mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-25 02:33:24 -03:00
Merge bitcoin/bitcoin#22418: release: Remove gitian
ab9c34237a
release: remove gitian (fanquake) Pull request description: Note that this doesn't yet touch any glibc back compat related code. ACKs for top commit: laanwj: Code review ACKab9c34237a
Tree-SHA512: 8e2fe3ec1097f54bb11ab9136b43818d90eab5dbb0a663ad6a552966ada4bdb49cc12ff4e66f0ec0ec5400bda5c81f3a3ce70a9ebb6fe1e0db612da9f00a51a7
This commit is contained in:
commit
245462b66c
16 changed files with 10 additions and 894 deletions
|
@ -41,7 +41,6 @@
|
|||
/doc/dependencies.md @fanquake
|
||||
/doc/developer-notes.md @laanwj
|
||||
/doc/files.md @hebasto
|
||||
/doc/gitian-building.md @laanwj
|
||||
/doc/reduce-memory.md @fanquake
|
||||
/doc/reduce-traffic.md @jonasschnelli
|
||||
/doc/release-process.md @laanwj
|
||||
|
@ -77,8 +76,7 @@
|
|||
/contrib/devtools/test-security-check.py @fanquake
|
||||
/contrib/devtools/symbol-check.py @fanquake
|
||||
|
||||
# Gitian/Guix
|
||||
/contrib/gitian-build.py @hebasto
|
||||
# Guix
|
||||
/contrib/guix/ @dongcarl
|
||||
|
||||
# Compatibility
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
export LC_ALL=C.UTF-8
|
||||
|
||||
export CONTAINER_NAME=ci_macos_cross
|
||||
export DOCKER_NAME_TAG=ubuntu:20.04 # Check that Focal can cross-compile to macos (Focal is used in the gitian build as well)
|
||||
export DOCKER_NAME_TAG=ubuntu:20.04 # Check that Focal can cross-compile to macos
|
||||
export HOST=x86_64-apple-darwin18
|
||||
export PACKAGES="cmake imagemagick librsvg2-bin libz-dev libtiff-tools libtinfo5 python3-setuptools xorriso"
|
||||
export XCODE_VERSION=12.1
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
export LC_ALL=C.UTF-8
|
||||
|
||||
export CONTAINER_NAME=ci_win64
|
||||
export DOCKER_NAME_TAG=ubuntu:20.04 # Check that Focal can cross-compile to win64 (Focal is used in the gitian build as well)
|
||||
export DOCKER_NAME_TAG=ubuntu:20.04 # Check that Focal can cross-compile to win64
|
||||
export HOST=x86_64-w64-mingw32
|
||||
export DPKG_ADD_ARCH="i386"
|
||||
export PACKAGES="python3 nsis g++-mingw-w64-x86-64 wine-binfmt wine64 wine32 file"
|
||||
|
|
|
@ -26,18 +26,12 @@ The [Debian](/contrib/debian) subfolder contains the copyright file.
|
|||
|
||||
All other packaging related files can be found in the [bitcoin-core/packaging](https://github.com/bitcoin-core/packaging) repository.
|
||||
|
||||
### [Gitian-descriptors](/contrib/gitian-descriptors) ###
|
||||
Files used during the gitian build process. For more information about gitian, see the [the Bitcoin Core documentation repository](https://github.com/bitcoin-core/docs).
|
||||
|
||||
### [Builder keys](/contrib/builder-keys)
|
||||
PGP keys used for signing Bitcoin Core [release](/doc/release-process.md) results.
|
||||
|
||||
### [MacDeploy](/contrib/macdeploy) ###
|
||||
Scripts and notes for Mac builds.
|
||||
|
||||
### [Gitian-build](/contrib/gitian-build.py) ###
|
||||
Script for running full Gitian builds.
|
||||
|
||||
Test and Verify Tools
|
||||
---------------------
|
||||
|
||||
|
|
|
@ -98,7 +98,7 @@ Perform basic security checks on a series of executables.
|
|||
symbol-check.py
|
||||
===============
|
||||
|
||||
A script to check that the executables produced by gitian only contain
|
||||
A script to check that release executables only contain
|
||||
certain symbols and are only linked against allowed libraries.
|
||||
|
||||
For Linux this means checking for allowed gcc, glibc and libstdc++ version symbols.
|
||||
|
@ -106,9 +106,9 @@ This makes sure they are still compatible with the minimum supported distributio
|
|||
|
||||
For macOS and Windows we check that the executables are only linked against libraries we allow.
|
||||
|
||||
Example usage after a gitian build:
|
||||
Example usage:
|
||||
|
||||
find ../gitian-builder/build -type f -executable | xargs python3 contrib/devtools/symbol-check.py
|
||||
find ../path/to/executables -type f -executable | xargs python3 contrib/devtools/symbol-check.py
|
||||
|
||||
If no errors occur the return value will be 0 and the output will be empty.
|
||||
|
||||
|
|
|
@ -1,263 +0,0 @@
|
|||
#!/usr/bin/env python3
|
||||
# Copyright (c) 2018-2020 The Bitcoin Core developers
|
||||
# Distributed under the MIT software license, see the accompanying
|
||||
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
import argparse
|
||||
import os
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
def setup():
|
||||
global args, workdir
|
||||
programs = ['ruby', 'git', 'make', 'wget', 'curl']
|
||||
if args.kvm:
|
||||
programs += ['apt-cacher-ng', 'python-vm-builder', 'qemu-kvm', 'qemu-utils']
|
||||
elif args.docker:
|
||||
if not os.path.isfile('/lib/systemd/system/docker.service'):
|
||||
dockers = ['docker.io', 'docker-ce']
|
||||
for i in dockers:
|
||||
return_code = subprocess.call(['sudo', 'apt-get', 'install', '-qq', i])
|
||||
if return_code == 0:
|
||||
break
|
||||
if return_code != 0:
|
||||
print('Cannot find any way to install Docker.', file=sys.stderr)
|
||||
sys.exit(1)
|
||||
else:
|
||||
programs += ['apt-cacher-ng', 'lxc', 'debootstrap']
|
||||
subprocess.check_call(['sudo', 'apt-get', 'install', '-qq'] + programs)
|
||||
if not os.path.isdir('gitian.sigs'):
|
||||
subprocess.check_call(['git', 'clone', 'https://github.com/bitcoin-core/gitian.sigs.git'])
|
||||
if not os.path.isdir('bitcoin-detached-sigs'):
|
||||
subprocess.check_call(['git', 'clone', 'https://github.com/bitcoin-core/bitcoin-detached-sigs.git'])
|
||||
if not os.path.isdir('gitian-builder'):
|
||||
subprocess.check_call(['git', 'clone', 'https://github.com/devrandom/gitian-builder.git'])
|
||||
if not os.path.isdir('bitcoin'):
|
||||
subprocess.check_call(['git', 'clone', 'https://github.com/bitcoin/bitcoin.git'])
|
||||
os.chdir('gitian-builder')
|
||||
make_image_prog = ['bin/make-base-vm', '--suite', 'focal', '--arch', 'amd64']
|
||||
if args.docker:
|
||||
make_image_prog += ['--docker']
|
||||
elif not args.kvm:
|
||||
make_image_prog += ['--lxc', '--disksize', '13000']
|
||||
subprocess.check_call(make_image_prog)
|
||||
os.chdir(workdir)
|
||||
if args.is_focal and not args.kvm and not args.docker:
|
||||
subprocess.check_call(['sudo', 'sed', '-i', 's/lxcbr0/br0/', '/etc/default/lxc-net'])
|
||||
print('Reboot is required')
|
||||
sys.exit(0)
|
||||
|
||||
def build():
|
||||
global args, workdir
|
||||
|
||||
os.makedirs('bitcoin-binaries/' + args.version, exist_ok=True)
|
||||
print('\nBuilding Dependencies\n')
|
||||
os.chdir('gitian-builder')
|
||||
os.makedirs('inputs', exist_ok=True)
|
||||
|
||||
subprocess.check_call(['wget', '-O', 'inputs/osslsigncode-2.0.tar.gz', 'https://github.com/mtrojnar/osslsigncode/archive/2.0.tar.gz'])
