aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2015-06-30 17:55:38 +0200
committerWladimir J. van der Laan <laanwj@gmail.com>2015-06-30 17:56:23 +0200
commitda77a6f7611f71443914e1c71df1e52468cf507d (patch)
treecf4c5bad3a9499d6dcb4606e711a75bd8231e814
parent0564c5b795d1be675a0ac0a2e8038db0970ac376 (diff)
parent6e849b8309558ec83710d86c0f784566996da58b (diff)
Merge pull request #6354
6e849b8 Ideal release process for Windows detached signing (Micha) a3ba9a5 gitian: make the windows signing process match OSX (Cory Fields)
Diffstat
-rw-r--r--contrib/gitian-descriptors/gitian-win-signer.yml15
-rw-r--r--contrib/gitian-descriptors/gitian-win.yml7
-rw-r--r--doc/release-process.md25
3 files changed, 27 insertions, 20 deletions
diff --git a/contrib/gitian-descriptors/gitian-win-signer.yml b/contrib/gitian-descriptors/gitian-win-signer.yml
index 0bf2ac9b2f..2a73050e0e 100644
--- a/contrib/gitian-descriptors/gitian-win-signer.yml
+++ b/contrib/gitian-descriptors/gitian-win-signer.yml
@@ -14,21 +14,26 @@ remotes:
files:
- "osslsigncode-1.7.1.tar.gz"
- "osslsigncode-Backports-to-1.7.1.patch"
-- "bitcoin-win32-setup.exe"
-- "bitcoin-win64-setup.exe"
+- "bitcoin-win-unsigned.tar.gz"
script: |
BUILD_DIR=`pwd`
SIGDIR=${BUILD_DIR}/signature/win
+ UNSIGNED_DIR=${BUILD_DIR}/unsigned
echo "f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 osslsigncode-1.7.1.tar.gz" | sha256sum -c
echo "a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 osslsigncode-Backports-to-1.7.1.patch" | sha256sum -c
+ mkdir -p ${UNSIGNED_DIR}
+ tar -C ${UNSIGNED_DIR} -xf bitcoin-win-unsigned.tar.gz
+
tar xf osslsigncode-1.7.1.tar.gz
cd osslsigncode-1.7.1
patch -p1 < ${BUILD_DIR}/osslsigncode-Backports-to-1.7.1.patch
./configure --without-gsf --without-curl --disable-dependency-tracking
make
-
- ./osslsigncode attach-signature -in ${BUILD_DIR}/bitcoin-win32-setup.exe -out ${OUTDIR}/bitcoin-win32-setup-signed.exe -sigin ${SIGDIR}/bitcoin-win32-setup.exe.pem
- ./osslsigncode attach-signature -in ${BUILD_DIR}/bitcoin-win64-setup.exe -out ${OUTDIR}/bitcoin-win64-setup-signed.exe -sigin ${SIGDIR}/bitcoin-win64-setup.exe.pem
+ find ${UNSIGNED_DIR} -name "*-unsigned.exe" | while read i; do
+ INFILE="`basename "${i}"`"
+ OUTFILE="`echo "${INFILE}" | sed s/-unsigned//`"
+ ./osslsigncode attach-signature -in "${i}" -out "${OUTDIR}/${OUTFILE}" -sigin "${SIGDIR}/${INFILE}.pem"
+ done
diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml
index 20cfb29859..966820ec51 100644
--- a/contrib/gitian-descriptors/gitian-win.yml
+++ b/contrib/gitian-descriptors/gitian-win.yml
@@ -84,6 +84,8 @@ script: |
pushd temp
tar xf ../$SOURCEDIST
find bitcoin-* | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ../$SOURCEDIST
+ mkdir -p $OUTDIR/src
+ cp ../$SOURCEDIST $OUTDIR/src
popd
ORIGPATH="$PATH"
@@ -109,7 +111,8 @@ script: |
find ${DISTNAME} -type f | sort | zip -X@ ${OUTDIR}/${DISTNAME}-${i}.zip
cd ../..
