1.7.1 cd osslsigncode-1.7.1
patch -p1 < ${BUILD_DIR}/osslsigncode-Backports-to-1.7.1.patch patch -p1 < ${BUILD_DIR}/osslsigncode-Backports-to-1.7.1.patch
./configure --without-gsf --without-curl --disable-dependency-tracking ./configure --without-gsf --without-curl --disable-dependency-tracking
make make
find ${UNSIGNED_DIR} -name "*-unsigned.exe" | while read i; do
./osslsigncode attach-signature -in ${BUILD_DIR}/bitcoin-win32-setup.exe -out ${OUTDIR}/bitcoin-win32-setup-signed.exe -sigin ${SIGDIR}/bitcoin-win32-setup.exe.pem INFILE="`basename "${i}"`"
./osslsigncode attach-signature -in ${BUILD_DIR}/bitcoin-win64-setup.exe -out ${OUTDIR}/bitcoin-win64-setup-signed.exe -sigin ${SIGDIR}/bitcoin-win64-setup.exe.pem OUTFILE="`echo "${INFILE}" | sed s/-unsigned//`"
./osslsigncode attach-signature -in "${i}" -out "${OUTDIR}/${OUTFILE}" -sigin "${SIGDIR}/${INFILE}.pem"
done

7
contrib/gitian-descriptors/gitian-win.yml
Unescape View File

@ -84,6 +84,8 @@ script: |
pushd temp pushd temp
tar xf ../$SOURCEDIST tar xf ../$SOURCEDIST
find bitcoin-* | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ../$SOURCEDIST find bitcoin-* | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ../$SOURCEDIST
mkdir -p $OUTDIR/src
cp ../$SOURCEDIST $OUTDIR/src
popd popd
ORIGPATH="$PATH" ORIGPATH="$PATH"
@ -109,7 +111,8 @@ script: |
find ${DISTNAME} -type f | sort | zip -X@ ${OUTDIR}/${DISTNAME}-${i}.zip find ${DISTNAME} -type f | sort | zip -X@ ${OUTDIR}/${DISTNAME}-${i}.zip
cd ../.. cd ../..
done done
mkdir -p $OUTDIR/src cd $OUTDIR
mv $SOURCEDIST $OUTDIR/src rename 's/-setup\.exe$/-setup-unsigned.exe/' *-setup.exe
find . -name "*-setup-unsigned.exe" | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-win-unsigned.tar.gz
mv ${OUTDIR}/${DISTNAME}-x86_64-*.zip ${OUTDIR}/${DISTNAME}-win64.zip mv ${OUTDIR}/${DISTNAME}-x86_64-*.zip ${OUTDIR}/${DISTNAME}-win64.zip
mv ${OUTDIR}/${DISTNAME}-i686-*.zip ${OUTDIR}/${DISTNAME}-win32.zip mv ${OUTDIR}/${DISTNAME}-i686-*.zip ${OUTDIR}/${DISTNAME}-win32.zip

