aboutsummaryrefslogtreecommitdiff
path: root/doc/gitian-building.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/gitian-building.md')
-rw-r--r--doc/gitian-building.md478
1 files changed, 1 insertions, 477 deletions
diff --git a/doc/gitian-building.md b/doc/gitian-building.md
index 9f9afaf04f..3a48f4a0b3 100644
--- a/doc/gitian-building.md
+++ b/doc/gitian-building.md
@@ -1,480 +1,4 @@
Gitian building
================
-*Setup instructions for a Gitian build of Bitcoin Core using a Debian VM or physical system.*
-
-Gitian is the deterministic build process that is used to build the Bitcoin
-Core executables. It provides a way to be reasonably sure that the
-executables are really built from the source on GitHub. It also makes sure that
-the same, tested dependencies are used and statically built into the executable.
-
-Multiple developers build the source code by following a specific descriptor
-("recipe"), cryptographically sign the result, and upload the resulting signature.
-These results are compared and only if they match, the build is accepted and uploaded
-to bitcoin.org.
-
-More independent Gitian builders are needed, which is why this guide exists.
-It is preferred you follow these steps yourself instead of using someone else's
-VM image to avoid 'contaminating' the build.
-
-Table of Contents
-------------------
-
-- [Create a new VirtualBox VM](#create-a-new-virtualbox-vm)
-- [Connecting to the VM](#connecting-to-the-vm)
-- [Setting up Debian for Gitian building](#setting-up-debian-for-gitian-building)
-- [Installing Gitian](#installing-gitian)
-- [Setting up the Gitian image](#setting-up-the-gitian-image)
-- [Getting and building the inputs](#getting-and-building-the-inputs)
-- [Building Bitcoin Core](#building-bitcoin-core)
-- [Building an alternative repository](#building-an-alternative-repository)
-- [Signing externally](#signing-externally)
-- [Uploading signatures](#uploading-signatures)
-
-Preparing the Gitian builder host
----------------------------------
-
-The first step is to prepare the host environment that will be used to perform the Gitian builds.
-This guide explains how to set up the environment, and how to start the builds.
-
-Debian Linux was chosen as the host distribution because it has a lightweight install (in contrast to Ubuntu) and is readily available.
-Any kind of virtualization can be used, for example:
-- [VirtualBox](https://www.virtualbox.org/) (covered by this guide)
-- [KVM](http://www.linux-kvm.org/page/Main_Page)
-- [LXC](https://linuxcontainers.org/), see also [Gitian host docker container](https://github.com/gdm85/tenku/tree/master/docker/gitian-bitcoin-host/README.md).
-
-You can also install Gitian on actual hardware instead of using virtualization.
-
-Create a new VirtualBox VM
----------------------------
-In the VirtualBox GUI click "New" and choose the following parameters in the wizard:
-
-![](gitian-building/create_new_vm.png)
-
-- Type: Linux, Debian (64-bit)
-
-![](gitian-building/create_vm_memsize.png)
-
-- Memory Size: at least 3000MB, anything less and the build might not complete.
-
-![](gitian-building/create_vm_hard_disk.png)
-
-- Hard Disk: Create a virtual hard disk now
-
-![](gitian-building/create_vm_hard_disk_file_type.png)
-
-- Hard Disk file type: Use the default, VDI (VirtualBox Disk Image)
-
-![](gitian-building/create_vm_storage_physical_hard_disk.png)
-
-- Storage on physical hard disk: Dynamically Allocated
-
-![](gitian-building/create_vm_file_location_size.png)
-
-- File location and size: at least 40GB; as low as 20GB *may* be possible, but better to err on the safe side
-- Click `Create`
-
-After creating the VM, we need to configure it.
-
-- Click the `Settings` button, then go to the `Network` tab. Adapter 1 should be attached to `NAT`.
-
-![](gitian-building/network_settings.png)
-
-- Click `Advanced`, then `Port Forwarding`. We want to set up a port through which we can reach the VM to get files in and out.