|
||||
subprocess.check_call(["echo '5a60e0a4b3e0b4d655317b2f12a810211c50242138322b16e7e01c6fbb89d92f inputs/osslsigncode-2.0.tar.gz' | sha256sum -c"], shell=True)
|
||||
subprocess.check_call(['make', '-C', '../bitcoin/depends', 'download', 'SOURCES_PATH=' + os.getcwd() + '/cache/common'])
|
||||
|
||||
if args.linux:
|
||||
print('\nCompiling ' + args.version + ' Linux')
|
||||
subprocess.check_call(['bin/gbuild', '-j', args.jobs, '-m', args.memory, '--commit', 'bitcoin='+args.commit, '--url', 'bitcoin='+args.url, '../bitcoin/contrib/gitian-descriptors/gitian-linux.yml'])
|
||||
subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version+'-linux', '--destination', '../gitian.sigs/', '../bitcoin/contrib/gitian-descriptors/gitian-linux.yml'])
|
||||
subprocess.check_call('mv build/out/bitcoin-*.tar.gz build/out/src/bitcoin-*.tar.gz ../bitcoin-binaries/'+args.version, shell=True)
|
||||
|
||||
if args.windows:
|
||||
print('\nCompiling ' + args.version + ' Windows')
|
||||
subprocess.check_call(['bin/gbuild', '-j', args.jobs, '-m', args.memory, '--commit', 'bitcoin='+args.commit, '--url', 'bitcoin='+args.url, '../bitcoin/contrib/gitian-descriptors/gitian-win.yml'])
|
||||
subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version+'-win-unsigned', '--destination', '../gitian.sigs/', '../bitcoin/contrib/gitian-descriptors/gitian-win.yml'])
|
||||
subprocess.check_call('mv build/out/bitcoin-*-win-unsigned.tar.gz inputs/', shell=True)
|
||||
subprocess.check_call('mv build/out/bitcoin-*.zip build/out/bitcoin-*.exe build/out/src/bitcoin-*.tar.gz ../bitcoin-binaries/'+args.version, shell=True)
|
||||
|
||||
if args.macos:
|
||||
print('\nCompiling ' + args.version + ' MacOS')
|
||||
subprocess.check_call(['bin/gbuild', '-j', args.jobs, '-m', args.memory, '--commit', 'bitcoin='+args.commit, '--url', 'bitcoin='+args.url, '../bitcoin/contrib/gitian-descriptors/gitian-osx.yml'])
|
||||
subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version+'-osx-unsigned', '--destination', '../gitian.sigs/', '../bitcoin/contrib/gitian-descriptors/gitian-osx.yml'])
|
||||
subprocess.check_call('mv build/out/bitcoin-*-osx-unsigned.tar.gz inputs/', shell=True)
|
||||
subprocess.check_call('mv build/out/bitcoin-*.tar.gz build/out/bitcoin-*.dmg build/out/src/bitcoin-*.tar.gz ../bitcoin-binaries/'+args.version, shell=True)
|
||||
|
||||
os.chdir(workdir)
|
||||
|
||||
if args.commit_files:
|
||||
print('\nCommitting '+args.version+' Unsigned Sigs\n')
|
||||
os.chdir('gitian.sigs')
|
||||
subprocess.check_call(['git', 'add', args.version+'-linux/'+args.signer])
|
||||
subprocess.check_call(['git', 'add', args.version+'-win-unsigned/'+args.signer])
|
||||
subprocess.check_call(['git', 'add', args.version+'-osx-unsigned/'+args.signer])
|
||||
subprocess.check_call(['git', 'commit', '-m', 'Add '+args.version+' unsigned sigs for '+args.signer])
|
||||
os.chdir(workdir)
|
||||
|
||||
def sign():
|
||||
global args, workdir
|
||||
os.chdir('gitian-builder')
|
||||
|
||||
if args.windows:
|
||||
print('\nSigning ' + args.version + ' Windows')
|
||||
subprocess.check_call('cp inputs/bitcoin-' + args.version + '-win-unsigned.tar.gz inputs/bitcoin-win-unsigned.tar.gz', shell=True)
|
||||
subprocess.check_call(['bin/gbuild', '--skip-image', '--upgrade', '--commit', 'signature='+args.commit, '../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml'])
|
||||
subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version+'-win-signed', '--destination', '../gitian.sigs/', '../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml'])
|
||||
subprocess.check_call('mv build/out/bitcoin-*win64-setup.exe ../bitcoin-binaries/'+args.version, shell=True)
|
||||
|
||||
if args.macos:
|
||||
print('\nSigning ' + args.version + ' MacOS')
|
||||
subprocess.check_call('cp inputs/bitcoin-' + args.version + '-osx-unsigned.tar.gz inputs/bitcoin-osx-unsigned.tar.gz', shell=True)
|
||||
subprocess.check_call(['bin/gbuild', '--skip-image', '--upgrade', '--commit', 'signature='+args.commit, '../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml'])
|
||||
subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version+'-osx-signed', '--destination', '../gitian.sigs/', '../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml'])
|
||||
subprocess.check_call('mv build/out/bitcoin-osx-signed.dmg ../bitcoin-binaries/'+args.version+'/bitcoin-'+args.version+'-osx.dmg', shell=True)
|
||||
|
||||
os.chdir(workdir)
|
||||
|
||||
if args.commit_files:
|
||||
print('\nCommitting '+args.version+' Signed Sigs\n')
|
||||
os.chdir('gitian.sigs')
|
||||
subprocess.check_call(['git', 'add', args.version+'-win-signed/'+args.signer])
|
||||
subprocess.check_call(['git', 'add', args.version+'-osx-signed/'+args.signer])
|
||||
subprocess.check_call(['git', 'commit', '-a', '-m', 'Add '+args.version+' signed binary sigs for '+args.signer])
|
||||
os.chdir(workdir)
|
||||
|
||||
def verify():
|
||||
global args, workdir
|
||||
rc = 0
|
||||
os.chdir('gitian-builder')
|
||||
|
||||
print('\nVerifying v'+args.version+' Linux\n')
|
||||
if subprocess.call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-linux', '../bitcoin/contrib/gitian-descriptors/gitian-linux.yml']):
|
||||
print('Verifying v'+args.version+' Linux FAILED\n')
|
||||
rc = 1
|
||||
|
||||
print('\nVerifying v'+args.version+' Windows\n')
|
||||
if subprocess.call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-win-unsigned', '../bitcoin/contrib/gitian-descriptors/gitian-win.yml']):
|
||||
print('Verifying v'+args.version+' Windows FAILED\n')
|
||||
rc = 1
|
||||
|
||||
print('\nVerifying v'+args.version+' MacOS\n')
|
||||
if subprocess.call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-osx-unsigned', '../bitcoin/contrib/gitian-descriptors/gitian-osx.yml']):
|
||||
print('Verifying v'+args.version+' MacOS FAILED\n')
|
||||
rc = 1
|
||||
|
||||
print('\nVerifying v'+args.version+' Signed Windows\n')
|
||||
if subprocess.call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-win-signed', '../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml']):
|
||||
print('Verifying v'+args.version+' Signed Windows FAILED\n')
|
||||
rc = 1
|
||||
|
||||
print('\nVerifying v'+args.version+' Signed MacOS\n')
|
||||
if subprocess.call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-osx-signed', '../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml']):
|
||||
print('Verifying v'+args.version+' Signed MacOS FAILED\n')
|
||||
rc = 1
|
||||
|
||||
os.chdir(workdir)
|
||||
return rc
|
||||
|
||||
def main():
|
||||
global args, workdir
|
||||
|
||||
parser = argparse.ArgumentParser(description='Script for running full Gitian builds.')
