bitcoin

mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-10 20:03:34 -03:00

History

Wladimir J. van der Laan f7fd76bcc0 Merge #20880 : gitian: Use custom MacOS code signing tool `2c403279e2` gitian: Remove codesign_allocate and pagestuff from MacOS build (Andrew Chow) `f55eed2514` gitian: use signapple to create the MacOS code signature (Andrew Chow) `95b06d2185` gitian: use signapple to apply the MacOS code signature (Andrew Chow) `42bb1ea363` gitian: install signapple in gitian-osx-signer.yml (Andrew Chow) Pull request description: The MacOS code signing issues that were encountered during the 0.21.0 release cycle have shown that it is necessary for us to use a code signing tool for which the source code is available and modifiable by us. Given that there appears to not be such a tool available, I have written such a tool, [signapple](https://github.com/achow101/signapple), that we can use. This tool is able to create a valid MacOS code signature, detach it in a way that we were doing previously, and attach it to the unsigned binary. This tool can also verify that the signature is correct. This PR implements the usage of that tool in the gitian build for the code signed MacOS binary. The code signer will use this tool to create the detached signature. Gitian builders will use this tool to apply the detached signature. The `gitian-osx-signer.yml` descriptor has been modified to install this tool so that the `detached-sig-apply.sh` script can use it. Additionally, the `codesign_allocate` and `pagestuff` tools are no longer necessary so they are no longer added to the tarball used in code signing. Lastly, both the `detached-sig-create.sh` and `detached-sig-apply.sh` scripts are made to be significantly less complex and to not do unexpected things such as unpacking an already unpacked tarball. The detached code signature that signapple creates is almost identical to that which we were previously creating. The only difference is that the cpu architecture name is included in the extension (e.g. we have `bitcoin-qt.x86_64sign` instead of `bitcoin-qt.sign`). This was done in order to support signing universal binaries which we may want to do in the future. However signapple can still apply existing code signatures as it will accept the `.sign` extension. If it is desired, it can be modified to produce signatures with just the `.sign` extension. However I do not think it is necessary to maintain compatibility with the old process. ACKs for top commit: laanwj: Code review ACK `2c403279e2` Tree-SHA512: 2a0e01e9133f8859b9de26e7e8fe1d2610d2cbdee2845e6008b12c083c7e3622cbb2d9b83c50a269e2c3074ab95914a8225d3cd4108017f58b77a62bf10951e0		2021-01-18 22:04:27 +01:00
..
debian	doc: Update license year range to 2021	2020-12-30 16:24:47 +01:00
devtools	doc: Add manual page generation for bitcoin-util	2021-01-12 14:09:21 +01:00
gitian-descriptors	gitian: Remove codesign_allocate and pagestuff from MacOS build	2021-01-07 15:33:19 -05:00
gitian-keys	Merge #20859 : gitian-keys: add miketwenty1 key	2021-01-07 13:42:49 +01:00
guix	guix: Print build params inside/outside of container	2021-01-08 11:40:02 -05:00
init	doc: Fix systemd spelling and link to doc/init.md	2021-01-08 17:55:34 +02:00
linearize	doc: Added default signet config for linearize script	2020-09-25 14:37:22 +02:00
macdeploy	gitian: use signapple to create the MacOS code signature	2021-01-07 15:33:19 -05:00
qos	scripted-diff: Bump copyright of files changed in 2019	2019-12-30 10:42:20 +13:00
seeds	Merge #20288 : script, doc: contrib/seeds updates	2020-11-19 10:40:46 +01:00
signet	contrib/signet: Document miner script in README.md	2021-01-12 18:34:29 +10:00
testgen	scripted-diff: Bump copyright headers	2020-12-31 09:45:41 +01:00
verify-commits	scripted-diff: Bump copyright headers	2020-04-16 13:33:09 -04:00
verifybinaries	scripted-diff: Bump copyright of files changed in 2019	2019-12-30 10:42:20 +13:00
windeploy	Update with new Windows code signing certificate	2020-03-24 12:22:46 -04:00
zmq	scripted-diff: Bump copyright headers	2020-12-31 09:45:41 +01:00
bitcoin-cli.bash-completion	scripted-diff: Bump copyright of files changed in 2019	2019-12-30 10:42:20 +13:00
bitcoin-qt.pro	Add CreateWalletDialog to create wallets from the GUI	2019-09-05 20:36:57 -04:00
bitcoin-tx.bash-completion	bash-completion: Adapt for 0.12 and 0.13	2016-07-07 07:52:59 -04:00
bitcoind.bash-completion	scripted-diff: Bump copyright of files changed in 2019	2019-12-30 10:42:20 +13:00
filter-lcov.py	scripted-diff: Bump copyright headers	2020-12-31 09:45:41 +01:00
gitian-build.py	scripted-diff: Bump copyright headers	2020-12-31 09:45:41 +01:00
install_db4.sh	scripted-diff: Add missed copyright headers	2020-01-04 20:18:28 +02:00
README.md	doc: Fix whitespace errs in .md files, bitcoin.conf, Info.plist.in, and find_bdb48.m4	2019-09-17 03:21:22 -04:00
valgrind.supp	contrib: Fixup valgrind suppressions file	2020-08-05 16:43:30 +02:00

Repository Tools

Developer tools

Specific tools for developers working on this repository. Additional tools, including the github-merge.py script, are available in the maintainer-tools repository.

Verify-Commits

Tool to verify that every merge commit was signed by a developer using the github-merge.py script.

Linearize

Construct a linear, no-fork, best version of the blockchain.

A Linux bash script that will set up traffic control (tc) to limit the outgoing bandwidth for connections to the Bitcoin network. This means one can have an always-on bitcoind instance running, and another local bitcoind/bitcoin-qt instance which connects to this node and receives blocks from it.

Seeds

Utility to generate the pnSeed[] array that is compiled into the client.

Build Tools and Keys

Packaging

The Debian subfolder contains the copyright file.

All other packaging related files can be found in the bitcoin-core/packaging repository.

Test and Verify Tools

TestGen

Utilities to generate test vectors for the data-driven Bitcoin tests.

Verify Binaries

This script attempts to download and verify the signature file SHA256SUMS.asc from bitcoin.org.

README.md