-- Create a new rule by clicking the plus icon.
-
-![](gitian-building/port_forwarding_rules.png)
-
-- Set up the new rule the following way:
- - Name: `SSH`
- - Protocol: `TCP`
- - Leave Host IP empty
- - Host Port: `22222`
- - Leave Guest IP empty
- - Guest Port: `22`
-
-- Click `Ok` twice to save.
-
-Get the [Debian 8.x net installer](http://cdimage.debian.org/mirror/cdimage/archive/8.5.0/amd64/iso-cd/debian-8.5.0-amd64-netinst.iso) (a more recent minor version should also work, see also [Debian Network installation](https://www.debian.org/CD/netinst/)).
-This DVD image can be [validated](https://www.debian.org/CD/verify) using a SHA256 hashing tool, for example on
-Unixy OSes by entering the following in a terminal:
-
- echo "ad4e8c27c561ad8248d5ebc1d36eb172f884057bfeb2c22ead823f59fa8c3dff debian-8.5.0-amd64-netinst.iso" | sha256sum -c
- # (must return OK)
-
-Then start the VM. On the first launch you will be asked for a CD or DVD image. Choose the downloaded ISO.
-
-![](gitian-building/select_startup_disk.png)
-
-Installing Debian
-------------------
-
-This section will explain how to install Debian on the newly created VM.
-
-- Choose the non-graphical installer. We do not need the graphical environment; it will only increase installation time and disk usage.
-
-![](gitian-building/debian_install_1_boot_menu.png)
-
-**Note**: Navigating in the Debian installer:
-To keep a setting at the default and proceed, just press `Enter`.
-To select a different button, press `Tab`.
-
-- Choose locale and keyboard settings (doesn't matter, you can just go with the defaults or select your own information)
-
-![](gitian-building/debian_install_2_select_a_language.png)
-![](gitian-building/debian_install_3_select_location.png)
-![](gitian-building/debian_install_4_configure_keyboard.png)
-
-- The VM will detect network settings using DHCP, this should all proceed automatically
-- Configure the network:
- - Hostname `debian`.
- - Leave domain name empty.
-
-![](gitian-building/debian_install_5_configure_the_network.png)
-![](gitian-building/debian_install_6_domain_name.png)
-
-- Choose a root password and enter it twice (remember it for later)
-
-![](gitian-building/debian_install_6a_set_up_root_password.png)
-
-- Name the new user `debian` (the full name doesn't matter, you can leave it empty)
-- Set the account username as `debian`
-
-![](gitian-building/debian_install_7_set_up_user_fullname.png)
-![](gitian-building/debian_install_8_set_up_username.png)
-
-- Choose a user password and enter it twice (remember it for later)
-
-![](gitian-building/debian_install_9_user_password.png)
-
-- The installer will set up the clock using a time server; this process should be automatic
-- Set up the clock: choose a time zone (depends on the locale settings that you picked earlier; specifics don't matter)
-
-![](gitian-building/debian_install_10_configure_clock.png)
-
-- Disk setup
- - Partitioning method: Guided - Use the entire disk
-
-![](gitian-building/debian_install_11_partition_disks.png)
-
- - Select disk to partition: SCSI1 (0,0,0)
-
-![](gitian-building/debian_install_12_choose_disk.png)
-
- - Partition Disks -> *All files in one partition*
-
-![](gitian-building/all_files_in_one_partition.png)
-
- - Finish partitioning and write changes to disk -> *Yes* (`Tab`, `Enter` to select the `Yes` button)
-
-![](gitian-building/debian_install_14_finish.png)
-![](gitian-building/debian_install_15_write_changes.png)
-
-- The base system will be installed, this will take a minute or so
-- Choose a mirror (any will do)
-
-![](gitian-building/debian_install_16_choose_a_mirror.png)
-
-- Enter proxy information (unless you are on an intranet, leave this empty)
-
-![](gitian-building/debian_install_18_proxy_settings.png)
-
-- Wait a bit while 'Select and install software' runs
-- Participate in popularity contest -> *No*
-- Choose software to install. We need just the base system.