|
||||
parser.add_argument('-c', '--commit', action='store_true', dest='commit', help='Indicate that the version argument is for a commit or branch')
|
||||
parser.add_argument('-p', '--pull', action='store_true', dest='pull', help='Indicate that the version argument is the number of a github repository pull request')
|
||||
parser.add_argument('-u', '--url', dest='url', default='https://github.com/bitcoin/bitcoin', help='Specify the URL of the repository. Default is %(default)s')
|
||||
parser.add_argument('-v', '--verify', action='store_true', dest='verify', help='Verify the Gitian build')
|
||||
parser.add_argument('-b', '--build', action='store_true', dest='build', help='Do a Gitian build')
|
||||
parser.add_argument('-s', '--sign', action='store_true', dest='sign', help='Make signed binaries for Windows and MacOS')
|
||||
parser.add_argument('-B', '--buildsign', action='store_true', dest='buildsign', help='Build both signed and unsigned binaries')
|
||||
parser.add_argument('-o', '--os', dest='os', default='lwm', help='Specify which Operating Systems the build is for. Default is %(default)s. l for Linux, w for Windows, m for MacOS')
|
||||
parser.add_argument('-j', '--jobs', dest='jobs', default='2', help='Number of processes to use. Default %(default)s')
|
||||
parser.add_argument('-m', '--memory', dest='memory', default='2000', help='Memory to allocate in MiB. Default %(default)s')
|
||||
parser.add_argument('-k', '--kvm', action='store_true', dest='kvm', help='Use KVM instead of LXC')
|
||||
parser.add_argument('-d', '--docker', action='store_true', dest='docker', help='Use Docker instead of LXC')
|
||||
parser.add_argument('-S', '--setup', action='store_true', dest='setup', help='Set up the Gitian building environment. Only works on Debian-based systems (Ubuntu, Debian)')
|
||||
parser.add_argument('-D', '--detach-sign', action='store_true', dest='detach_sign', help='Create the assert file for detached signing. Will not commit anything.')
|
||||
parser.add_argument('-n', '--no-commit', action='store_false', dest='commit_files', help='Do not commit anything to git')
|
||||
parser.add_argument('signer', nargs='?', help='GPG signer to sign each build assert file')
|
||||
parser.add_argument('version', nargs='?', help='Version number, commit, or branch to build. If building a commit or branch, the -c option must be specified')
|
||||
|
||||
args = parser.parse_args()
|
||||
workdir = os.getcwd()
|
||||
|
||||
args.is_focal = b'focal' in subprocess.check_output(['lsb_release', '-cs'])
|
||||
|
||||
if args.kvm and args.docker:
|
||||
raise Exception('Error: cannot have both kvm and docker')
|
||||
|
||||
# Ensure no more than one environment variable for gitian-builder (USE_LXC, USE_VBOX, USE_DOCKER) is set as they
|
||||
# can interfere (e.g., USE_LXC being set shadows USE_DOCKER; for details see gitian-builder/libexec/make-clean-vm).
|
||||
os.environ['USE_LXC'] = ''
|
||||
os.environ['USE_VBOX'] = ''
|
||||
os.environ['USE_DOCKER'] = ''
|
||||
if args.docker:
|
||||
os.environ['USE_DOCKER'] = '1'
|
||||
elif not args.kvm:
|
||||
os.environ['USE_LXC'] = '1'
|
||||
if 'GITIAN_HOST_IP' not in os.environ.keys():
|
||||
os.environ['GITIAN_HOST_IP'] = '10.0.3.1'
|
||||
if 'LXC_GUEST_IP' not in os.environ.keys():
|
||||
os.environ['LXC_GUEST_IP'] = '10.0.3.5'
|
||||
|
||||
if args.setup:
|
||||
setup()
|
||||
|
||||
if args.buildsign:
|
||||
args.build = True
|
||||
args.sign = True
|
||||
|
||||
if not args.build and not args.sign and not args.verify:
|
||||
sys.exit(0)
|
||||
|
||||
args.linux = 'l' in args.os
|
||||
args.windows = 'w' in args.os
|
||||
args.macos = 'm' in args.os
|
||||
|
||||
# Disable for MacOS if no SDK found
|
||||
if args.macos and not os.path.isfile('gitian-builder/inputs/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz'):
|
||||
print('Cannot build for MacOS, SDK does not exist. Will build for other OSes')
|
||||
args.macos = False
|
||||
|
||||
args.sign_prog = 'true' if args.detach_sign else 'gpg --detach-sign'
|
||||
|
||||
script_name = os.path.basename(sys.argv[0])
|
||||
if not args.signer:
|
||||
print(script_name+': Missing signer')
|
||||
print('Try '+script_name+' --help for more information')
|
||||
sys.exit(1)
|
||||
if not args.version:
|
||||
print(script_name+': Missing version')
|
||||
print('Try '+script_name+' --help for more information')
|
||||
sys.exit(1)
|
||||
|
||||
# Add leading 'v' for tags
|
||||
if args.commit and args.pull:
|
||||
raise Exception('Cannot have both commit and pull')
|
||||
args.commit = ('' if args.commit else 'v') + args.version
|
||||
|
||||
os.chdir('bitcoin')
|
||||
if args.pull:
|
||||
subprocess.check_call(['git', 'fetch', args.url, 'refs/pull/'+args.version+'/merge'])
|
||||
os.chdir('../gitian-builder/inputs/bitcoin')
|
||||
subprocess.check_call(['git', 'fetch', args.url, 'refs/pull/'+args.version+'/merge'])
|
||||
args.commit = subprocess.check_output(['git', 'show', '-s', '--format=%H', 'FETCH_HEAD'], universal_newlines=True, encoding='utf8').strip()
|
||||
args.version = 'pull-' + args.version
|
||||
print(args.commit)
|
||||
subprocess.check_call(['git', 'fetch'])
|
||||
subprocess.check_call(['git', 'checkout', args.commit])
|
||||
os.chdir(workdir)
|
||||
|
||||
os.chdir('gitian-builder')
|
||||
subprocess.check_call(['git', 'pull'])
|
||||
os.chdir(workdir)
|
||||
|
||||
if args.build:
|
||||
build()
|
||||
|
||||
if args.sign:
|
||||
sign()
|
||||
|
||||
if args.verify:
|
||||
os.chdir('gitian.sigs')
|
||||
subprocess.check_call(['git', 'pull'])
|
||||
os.chdir(workdir)
|
||||
sys.exit(verify())
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -1,12 +0,0 @@
|
|||
# Copyright (c) 2020 The Bitcoin Core developers
|
||||
# Distributed under the MIT software license, see the accompanying
|
||||
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
#
|
||||
# A helper script to be sourced into the gitian descriptors
|
||||
|
||||
if RECENT_TAG="$(git describe --exact-match HEAD 2> /dev/null)"; then
|
||||
VERSION="${RECENT_TAG#v}"
|
||||
else
|
||||
VERSION="$(git rev-parse --short=12 HEAD)"
|
||||
fi
|
||||
DISTNAME="bitcoin-${VERSION}"
|
|
@ -1,167 +0,0 @@
|
|||
---
|
||||
name: "bitcoin-core-linux-22"
|
||||
enable_cache: true
|
||||
distro: "ubuntu"
|
||||
suites:
|
||||
- "focal"
|
||||
architectures:
|
||||
- "amd64"
|
||||
packages:
|
||||
# Common dependencies.
|
||||
- "autoconf"
|
||||
- "automake"
|
||||
- "binutils"
|
||||
- "bison"
|
||||
- "bsdmainutils"
|
||||
- "ca-certificates"
|
||||
- "curl"
|
||||
- "faketime"
|
||||
- "g++-8"
|
||||
- "gcc-8"
|
||||
- "git"
|
||||
- "libtool"
|
||||
- "patch"
|
||||
- "pkg-config"
|
||||
- "python3"
|
||||
- "python3-pip"
|
||||
# Cross compilation HOSTS:
|
||||
# - arm-linux-gnueabihf
|
||||
- "binutils-arm-linux-gnueabihf"
|
||||
- "g++-8-arm-linux-gnueabihf"
|
||||
# - aarch64-linux-gnu
|
||||
- "binutils-aarch64-linux-gnu"
|
||||
- "g++-8-aarch64-linux-gnu"
|
||||
# - powerpc64-linux-gnu
|
||||
- "binutils-powerpc64-linux-gnu"
|
||||
- "g++-8-powerpc64-linux-gnu"
|
||||
# - powerpc64le-linux-gnu
|
||||
- "binutils-powerpc64le-linux-gnu"
|
||||
- "g++-8-powerpc64le-linux-gnu"
|
||||
# - riscv64-linux-gnu
|
||||
- "binutils-riscv64-linux-gnu"
|
||||
- "g++-8-riscv64-linux-gnu"
|
||||
remotes:
|
||||
- "url": "https://github.com/bitcoin/bitcoin.git"
|
||||
"dir": "bitcoin"
|
||||
files: []
|
||||
script: |
|
||||
set -e -o pipefail
|
||||
|
||||
WRAP_DIR=$HOME/wrapped
|
||||
HOSTS="x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu powerpc64-linux-gnu powerpc64le-linux-gnu riscv64-linux-gnu"
|
||||
CONFIGFLAGS="--enable-glibc-back-compat --enable-reduce-exports --disable-bench --disable-gui-tests --disable-fuzz-binary"
|
||||
FAKETIME_HOST_PROGS="gcc g++"
|
||||
FAKETIME_PROGS="date ar ranlib nm"
|
||||
HOST_CFLAGS="-O2 -g"
|
||||
HOST_CXXFLAGS="-O2 -g"
|
||||
HOST_LDFLAGS_BASE="-static-libstdc++ -Wl,-O2"
|
||||
|
||||
export TZ="UTC"
|
||||
export BUILD_DIR="$PWD"
|
||||
mkdir -p ${WRAP_DIR}
|
||||
if test -n "$GBUILD_CACHE_ENABLED"; then
|
||||
export SOURCES_PATH=${GBUILD_COMMON_CACHE}
|
||||
export BASE_CACHE=${GBUILD_PACKAGE_CACHE}
|
||||
mkdir -p ${BASE_CACHE} ${SOURCES_PATH}
|
||||
fi
|
||||
|
||||
# Use $LIB in LD_PRELOAD to avoid hardcoding the dir (See `man ld.so`)
|
||||
function create_global_faketime_wrappers {
|
||||
for prog in ${FAKETIME_PROGS}; do
|
||||
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog}
|
||||
echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog}
|
||||
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${prog}
|
||||
echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${prog}
|
||||
echo "exec \"\$REAL\" \"\$@\"" >> $WRAP_DIR/${prog}
|
||||
chmod +x ${WRAP_DIR}/${prog}
|
||||
done
|
||||
}
|
||||
|
||||
function create_per-host_faketime_wrappers {
|
||||
for i in $HOSTS; do
|
||||
for prog in ${FAKETIME_HOST_PROGS}; do
|
||||
if which ${i}-${prog}-8
|
||||
then
|
||||
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${i}-${prog}
|
||||
echo "REAL=\`which -a ${i}-${prog}-8 | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog}
|
||||
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${i}-${prog}
|
||||
echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${i}-${prog}
|
||||
if [ "${i:0:11}" = "powerpc64le" ]; then
|
||||
echo "exec \"\$REAL\" -mcpu=power8 -mtune=power9 \"\$@\"" >> $WRAP_DIR/${i}-${prog}
|
||||
elif [ "${i:0:9}" = "powerpc64" ]; then
|
||||
echo "exec \"\$REAL\" -mcpu=970 -mtune=power9 \"\$@\"" >> $WRAP_DIR/${i}-${prog}
|
||||
else
|
||||
echo "exec \"\$REAL\" \"\$@\"" >> $WRAP_DIR/${i}-${prog}
|
||||
fi
|
||||
chmod +x ${WRAP_DIR}/${i}-${prog}
|
||||
fi
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
pip3 install lief==0.11.5
|
||||
|
||||
# Faketime for depends so intermediate results are comparable
|
||||
export PATH_orig=${PATH}
|
||||
create_global_faketime_wrappers "2000-01-01 12:00:00"
|
||||
create_per-host_faketime_wrappers "2000-01-01 12:00:00"
|
||||
export PATH=${WRAP_DIR}:${PATH}
|
||||
|
||||
cd bitcoin
|
||||
BASEPREFIX="${PWD}/depends"
|
||||
# Build dependencies for each host
|
||||
for i in $HOSTS; do
|
||||
make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}" CC=${i}-gcc-8 CXX=${i}-g++-8
|
||||
done
|
||||
|
||||
# Faketime for binaries
|
||||
export PATH=${PATH_orig}
|
||||
create_global_faketime_wrappers "${REFERENCE_DATETIME}"
|
||||
create_per-host_faketime_wrappers "${REFERENCE_DATETIME}"