25
doc/release-process.md
Unescape View File

@ -25,7 +25,7 @@ Release Process
###update gitian ###update gitian
In order to take advantage of the new caching features in gitian, be sure to update to a recent version (e9741525c or higher is recommended) In order to take advantage of the new caching features in gitian, be sure to update to a recent version (`e9741525c` or later is recommended)
###perform gitian builds ###perform gitian builds
@ -66,22 +66,21 @@ Release Process
./bin/gsign --signer $SIGNER --release ${VERSION}-linux --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml ./bin/gsign --signer $SIGNER --release ${VERSION}-linux --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
mv build/out/bitcoin-*.tar.gz build/out/src/bitcoin-*.tar.gz ../ mv build/out/bitcoin-*.tar.gz build/out/src/bitcoin-*.tar.gz ../
./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win.yml ./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
./bin/gsign --signer $SIGNER --release ${VERSION}-win --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win.yml ./bin/gsign --signer $SIGNER --release ${VERSION}-win-unsigned --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
mv build/out/bitcoin-*.zip ../ mv build/out/bitcoin-*-win-unsigned.tar.gz inputs/bitcoin-win-unsigned.tar.gz
mv build/out/bitcoin-*-win64-setup.exe inputs/bitcoin-win64-setup.exe mv build/out/bitcoin-*.zip build/out/bitcoin-*.exe ../
mv build/out/bitcoin-*-win32-setup.exe inputs/bitcoin-win32-setup.exe
./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml ./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml
./bin/gsign --signer $SIGNER --release ${VERSION}-osx-unsigned --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml ./bin/gsign --signer $SIGNER --release ${VERSION}-osx-unsigned --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml
mv build/out/bitcoin-*-unsigned.tar.gz inputs/bitcoin-osx-unsigned.tar.gz mv build/out/bitcoin-*-osx-unsigned.tar.gz inputs/bitcoin-osx-unsigned.tar.gz
mv build/out/bitcoin-*.tar.gz build/out/bitcoin-*.dmg ../ mv build/out/bitcoin-*.tar.gz build/out/bitcoin-*.dmg ../
popd popd
Build output expected: Build output expected:
1. source tarball (bitcoin-${VERSION}.tar.gz) 1. source tarball (bitcoin-${VERSION}.tar.gz)
2. linux 32-bit and 64-bit binaries dist tarballs (bitcoin-${VERSION}-linux[32|64].tar.gz) 2. linux 32-bit and 64-bit dist tarballs (bitcoin-${VERSION}-linux[32|64].tar.gz)
3. windows 32-bit and 64-bit unsigned installers and dist zips (bitcoin-${VERSION}-win[32|64]-setup.exe, bitcoin-${VERSION}-win[32|64].zip) 3. windows 32-bit and 64-bit unsigned installers and dist zips (bitcoin-${VERSION}-win[32|64]-setup-unsigned.exe, bitcoin-${VERSION}-win[32|64].zip)
4. OSX unsigned installer (bitcoin-${VERSION}-osx-unsigned.dmg) 4. OSX unsigned installer and dist tarball (bitcoin-${VERSION}-osx-unsigned.dmg, bitcoin-${VERSION}-osx64.tar.gz)
5. Gitian signatures (in gitian.sigs/${VERSION}-<linux|win|osx-unsigned>/(your gitian key)/ 5. Gitian signatures (in gitian.sigs/${VERSION}-<linux|{win,osx}-unsigned>/(your gitian key)/
###Next steps: ###Next steps:
@ -89,7 +88,7 @@ Commit your signature to gitian.sigs:
pushd gitian.sigs pushd gitian.sigs
git add ${VERSION}-linux/${SIGNER} git add ${VERSION}-linux/${SIGNER}
git add ${VERSION}-win/${SIGNER} git add ${VERSION}-win-unsigned/${SIGNER}
git add ${VERSION}-osx-unsigned/${SIGNER} git add ${VERSION}-osx-unsigned/${SIGNER}
git commit -a git commit -a
git push # Assuming you can push to the gitian.sigs tree git push # Assuming you can push to the gitian.sigs tree
@ -112,8 +111,8 @@ Commit your signature to gitian.sigs:
pushd ./gitian-builder pushd ./gitian-builder
./bin/gbuild -i --commit signature=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml ./bin/gbuild -i --commit signature=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
./bin/gsign --signer $SIGNER --release ${VERSION}-win-signed --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml ./bin/gsign --signer $SIGNER --release ${VERSION}-win-signed --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
mv build/out/bitcoin-win64-setup-signed.exe ../bitcoin-${VERSION}-win64-setup.exe mv build/out/bitcoin-*win64-setup.exe ../bitcoin-${VERSION}-win64-setup.exe
mv build/out/bitcoin-win32-setup-signed.exe ../bitcoin-${VERSION}-win32-setup.exe mv build/out/bitcoin-*win32-setup.exe ../bitcoin-${VERSION}-win32-setup.exe
popd popd
Commit your signature for the signed OSX/Windows binaries: Commit your signature for the signed OSX/Windows binaries:

Write Preview
Loading…
Cancel
Save