-- Make sure only 'SSH server' and 'Standard System Utilities' are checked
-- Uncheck 'Debian Desktop Environment' and 'Print Server'
-
-![](gitian-building/debian_install_19_software_selection.png)
-
-- Install the GRUB boot loader to the master boot record? -> Yes
-
-![](gitian-building/debian_install_20_install_grub.png)
-
-- Device for boot loader installation -> ata-VBOX_HARDDISK
-
-![](gitian-building/debian_install_21_install_grub_bootloader.png)
-
-- Installation Complete -> *Continue*
-- After installation, the VM will reboot and you will have a working Debian VM. Congratulations!
-
-![](gitian-building/debian_install_22_finish_installation.png)
-
-
-After Installation
--------------------
-The next step in the guide involves logging in as root via SSH.
-SSH login for root users is disabled by default, so we'll enable that now.
-
-Login to the VM using username `root` and the root password you chose earlier.
-You'll be presented with a screen similar to this.
-
-![](gitian-building/debian_root_login.png)
-
-Type:
-
-```
-sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
-```
-and press enter. Then,
-```
-/etc/init.d/ssh restart
-```
-and enter to restart SSH. Logout by typing 'logout' and pressing 'enter'.
-
-Connecting to the VM
-----------------------
-
-After the VM has booted you can connect to it using SSH, and files can be copied from and to the VM using a SFTP utility.
-Connect to `localhost`, port `22222` (or the port configured when installing the VM).
-On Windows you can use [putty](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) and [WinSCP](http://winscp.net/eng/index.php).
-
-For example, to connect as `root` from a Linux command prompt use
-
- $ ssh root@localhost -p 22222
- The authenticity of host '[localhost]:22222 ([127.0.0.1]:22222)' can't be established.
- RSA key fingerprint is ae:f5:c8:9f:17:c6:c7:1b:c2:1b:12:31:1d:bb:d0:c7.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '[localhost]:22222' (RSA) to the list of known hosts.
- root@localhost's password: (enter root password configured during install)
-
- The programs included with the Debian GNU/Linux system are free software;
- the exact distribution terms for each program are described in the
- individual files in /usr/share/doc/*/copyright.
-
- Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
- permitted by applicable law.
- root@debian:~#
-
-Replace `root` with `debian` to log in as user.
-
-Setting up Debian for Gitian building
---------------------------------------
-
-In this section we will be setting up the Debian installation for Gitian building.
-
-First we need to log in as `root` to set up dependencies and make sure that our
-user can use the sudo command. Type/paste the following in the terminal:
-
-```bash
-apt-get install git ruby sudo apt-cacher-ng qemu-utils debootstrap lxc python-cheetah parted kpartx bridge-utils make ubuntu-archive-keyring curl
-adduser debian sudo
-```
-
-Then set up LXC and the rest with the following, which is a complex jumble of settings and workarounds:
-
-```bash
-# the version of lxc-start in Debian needs to run as root, so make sure
-# that the build script can execute it without providing a password
-echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc
-echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-execute" >> /etc/sudoers.d/gitian-lxc
-# make /etc/rc.local script that sets up bridge between guest and host
-echo '#!/bin/sh -e' > /etc/rc.local
-echo 'brctl addbr br0' >> /etc/rc.local
-echo 'ifconfig br0 10.0.3.2/24 up' >> /etc/rc.local
-echo 'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' >> /etc/rc.local
-echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >> /etc/rc.local
-echo 'exit 0' >> /etc/rc.local
-# make sure that USE_LXC is always set when logging in as debian,
-# and configure LXC IP addresses
-echo 'export USE_LXC=1' >> /home/debian/.profile
-echo 'export GITIAN_HOST_IP=10.0.3.2' >> /home/debian/.profile
-echo 'export LXC_GUEST_IP=10.0.3.5' >> /home/debian/.profile
-reboot
-```
-
-At the end the VM is rebooted to make sure that the changes take effect. The steps in this
-section only need to be performed once.