|
||||
export PATH=${WRAP_DIR}:${PATH}
|
||||
|
||||
# Define DISTNAME variable.
|
||||
# shellcheck source=contrib/gitian-descriptors/assign_DISTNAME
|
||||
source contrib/gitian-descriptors/assign_DISTNAME
|
||||
|
||||
GIT_ARCHIVE="${OUTDIR}/src/${DISTNAME}.tar.gz"
|
||||
|
||||
# Create the source tarball
|
||||
mkdir -p "$(dirname "$GIT_ARCHIVE")"
|
||||
git archive --prefix="${DISTNAME}/" --output="$GIT_ARCHIVE" HEAD
|
||||
|
||||
ORIGPATH="$PATH"
|
||||
# Extract the git archive into a dir for each host and build
|
||||
for i in ${HOSTS}; do
|
||||
export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH}
|
||||
if [ "${i}" = "powerpc64-linux-gnu" ]; then
|
||||
# Workaround for https://bugs.launchpad.net/ubuntu/+source/gcc-8-cross-ports/+bug/1853740
|
||||
# TODO: remove this when no longer needed
|
||||
HOST_LDFLAGS="${HOST_LDFLAGS_BASE} -Wl,-z,noexecstack"
|
||||
else
|
||||
HOST_LDFLAGS="${HOST_LDFLAGS_BASE}"
|
||||
fi
|
||||
mkdir -p distsrc-${i}
|
||||
cd distsrc-${i}
|
||||
INSTALLPATH="${PWD}/installed/${DISTNAME}"
|
||||
mkdir -p ${INSTALLPATH}
|
||||
tar --strip-components=1 -xf "${GIT_ARCHIVE}"
|
||||
|
||||
./autogen.sh
|
||||
CONFIG_SITE=${BASEPREFIX}/${i}/share/config.site ./configure --prefix=/ --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} CFLAGS="${HOST_CFLAGS}" CXXFLAGS="${HOST_CXXFLAGS}" LDFLAGS="${HOST_LDFLAGS}" CC=${i}-gcc-8 CXX=${i}-g++-8
|
||||
make ${MAKEOPTS}
|
||||
make ${MAKEOPTS} -C src check-security
|
||||
make ${MAKEOPTS} -C src check-symbols
|
||||
make install DESTDIR=${INSTALLPATH}
|
||||
cd installed
|
||||
find . -name "lib*.la" -delete
|
||||
find . -name "lib*.a" -delete
|
||||
rm -rf ${DISTNAME}/lib/pkgconfig
|
||||
find ${DISTNAME}/bin -type f -executable -print0 | xargs -0 -n1 -I{} ../contrib/devtools/split-debug.sh {} {} {}.dbg
|
||||
find ${DISTNAME}/lib -type f -print0 | xargs -0 -n1 -I{} ../contrib/devtools/split-debug.sh {} {} {}.dbg
|
||||
cp ../README.md ${DISTNAME}/
|
||||
find ${DISTNAME} -not -name "*.dbg" | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}.tar.gz
|
||||
find ${DISTNAME} -name "*.dbg" | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}-debug.tar.gz
|
||||
cd ../../
|
||||
rm -rf distsrc-${i}
|
||||
done
|
|
@ -1,53 +0,0 @@
|
|||
---
|
||||
name: "bitcoin-dmg-signer"
|
||||
distro: "ubuntu"
|
||||
suites:
|
||||
- "focal"
|
||||
architectures:
|
||||
- "amd64"
|
||||
packages:
|
||||
- "faketime"
|
||||
- "xorriso"
|
||||
- "python3-pip"
|
||||
remotes:
|
||||
- "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git"
|
||||
"dir": "signature"
|
||||
- "url": "https://github.com/achow101/signapple.git"
|
||||
"dir": "signapple"
|
||||
"commit": "b084cbbf44d5330448ffce0c7d118f75781b64bd"
|
||||
files:
|
||||
- "bitcoin-osx-unsigned.tar.gz"
|
||||
script: |
|
||||
set -e -o pipefail
|
||||
|
||||
WRAP_DIR=$HOME/wrapped
|
||||
mkdir -p ${WRAP_DIR}
|
||||
export PATH="$PWD":$PATH
|
||||
FAKETIME_PROGS="dmg xorrisofs"
|
||||
|
||||
# Create global faketime wrappers
|
||||
for prog in ${FAKETIME_PROGS}; do
|
||||
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog}
|
||||
echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog}
|
||||
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${prog}
|
||||
echo "export FAKETIME=\"${REFERENCE_DATETIME}\"" >> ${WRAP_DIR}/${prog}
|
||||
echo "exec \"\$REAL\" \"\$@\"" >> $WRAP_DIR/${prog}
|
||||
chmod +x ${WRAP_DIR}/${prog}
|
||||
done
|
||||
|
||||
# Install signapple
|
||||
cd signapple
|
||||
python3 -m pip install -U pip setuptools
|
||||
python3 -m pip install .
|
||||
export PATH="$HOME/.local/bin":$PATH
|
||||
cd ..
