To ensure that this is the correct chain, it is pulled from a previous release
binary.
Procedure:
$ osslsigncode extract-signature -pem -in bitcoin-0.13.2-win32-setup.exe \
-out bitcoin-0.13.2-win32-setup.exe.pem
$ openssl pkcs7 -print_certs -in bitcoin-0.13.2-win32-setup.exe.pem \
-out win-codesign.cert
Hand-edit to remove comments, as well as the timestamp cert.
Three categories of modifications:
1)
1 instance of 'The Bitcoin Core developers \n',
1 instance of 'the Bitcoin Core developers\n',
3 instances of 'Bitcoin Core Developers\n', and
12 instances of 'The Bitcoin developers\n'
are made uniform with the 443 instances of 'The Bitcoin Core developers\n'
2)
3 instances of 'BitPay, Inc\.\n' are made uniform with the other 6
instances of 'BitPay Inc\.\n'
3)
4 instances where there was no '(c)' between the 'Copyright' and the year
where it deviates from the style of the local directory.
The consistency is helpful for gauging Gitian build progress. Right now it's necessary to remember which platform builds in which order, which can be confusing if you're attempting to get a quick idea of how far along your builds are.
Three subcommands to this script:
1) ./copyright_header.py report
Examines git-tracked files with extensions that match:
INCLUDE = ['*.h', '*.cpp', '*.cc', '*.c', '*.py']
Helps to:
-> Identify source files without copyright
-> Identify source files added with something other than "The Bitcoin Core
developers" holder so we can be sure it is appropriate
-> Identify unintentional typos in the copyright line
2) ./copyright_header.py update
Replaces fix-copyright-headers.py. It does file editing in native python
rather than subprocessing out to perl as was the case with
fix-copyright-headers.py. It also shares code with the 'report' functions.
3) ./copyright_header.py insert
Inserts a copyright header into a source file with the proper format and
dates.
I've written a script that automates the setup and building of binaries with gitian. All of the commands are pulled from various documentation on gitian building.
C_INCLUDE_PATH and CPLUS_INCLUDE_PATH work globally as though -isystem was used
for each invocation.
Since that changes the build results, force a rebuild of x86 depends by adding
the value to $HOST_ID_SALT.
* separate completion for bitcoind and bitcoin-cli
* remove RPC support from bitcoind completion
* add completion for bitcoin-tx and bitcoin-qt
* rely on autoloading of completions
Now that the trusted root is past all commits signed by that key we don't need
it in the trusted-keys list, nor do we need to whitelist those commits in
allow-revsig-commits
- create a script to handle split debug. This will also eventually need to check
targets, and use dsymutil for osx.
- update config.guess/config.sub for bdb for aarch64.
- temporarily disable symbol checks for arm/aarch64
- quit renaming to linux32/linux64 and use the host directly
This also adds a hack to work around an Ubuntu bug in the gcc-multilib package:
https://bugs.launchpad.net/ubuntu/+source/gcc-defaults-armhf-cross/+bug/1347820
The problem is that gcc-multilib conflicts with the aarch toolchain.
gcc-multilib installs a symlink that points
/usr/include/asm -> /usr/include/x86_64-linux-gnu/asm.
Without this link, gcc -m32 can't find asm/errno.h (and others), since
/usr/include/x86_64-linux-gnu isn't in its default include path. But
/usr/include/i386-linux-gnu is (though it doesn't exist on disk).
So work around the problem by linking
/usr/include/i386-linux-gnu/asm -> /usr/include/x86_64-linux-gnu/asm.
The symlink fix is actually quite reasonable, but echoing the password into
sudo is nasty, and should probably be addressed in gitian itself. It makes more
sense to enable passwordless sudo for the build user by default.