-
-Installing Gitian
-------------------
-
-Re-login as the user `debian` that was created during installation.
-The rest of the steps in this guide will be performed as that user.
-
-There is no `python-vm-builder` package in Debian, so we need to install it from source ourselves,
-
-```bash
-wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr494.orig.tar.gz
-echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c
-# (verification -- must return OK)
-tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz
-cd vm-builder-0.12.4+bzr494
-sudo python setup.py install
-cd ..
-```
-
-**Note**: When sudo asks for a password, enter the password for the user *debian* not for *root*.
-
-Clone the git repositories for bitcoin and Gitian.
-
-```bash
-git clone https://github.com/devrandom/gitian-builder.git
-git clone https://github.com/bitcoin/bitcoin
-git clone https://github.com/bitcoin-core/gitian.sigs.git
-```
-
-Setting up the Gitian image
--------------------------
-
-Gitian needs a virtual image of the operating system to build in.
-Currently this is Ubuntu Trusty x86_64.
-This image will be copied and used every time that a build is started to
-make sure that the build is deterministic.
-Creating the image will take a while, but only has to be done once.
-
-Execute the following as user `debian`:
-
-```bash
-cd gitian-builder
-bin/make-base-vm --lxc --arch amd64 --suite trusty
-```
-
-There will be a lot of warnings printed during the build of the image. These can be ignored.
-
-**Note**: When sudo asks for a password, enter the password for the user *debian* not for *root*.
-
-Getting and building the inputs
---------------------------------
-
-At this point you have two options, you can either use the automated script (found in [contrib/gitian-build.sh](/contrib/gitian-build.sh)) or you could manually do everything by following this guide. If you're using the automated script, then run it with the "--setup" command. Afterwards, run it with the "--build" command (example: "contrib/gitian-build.sh -b signer 0.13.0"). Otherwise ignore this.
-
-Follow the instructions in [doc/release-process.md](release-process.md#fetch-and-create-inputs-first-time-or-when-dependency-versions-change)
-in the bitcoin repository under 'Fetch and create inputs' to install sources which require
-manual intervention. Also optionally follow the next step: 'Seed the Gitian sources cache
-and offline git repositories' which will fetch the remaining files required for building
-offline.
-
-Building Bitcoin Core
-----------------
-
-To build Bitcoin Core (for Linux, OS X and Windows) just follow the steps under 'perform
-Gitian builds' in [doc/release-process.md](release-process.md#perform-gitian-builds) in the bitcoin repository.
-
-This may take some time as it will build all the dependencies needed for each descriptor.
-These dependencies will be cached after a successful build to avoid rebuilding them when possible.
-
-At any time you can check the package installation and build progress with
-
-```bash
-tail -f var/install.log
-tail -f var/build.log
-```
-
-Output from `gbuild` will look something like
-
- Initialized empty Git repository in /home/debian/gitian-builder/inputs/bitcoin/.git/
- remote: Counting objects: 57959, done.
- remote: Total 57959 (delta 0), reused 0 (delta 0), pack-reused 57958
- Receiving objects: 100% (57959/57959), 53.76 MiB | 484.00 KiB/s, done.
- Resolving deltas: 100% (41590/41590), done.
- From https://github.com/bitcoin/bitcoin
- ... (new tags, new branch etc)
- --- Building for trusty amd64 ---
- Stopping target if it is up
- Making a new image copy
- stdin: is not a tty
- Starting target
- Checking if target is up
- Preparing build environment
- Updating apt-get repository (log in var/install.log)
- Installing additional packages (log in var/install.log)
- Grabbing package manifest
- stdin: is not a tty
- Creating build script (var/build-script)
- lxc-start: Connection refused - inotify event with no name (mask 32768)
- Running build script (log in var/build.log)
-
-Building an alternative repository
------------------------------------
-
-If you want to do a test build of a pull on GitHub it can be useful to point
-the Gitian builder at an alternative repository, using the same descriptors
-and inputs.