|
||||
|
||||
UNSIGNED_TARBALL=bitcoin-osx-unsigned.tar.gz
|
||||
UNSIGNED_APP=dist/Bitcoin-Qt.app
|
||||
SIGNED=bitcoin-osx-signed.dmg
|
||||
|
||||
tar -xf ${UNSIGNED_TARBALL}
|
||||
OSX_VOLNAME="$(cat osx_volname)"
|
||||
./detached-sig-apply.sh ${UNSIGNED_APP} signature/osx/dist
|
||||
${WRAP_DIR}/xorrisofs -D -l -V "${OSX_VOLNAME}" -no-pad -r -dir-mode 0755 -o uncompressed.dmg signed-app
|
||||
${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}
|
|
@ -1,155 +0,0 @@
|
|||
---
|
||||
name: "bitcoin-core-osx-22"
|
||||
enable_cache: true
|
||||
distro: "ubuntu"
|
||||
suites:
|
||||
- "focal"
|
||||
architectures:
|
||||
- "amd64"
|
||||
packages:
|
||||
- "ca-certificates"
|
||||
- "curl"
|
||||
- "g++"
|
||||
- "git"
|
||||
- "pkg-config"
|
||||
- "autoconf"
|
||||
- "librsvg2-bin"
|
||||
- "libtiff-tools"
|
||||
- "libtool"
|
||||
- "automake"
|
||||
- "faketime"
|
||||
- "bsdmainutils"
|
||||
- "cmake"
|
||||
- "imagemagick"
|
||||
- "libz-dev"
|
||||
- "python3"
|
||||
- "python3-pip"
|
||||
- "python3-setuptools"
|
||||
- "fonts-tuffy"
|
||||
- "xorriso"
|
||||
- "libtinfo5"
|
||||
remotes:
|
||||
- "url": "https://github.com/bitcoin/bitcoin.git"
|
||||
"dir": "bitcoin"
|
||||
files:
|
||||
- "Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz"
|
||||
script: |
|
||||
set -e -o pipefail
|
||||
|
||||
WRAP_DIR=$HOME/wrapped
|
||||
HOSTS="x86_64-apple-darwin18"
|
||||
CONFIGFLAGS="--enable-reduce-exports --disable-bench --disable-gui-tests --disable-fuzz-binary XORRISOFS=${WRAP_DIR}/xorrisofs DMG=${WRAP_DIR}/dmg"
|
||||
FAKETIME_HOST_PROGS=""
|
||||
FAKETIME_PROGS="ar ranlib date dmg xorrisofs"
|
||||
|
||||
export TZ="UTC"
|
||||
export BUILD_DIR="$PWD"
|
||||
mkdir -p ${WRAP_DIR}
|
||||
if test -n "$GBUILD_CACHE_ENABLED"; then
|
||||
export SOURCES_PATH=${GBUILD_COMMON_CACHE}
|
||||
export BASE_CACHE=${GBUILD_PACKAGE_CACHE}
|
||||
mkdir -p ${BASE_CACHE} ${SOURCES_PATH}
|
||||
fi
|
||||
|
||||
export ZERO_AR_DATE=1
|
||||
|
||||
# Use $LIB in LD_PRELOAD to avoid hardcoding the dir (See `man ld.so`)
|
||||
function create_global_faketime_wrappers {
|
||||
for prog in ${FAKETIME_PROGS}; do
|
||||
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog}
|
||||
echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog}
|
||||
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${prog}
|
||||
echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${prog}
|
||||
echo "exec \"\$REAL\" \"\$@\"" >> $WRAP_DIR/${prog}
|
||||
chmod +x ${WRAP_DIR}/${prog}
|
||||
done
|
||||
}
|
||||
|
||||
function create_per-host_faketime_wrappers {
|
||||
for i in $HOSTS; do
|
||||
for prog in ${FAKETIME_HOST_PROGS}; do
|
||||
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${i}-${prog}
|
||||
echo "REAL=\`which -a ${i}-${prog} | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog}
|
||||
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${i}-${prog}
|
||||
echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${i}-${prog}
|
||||
echo "exec \"\$REAL\" \"\$@\"" >> $WRAP_DIR/${i}-${prog}
|
||||
chmod +x ${WRAP_DIR}/${i}-${prog}
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
pip3 install lief==0.11.5
|
||||
|
||||
# Faketime for depends so intermediate results are comparable
|
||||
export PATH_orig=${PATH}
|
||||
create_global_faketime_wrappers "2000-01-01 12:00:00"
|
||||
create_per-host_faketime_wrappers "2000-01-01 12:00:00"
|
||||
export PATH=${WRAP_DIR}:${PATH}
|
||||
|
||||
cd bitcoin
|
||||
BASEPREFIX="${PWD}/depends"
|
||||
|
||||
mkdir -p ${BASEPREFIX}/SDKs
|
||||
tar -C ${BASEPREFIX}/SDKs -xf ${BUILD_DIR}/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz
|
||||
|
||||
# Build dependencies for each host
|
||||
for i in $HOSTS; do
|
||||
make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}"
|
||||
done
|
||||
|
||||
# Faketime for binaries
|
||||
export PATH=${PATH_orig}
|
||||
create_global_faketime_wrappers "${REFERENCE_DATETIME}"
|
||||
create_per-host_faketime_wrappers "${REFERENCE_DATETIME}"
|
||||
export PATH=${WRAP_DIR}:${PATH}
|
||||
|
||||
# Define DISTNAME variable.
|
||||
# shellcheck source=contrib/gitian-descriptors/assign_DISTNAME
|
||||
source contrib/gitian-descriptors/assign_DISTNAME
|
||||
|
||||
GIT_ARCHIVE="${OUTDIR}/src/${DISTNAME}.tar.gz"
|
||||
|
||||
# Create the source tarball
|
||||
mkdir -p "$(dirname "$GIT_ARCHIVE")"
|
||||
git archive --prefix="${DISTNAME}/" --output="$GIT_ARCHIVE" HEAD
|
||||
|
||||
ORIGPATH="$PATH"
|
||||
# Extract the git archive into a dir for each host and build
|
||||
for i in ${HOSTS}; do
|
||||
export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH}
|
||||
mkdir -p distsrc-${i}
|
||||
cd distsrc-${i}
|
||||
INSTALLPATH="${PWD}/installed/${DISTNAME}"
|
||||
mkdir -p ${INSTALLPATH}
|
||||
tar --strip-components=1 -xf "${GIT_ARCHIVE}"
|
||||
|
||||
./autogen.sh
|
||||
CONFIG_SITE=${BASEPREFIX}/${i}/share/config.site ./configure --prefix=/ --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS}
|
||||
make ${MAKEOPTS}
|
||||
make ${MAKEOPTS} -C src check-security
|
||||
make ${MAKEOPTS} -C src check-symbols
|
||||
make install-strip DESTDIR=${INSTALLPATH}
|
||||
|
||||
make osx_volname
|
||||
make deploydir
|
||||
mkdir -p unsigned-app-${i}
|
||||
cp osx_volname unsigned-app-${i}/
|
||||
cp contrib/macdeploy/detached-sig-apply.sh unsigned-app-${i}
|
||||
cp contrib/macdeploy/detached-sig-create.sh unsigned-app-${i}
|
||||
cp ${BASEPREFIX}/${i}/native/bin/dmg unsigned-app-${i}
|
||||
mv dist unsigned-app-${i}
|
||||
pushd unsigned-app-${i}
|
||||
find . | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz
|
||||
popd
|
||||
|
||||
make deploy OSX_DMG="${OUTDIR}/${DISTNAME}-osx-unsigned.dmg"
