2014-11-21 19:26:45 -05:00
|
|
|
---
|
|
|
|
name: "bitcoin-dmg-signer"
|
2019-03-14 20:16:50 +02:00
|
|
|
distro: "ubuntu"
|
2014-11-21 19:26:45 -05:00
|
|
|
suites:
|
2018-05-05 03:17:23 +00:00
|
|
|
- "bionic"
|
2014-11-21 19:26:45 -05:00
|
|
|
architectures:
|
2019-11-14 17:10:23 -05:00
|
|
|
- "amd64"
|
2014-11-21 19:26:45 -05:00
|
|
|
packages:
|
|
|
|
- "faketime"
|
build: Replace genisoimage with xorriso
xorriso and its mkisofs/genisoimage emulation alter-ego xorrisofs are
more maintained, and has the right toggles for us to achieve output
determinism without using blunt tools like faketime.
In this commit, we use xorrisofs from the build environment rather than
building it ourselves using depends. This is not necessary and can be
changed in the future.
From https://wiki.debian.org/genisoimage?action=recall&rev=11 :
> The classical command line interface for production of ISO 9660
> filesystem images is the option set established by program mkisofs.
> For reasons of licensing and other problems with its author, Debian
> ships a fork of mkisofs, called genisoimage, which was split off in
> 2006 and then developed independently.
>
> Meanwhile, genisoimage gets no new features and not even bug fixes. It
> is first choice only if its options -udf or -hfs are needed.
>
> Replacement in most uses cases, especially for bootable ISO 9660
> filesystems, archiving, and backup, is xorrisofs which starts the -as
> mkisofs emulation mode of program xorriso.
2020-02-15 20:38:18 +08:00
|
|
|
- "xorriso"
|
2021-01-07 13:23:52 -05:00
|
|
|
- "python3-pip"
|
2015-06-10 13:59:41 -04:00
|
|
|
remotes:
|
2016-04-29 23:17:18 +02:00
|
|
|
- "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git"
|
2015-06-10 13:59:41 -04:00
|
|
|
"dir": "signature"
|
2021-01-07 13:23:52 -05:00
|
|
|
- "url": "https://github.com/achow101/signapple.git"
|
|
|
|
"dir": "signapple"
|
|
|
|
"commit": "c7e73aa27a7615ac9506559173f787e2906b25eb"
|
2014-11-21 19:26:45 -05:00
|
|
|
files:
|
2014-12-30 02:36:58 -05:00
|
|
|
- "bitcoin-osx-unsigned.tar.gz"
|
2014-11-21 19:26:45 -05:00
|
|
|
script: |
|
2019-03-06 18:22:29 +01:00
|
|
|
set -e -o pipefail
|
|
|
|
|
2014-11-21 19:26:45 -05:00
|
|
|
WRAP_DIR=$HOME/wrapped
|
|
|
|
mkdir -p ${WRAP_DIR}
|
2019-11-03 21:57:11 +02:00
|
|
|
export PATH="$PWD":$PATH
|
build: Replace genisoimage with xorriso
xorriso and its mkisofs/genisoimage emulation alter-ego xorrisofs are
more maintained, and has the right toggles for us to achieve output
determinism without using blunt tools like faketime.
In this commit, we use xorrisofs from the build environment rather than
building it ourselves using depends. This is not necessary and can be
changed in the future.
From https://wiki.debian.org/genisoimage?action=recall&rev=11 :
> The classical command line interface for production of ISO 9660
> filesystem images is the option set established by program mkisofs.
> For reasons of licensing and other problems with its author, Debian
> ships a fork of mkisofs, called genisoimage, which was split off in
> 2006 and then developed independently.
>
> Meanwhile, genisoimage gets no new features and not even bug fixes. It
> is first choice only if its options -udf or -hfs are needed.
>
> Replacement in most uses cases, especially for bootable ISO 9660
> filesystems, archiving, and backup, is xorrisofs which starts the -as
> mkisofs emulation mode of program xorriso.
2020-02-15 20:38:18 +08:00
|
|
|
FAKETIME_PROGS="dmg xorrisofs"
|
2014-11-21 19:26:45 -05:00
|
|
|
|
|
|
|
# Create global faketime wrappers
|
|
|
|
for prog in ${FAKETIME_PROGS}; do
|
2018-06-20 12:54:54 +03:00
|
|
|
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog}
|
2014-11-21 19:26:45 -05:00
|
|
|
echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog}
|
2019-11-07 19:54:52 -05:00
|
|
|
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${prog}
|
2014-11-21 19:26:45 -05:00
|
|
|
echo "export FAKETIME=\"${REFERENCE_DATETIME}\"" >> ${WRAP_DIR}/${prog}
|
|
|
|
echo "\$REAL \$@" >> $WRAP_DIR/${prog}
|
|
|
|
chmod +x ${WRAP_DIR}/${prog}
|
|
|
|
done
|
|
|
|
|
2021-01-07 13:23:52 -05:00
|
|
|
# Install signapple
|
|
|
|
cd signapple
|
|
|
|
python3 -m pip install -U pip setuptools
|
|
|
|
python3 -m pip install .
|
|
|
|
export PATH="$HOME/.local/bin":$PATH
|
|
|
|
cd ..
|
|
|
|
|
2021-01-07 13:42:07 -05:00
|
|
|
UNSIGNED_TARBALL=bitcoin-osx-unsigned.tar.gz
|
|
|
|
UNSIGNED_APP=dist/Bitcoin-Qt.app
|
2014-12-30 02:36:58 -05:00
|
|
|
SIGNED=bitcoin-osx-signed.dmg
|
2014-11-21 19:26:45 -05:00
|
|
|
|
2021-01-07 13:42:07 -05:00
|
|
|
tar -xf ${UNSIGNED_TARBALL}
|
2015-12-10 21:49:27 +00:00
|
|
|
OSX_VOLNAME="$(cat osx_volname)"
|
2021-01-07 13:42:07 -05:00
|
|
|
./detached-sig-apply.sh ${UNSIGNED_APP} signature/osx/dist
|
build: Replace genisoimage with xorriso
xorriso and its mkisofs/genisoimage emulation alter-ego xorrisofs are
more maintained, and has the right toggles for us to achieve output
determinism without using blunt tools like faketime.
In this commit, we use xorrisofs from the build environment rather than
building it ourselves using depends. This is not necessary and can be
changed in the future.
From https://wiki.debian.org/genisoimage?action=recall&rev=11 :
> The classical command line interface for production of ISO 9660
> filesystem images is the option set established by program mkisofs.
> For reasons of licensing and other problems with its author, Debian
> ships a fork of mkisofs, called genisoimage, which was split off in
> 2006 and then developed independently.
>
> Meanwhile, genisoimage gets no new features and not even bug fixes. It
> is first choice only if its options -udf or -hfs are needed.
>
> Replacement in most uses cases, especially for bootable ISO 9660
> filesystems, archiving, and backup, is xorrisofs which starts the -as
> mkisofs emulation mode of program xorriso.
2020-02-15 20:38:18 +08:00
|
|
|
${WRAP_DIR}/xorrisofs -D -l -V "${OSX_VOLNAME}" -no-pad -r -dir-mode 0755 -o uncompressed.dmg signed-app
|
2014-11-21 19:26:45 -05:00
|
|
|
${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}
|