done
- mkdir -p $OUTDIR/src
- mv $SOURCEDIST $OUTDIR/src
+ cd $OUTDIR
+ rename 's/-setup\.exe$/-setup-unsigned.exe/' *-setup.exe
+ find . -name "*-setup-unsigned.exe" | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-win-unsigned.tar.gz
mv ${OUTDIR}/${DISTNAME}-x86_64-*.zip ${OUTDIR}/${DISTNAME}-win64.zip
mv ${OUTDIR}/${DISTNAME}-i686-*.zip ${OUTDIR}/${DISTNAME}-win32.zip
diff --git a/doc/release-process.md b/doc/release-process.md
index 07005bfbb9..5ecb9334f5 100644
--- a/doc/release-process.md
+++ b/doc/release-process.md
@@ -25,7 +25,7 @@ Release Process
###update gitian
- In order to take advantage of the new caching features in gitian, be sure to update to a recent version (e9741525c or higher is recommended)
+ In order to take advantage of the new caching features in gitian, be sure to update to a recent version (`e9741525c` or later is recommended)
###perform gitian builds
@@ -66,22 +66,21 @@ Release Process
./bin/gsign --signer $SIGNER --release ${VERSION}-linux --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
mv build/out/bitcoin-*.tar.gz build/out/src/bitcoin-*.tar.gz ../
./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
- ./bin/gsign --signer $SIGNER --release ${VERSION}-win --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
- mv build/out/bitcoin-*.zip ../
- mv build/out/bitcoin-*-win64-setup.exe inputs/bitcoin-win64-setup.exe
- mv build/out/bitcoin-*-win32-setup.exe inputs/bitcoin-win32-setup.exe
+ ./bin/gsign --signer $SIGNER --release ${VERSION}-win-unsigned --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
+ mv build/out/bitcoin-*-win-unsigned.tar.gz inputs/bitcoin-win-unsigned.tar.gz
+ mv build/out/bitcoin-*.zip build/out/bitcoin-*.exe ../
./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml
./bin/gsign --signer $SIGNER --release ${VERSION}-osx-unsigned --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml
- mv build/out/bitcoin-*-unsigned.tar.gz inputs/bitcoin-osx-unsigned.tar.gz
+ mv build/out/bitcoin-*-osx-unsigned.tar.gz inputs/bitcoin-osx-unsigned.tar.gz
mv build/out/bitcoin-*.tar.gz build/out/bitcoin-*.dmg ../
popd
Build output expected:
1. source tarball (bitcoin-${VERSION}.tar.gz)
- 2. linux 32-bit and 64-bit binaries dist tarballs (bitcoin-${VERSION}-linux[32|64].tar.gz)
- 3. windows 32-bit and 64-bit unsigned installers and dist zips (bitcoin-${VERSION}-win[32|64]-setup.exe, bitcoin-${VERSION}-win[32|64].zip)
- 4. OSX unsigned installer (bitcoin-${VERSION}-osx-unsigned.dmg)
- 5. Gitian signatures (in gitian.sigs/${VERSION}-<linux|win|osx-unsigned>/(your gitian key)/
+ 2. linux 32-bit and 64-bit dist tarballs (bitcoin-${VERSION}-linux[32|64].tar.gz)
+ 3. windows 32-bit and 64-bit unsigned installers and dist zips (bitcoin-${VERSION}-win[32|64]-setup-unsigned.exe, bitcoin-${VERSION}-win[32|64].zip)
+ 4. OSX unsigned installer and dist tarball (bitcoin-${VERSION}-osx-unsigned.dmg, bitcoin-${VERSION}-osx64.tar.gz)
+ 5. Gitian signatures (in gitian.sigs/${VERSION}-<linux|{win,osx}-unsigned>/(your gitian key)/
###Next steps:
@@ -89,7 +88,7 @@ Commit your signature to gitian.sigs:
pushd gitian.sigs
git add ${VERSION}-linux/${SIGNER}
- git add ${VERSION}-win/${SIGNER}
+ git add ${VERSION}-win-unsigned/${SIGNER}
git add ${VERSION}-osx-unsigned/${SIGNER}
git commit -a
git push # Assuming you can push to the gitian.sigs tree
@@ -112,8 +111,8 @@ Commit your signature to gitian.sigs:
pushd ./gitian-builder
./bin/gbuild -i --commit signature=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
./bin/gsign --signer $SIGNER --release ${VERSION}-win-signed --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
- mv build/out/bitcoin-win64-setup-signed.exe ../bitcoin-${VERSION}-win64-setup.exe
- mv build/out/bitcoin-win32-setup-signed.exe ../bitcoin-${VERSION}-win32-setup.exe
+ mv build/out/bitcoin-*win64-setup.exe ../bitcoin-${VERSION}-win64-setup.exe
+ mv build/out/bitcoin-*win32-setup.exe ../bitcoin-${VERSION}-win32-setup.exe
popd
Commit your signature for the signed OSX/Windows binaries:
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-08 08:45:33 +0000