|
||||
|
||||
cd installed
|
||||
find . -name "lib*.la" -delete
|
||||
find . -name "lib*.a" -delete
|
||||
rm -rf ${DISTNAME}/lib/pkgconfig
|
||||
find ${DISTNAME} | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}.tar.gz
|
||||
cd ../../
|
||||
done
|
||||
|
||||
mv ${OUTDIR}/${DISTNAME}-x86_64-*.tar.gz ${OUTDIR}/${DISTNAME}-osx64.tar.gz
|
|
@ -1,42 +0,0 @@
|
|||
---
|
||||
name: "bitcoin-win-signer"
|
||||
distro: "ubuntu"
|
||||
suites:
|
||||
- "focal"
|
||||
architectures:
|
||||
- "amd64"
|
||||
packages:
|
||||
- "libssl-dev"
|
||||
- "autoconf"
|
||||
- "automake"
|
||||
- "libtool"
|
||||
- "pkg-config"
|
||||
remotes:
|
||||
- "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git"
|
||||
"dir": "signature"
|
||||
files:
|
||||
- "osslsigncode-2.0.tar.gz"
|
||||
- "bitcoin-win-unsigned.tar.gz"
|
||||
script: |
|
||||
set -e -o pipefail
|
||||
|
||||
BUILD_DIR="$PWD"
|
||||
SIGDIR=${BUILD_DIR}/signature/win
|
||||
UNSIGNED_DIR=${BUILD_DIR}/unsigned
|
||||
|
||||
echo "5a60e0a4b3e0b4d655317b2f12a810211c50242138322b16e7e01c6fbb89d92f osslsigncode-2.0.tar.gz" | sha256sum -c
|
||||
|
||||
mkdir -p ${UNSIGNED_DIR}
|
||||
tar -C ${UNSIGNED_DIR} -xf bitcoin-win-unsigned.tar.gz
|
||||
|
||||
tar xf osslsigncode-2.0.tar.gz
|
||||
cd osslsigncode-2.0
|
||||
|
||||
./autogen.sh
|
||||
./configure --without-gsf --without-curl --disable-dependency-tracking
|
||||
make
|
||||
find ${UNSIGNED_DIR} -name "*-unsigned.exe" | while read i; do
|
||||
INFILE="$(basename "${i}")"
|
||||
OUTFILE="${INFILE/-unsigned}"
|
||||
./osslsigncode attach-signature -in "${i}" -out "${OUTDIR}/${OUTFILE}" -sigin "${SIGDIR}/${INFILE}.pem"
|
||||
done
|
|
@ -1,157 +0,0 @@
|
|||
---
|
||||
name: "bitcoin-core-win-22"
|
||||
enable_cache: true
|
||||
distro: "ubuntu"
|
||||
suites:
|
||||
- "focal"
|
||||
architectures:
|
||||
- "amd64"
|
||||
packages:
|
||||
- "curl"
|
||||
- "g++"
|
||||
- "git"
|
||||
- "pkg-config"
|
||||
- "autoconf"
|
||||
- "libtool"
|
||||
- "automake"
|
||||
- "faketime"
|
||||
- "bsdmainutils"
|
||||
- "mingw-w64"
|
||||
- "g++-mingw-w64"
|
||||
- "nsis"
|
||||
- "zip"
|
||||
- "ca-certificates"
|
||||
- "python3"
|
||||
- "python3-pip"
|
||||
remotes:
|
||||
- "url": "https://github.com/bitcoin/bitcoin.git"
|
||||
"dir": "bitcoin"
|
||||
files: []
|
||||
script: |
|
||||
set -e -o pipefail
|
||||
|
||||
WRAP_DIR=$HOME/wrapped
|
||||
HOSTS="x86_64-w64-mingw32"
|
||||
CONFIGFLAGS="--enable-reduce-exports --disable-bench --disable-gui-tests --disable-fuzz-binary"
|
||||
FAKETIME_HOST_PROGS="ar ranlib nm windres strip objcopy"
|
||||
FAKETIME_PROGS="date makensis zip"
|
||||
HOST_CFLAGS="-O2 -g -fno-ident"
|
||||
HOST_CXXFLAGS="-O2 -g -fno-ident"
|
||||
|
||||
export TZ="UTC"
|
||||
export BUILD_DIR="$PWD"
|
||||
mkdir -p ${WRAP_DIR}
|
||||
if test -n "$GBUILD_CACHE_ENABLED"; then
|
||||
export SOURCES_PATH=${GBUILD_COMMON_CACHE}
|
||||
export BASE_CACHE=${GBUILD_PACKAGE_CACHE}
|
||||
mkdir -p ${BASE_CACHE} ${SOURCES_PATH}
|
||||
fi
|
||||
|
||||
# Use $LIB in LD_PRELOAD to avoid hardcoding the dir (See `man ld.so`)
|
||||
function create_global_faketime_wrappers {
|
||||
for prog in ${FAKETIME_PROGS}; do
|
||||
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog}
|
||||
echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog}
|
||||
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${prog}
|
||||
echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${prog}
|
||||
echo "exec \"\$REAL\" \"\$@\"" >> $WRAP_DIR/${prog}
|
||||
chmod +x ${WRAP_DIR}/${prog}
|
||||
done
|
||||
}
|
||||
|
||||
function create_per-host_faketime_wrappers {
|
||||
for i in $HOSTS; do
|
||||
for prog in ${FAKETIME_HOST_PROGS}; do
|
||||
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${i}-${prog}
|
||||
echo "REAL=\`which -a ${i}-${prog} | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog}
|
||||
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${i}-${prog}
|
||||
echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${i}-${prog}
|
||||
echo "exec \"\$REAL\" \"\$@\"" >> $WRAP_DIR/${i}-${prog}
|
||||
chmod +x ${WRAP_DIR}/${i}-${prog}
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
function create_per-host_compiler_wrapper {
|
||||
# -posix variant is required for c++11 threading.
|
||||
for i in $HOSTS; do
|
||||
for prog in gcc g++; do
|
||||
echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${i}-${prog}
|
||||
echo "REAL=\`which -a ${i}-${prog}-posix | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog}
|
||||
echo "export LD_PRELOAD='/usr/\$LIB/faketime/libfaketime.so.1'" >> ${WRAP_DIR}/${i}-${prog}
|
||||
echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${i}-${prog}
|
||||
echo "exec \"\$REAL\" \"\$@\"" >> $WRAP_DIR/${i}-${prog}
|
||||
chmod +x ${WRAP_DIR}/${i}-${prog}
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
pip3 install lief==0.11.5
|
||||
|
||||
# Faketime for depends so intermediate results are comparable
|
||||
export PATH_orig=${PATH}
|
||||
create_global_faketime_wrappers "2000-01-01 12:00:00"
|
||||
create_per-host_faketime_wrappers "2000-01-01 12:00:00"
|
||||
create_per-host_compiler_wrapper "2000-01-01 12:00:00"
|
||||
export PATH=${WRAP_DIR}:${PATH}
|
||||
|
||||
cd bitcoin
|
||||
BASEPREFIX="${PWD}/depends"
|
||||
# Build dependencies for each host
|
||||
for i in $HOSTS; do
|
||||
make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}"
|
||||
done
|
||||
|
||||
# Faketime for binaries
|
||||
export PATH=${PATH_orig}
|
||||
create_global_faketime_wrappers "${REFERENCE_DATETIME}"
|
||||
create_per-host_faketime_wrappers "${REFERENCE_DATETIME}"
|
||||
create_per-host_compiler_wrapper "${REFERENCE_DATETIME}"