-
-For example:
-```bash
-URL=https://github.com/laanwj/bitcoin.git
-COMMIT=2014_03_windows_unicode_path
-./bin/gbuild --commit bitcoin=${COMMIT} --url bitcoin=${URL} ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
-./bin/gbuild --commit bitcoin=${COMMIT} --url bitcoin=${URL} ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
-./bin/gbuild --commit bitcoin=${COMMIT} --url bitcoin=${URL} ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml
-```
-
-Building fully offline
------------------------
-
-For building fully offline including attaching signatures to unsigned builds, the detached-sigs repository
-and the bitcoin git repository with the desired tag must both be available locally, and then gbuild must be
-told where to find them. It also requires an apt-cacher-ng which is fully-populated but set to offline mode, or
-manually disabling gitian-builder's use of apt-get to update the VM build environment.
-
-To configure apt-cacher-ng as an offline cacher, you will need to first populate its cache with the relevant
-files. You must additionally patch target-bin/bootstrap-fixup to set its apt sources to something other than
-plain archive.ubuntu.com: us.archive.ubuntu.com works.
-
-So, if you use LXC:
-
-```bash
-export PATH="$PATH":/path/to/gitian-builder/libexec
-export USE_LXC=1
-cd /path/to/gitian-builder
-./libexec/make-clean-vm --suite trusty --arch amd64
-
-LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root apt-get update
-LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root \
- -e DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -y install \
- $( sed -ne '/^packages:/,/[^-] .*/ {/^- .*/{s/"//g;s/- //;p}}' ../bitcoin/contrib/gitian-descriptors/*|sort|uniq )
-LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root apt-get -q -y purge grub
-LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root -e DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade
-```
-
-And then set offline mode for apt-cacher-ng:
-
-```
-/etc/apt-cacher-ng/acng.conf
-[...]
-Offlinemode: 1
-[...]
-
-service apt-cacher-ng restart
-```
-
-Then when building, override the remote URLs that gbuild would otherwise pull from the Gitian descriptors::
-```bash
-
-cd /some/root/path/
-git clone https://github.com/bitcoin-core/bitcoin-detached-sigs.git
-
-BTCPATH=/some/root/path/bitcoin
-SIGPATH=/some/root/path/bitcoin-detached-sigs
-
-./bin/gbuild --url bitcoin=${BTCPATH},signature=${SIGPATH} ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
-```
-
-Signing externally
--------------------
-
-If you want to do the PGP signing on another device, that's also possible; just define `SIGNER` as mentioned
-and follow the steps in the build process as normal.
-
- gpg: skipped "laanwj": secret key not available
-
-When you execute `gsign` you will get an error from GPG, which can be ignored. Copy the resulting `.assert` files
-in `gitian.sigs` to your signing machine and do
-
-```bash
- gpg --detach-sign ${VERSION}-linux/${SIGNER}/bitcoin-linux-build.assert
- gpg --detach-sign ${VERSION}-win/${SIGNER}/bitcoin-win-build.assert
- gpg --detach-sign ${VERSION}-osx-unsigned/${SIGNER}/bitcoin-osx-build.assert
-```
-
-This will create the `.sig` files that can be committed together with the `.assert` files to assert your
-Gitian build.
-
-Uploading signatures
----------------------
-
-After building and signing you can push your signatures (both the `.assert` and `.assert.sig` files) to the
-[bitcoin-core/gitian.sigs](https://github.com/bitcoin-core/gitian.sigs/) repository, or if that's not possible create a pull
-request. You can also mail the files to Wladimir (laanwj@gmail.com) and he will commit them.
+This file was moved to [the Bitcoin Core documentation repository](https://github.com/bitcoin-core/docs/blob/master/gitian-building.md) at [https://github.com/bitcoin-core/docs](https://github.com/bitcoin-core/docs).