|
||||
export PATH=${WRAP_DIR}:${PATH}
|
||||
|
||||
# Define DISTNAME variable.
|
||||
# shellcheck source=contrib/gitian-descriptors/assign_DISTNAME
|
||||
source contrib/gitian-descriptors/assign_DISTNAME
|
||||
|
||||
GIT_ARCHIVE="${OUTDIR}/src/${DISTNAME}.tar.gz"
|
||||
|
||||
# Create the source tarball
|
||||
mkdir -p "$(dirname "$GIT_ARCHIVE")"
|
||||
git archive --prefix="${DISTNAME}/" --output="$GIT_ARCHIVE" HEAD
|
||||
|
||||
ORIGPATH="$PATH"
|
||||
# Extract the git archive into a dir for each host and build
|
||||
for i in ${HOSTS}; do
|
||||
export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH}
|
||||
mkdir -p distsrc-${i}
|
||||
cd distsrc-${i}
|
||||
INSTALLPATH="${PWD}/installed/${DISTNAME}"
|
||||
mkdir -p ${INSTALLPATH}
|
||||
tar --strip-components=1 -xf "${GIT_ARCHIVE}"
|
||||
|
||||
./autogen.sh
|
||||
CONFIG_SITE=${BASEPREFIX}/${i}/share/config.site ./configure --prefix=/ --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} CFLAGS="${HOST_CFLAGS}" CXXFLAGS="${HOST_CXXFLAGS}"
|
||||
make ${MAKEOPTS}
|
||||
make ${MAKEOPTS} -C src check-security
|
||||
make ${MAKEOPTS} -C src check-symbols
|
||||
make deploy BITCOIN_WIN_INSTALLER="${OUTDIR}/${DISTNAME}-win64-setup-unsigned.exe"
|
||||
make install DESTDIR=${INSTALLPATH}
|
||||
cd installed
|
||||
mv ${DISTNAME}/bin/*.dll ${DISTNAME}/lib/
|
||||
find . -name "lib*.la" -delete
|
||||
find . -name "lib*.a" -delete
|
||||
rm -rf ${DISTNAME}/lib/pkgconfig
|
||||
find ${DISTNAME}/bin -type f -executable -print0 | xargs -0 -n1 -I{} ../contrib/devtools/split-debug.sh {} {} {}.dbg
|
||||
find ${DISTNAME}/lib -type f -print0 | xargs -0 -n1 -I{} ../contrib/devtools/split-debug.sh {} {} {}.dbg
|
||||
cp ../doc/README_windows.txt ${DISTNAME}/readme.txt
|
||||
find ${DISTNAME} -not -name "*.dbg" -type f | sort | zip -X@ ${OUTDIR}/${DISTNAME}-${i//x86_64-w64-mingw32/win64}.zip
|
||||
find ${DISTNAME} -name "*.dbg" -type f | sort | zip -X@ ${OUTDIR}/${DISTNAME}-${i//x86_64-w64-mingw32/win64}-debug.zip
|
||||
cd ../../
|
||||
rm -rf distsrc-${i}
|
||||
done
|
||||
|
||||
cp -rf contrib/windeploy $BUILD_DIR
|
||||
cd $BUILD_DIR/windeploy
|
||||
mkdir unsigned
|
||||
cp ${OUTDIR}/${DISTNAME}-win64-setup-unsigned.exe unsigned/
|
||||
find . | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-win-unsigned.tar.gz
|
|
@ -90,9 +90,9 @@ Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk
|
|||
|
||||
See the SDK Extraction notes above for how to obtain it.
|
||||
|
||||
The Gitian descriptors build 2 sets of files: Linux tools, then Apple binaries which are
|
||||
The Guix process build 2 sets of files: Linux tools, then Apple binaries which are
|
||||
created using these tools. The build process has been designed to avoid including the
|
||||
SDK's files in Gitian's outputs. All interim tarballs are fully deterministic and may be freely
|
||||
SDK's files in Guix's outputs. All interim tarballs are fully deterministic and may be freely
|
||||
redistributed.
|
||||
|
||||
[`xorrisofs`](https://www.gnu.org/software/xorriso/) is used to create the DMG.
|
||||
|
@ -113,11 +113,11 @@ order to satisfy the new Gatekeeper requirements. Because this private key canno
|
|||
shared, we'll have to be a bit creative in order for the build process to remain somewhat
|
||||
deterministic. Here's how it works:
|
||||
|
||||
- Builders use Gitian to create an unsigned release. This outputs an unsigned DMG which
|
||||
- Builders use Guix to create an unsigned release. This outputs an unsigned DMG which
|
||||
users may choose to bless and run. It also outputs an unsigned app structure in the form
|
||||
of a tarball, which also contains all of the tools that have been previously (deterministically)
|
||||
built in order to create a final DMG.
|
||||
- The Apple keyholder uses this unsigned app to create a detached signature, using the
|
||||
script that is also included there. Detached signatures are available from this [repository](https://github.com/bitcoin-core/bitcoin-detached-sigs).
|
||||
- Builders feed the unsigned app + detached signature back into Gitian. It uses the
|
||||
- Builders feed the unsigned app + detached signature back into Guix. It uses the
|
||||
pre-built tools to recombine the pieces into a deterministic DMG.
|
||||
|
|
|
@ -46,7 +46,6 @@ The following are developer notes on how to build Bitcoin Core on your native pl
|
|||
- [OpenBSD Build Notes](build-openbsd.md)
|
||||
- [NetBSD Build Notes](build-netbsd.md)
|
||||
- [Android Build Notes](build-android.md)
|
||||
- [Gitian Building Guide (External Link)](https://github.com/bitcoin-core/docs/blob/master/gitian-building.md)
|
||||
|
||||
Development
|
||||
---------------------
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
Gitian building
|
||||
================
|
||||
|
||||
This file was moved to [the Bitcoin Core documentation repository](https://github.com/bitcoin-core/docs/blob/master/gitian-building.md) at [https://github.com/bitcoin-core/docs](https://github.com/bitcoin-core/docs).
|
|
@ -14,10 +14,6 @@ disabled=(
|
|||
SC2086 # Double quote to prevent globbing and word splitting.
|
||||
SC2162 # read without -r will mangle backslashes.
|
||||
)
|
||||
disabled_gitian=(
|
||||
SC2094 # Make sure not to read and write the same file in the same pipeline.
|
||||
SC2129 # Consider using { cmd1; cmd2; } >> file instead of individual redirects.
|
||||
)
|
||||
|
||||
EXIT_CODE=0
|
||||
|
||||
|
@ -33,22 +29,4 @@ if ! "${SHELLCHECK_CMD[@]}" "$EXCLUDE" $SOURCED_FILES $(git ls-files -- '*.sh' |
|
|||
EXIT_CODE=1
|
||||
fi
|
||||
|
||||
if ! command -v yq > /dev/null; then
|
||||
echo "Skipping Gitian descriptor scripts checking since yq is not installed."
|
||||
exit $EXIT_CODE
|
||||
fi
|
||||
|
||||
EXCLUDE_GITIAN=${EXCLUDE}",$(IFS=','; echo "${disabled_gitian[*]}")"
|
||||
for descriptor in $(git ls-files -- 'contrib/gitian-descriptors/*.yml')
|
||||
do
|
||||
script=$(basename "$descriptor")
|
||||
# Use #!/bin/bash as gitian-builder/bin/gbuild does to complete a script.
|
||||
echo "#!/bin/bash" > $script
|
||||
yq -r .script "$descriptor" >> $script
|
||||
if ! "${SHELLCHECK_CMD[@]}" "$EXCLUDE_GITIAN" $script; then
|
||||
EXIT_CODE=1
|
||||
fi
|
||||
rm $script
|
||||
done
|
||||
|
||||
exit $EXIT_CODE
|
||||
|
|
Loading…
Add table
Reference in a new issue