diff options
Diffstat (limited to 'doc/release-process.md')
-rw-r--r-- | doc/release-process.md | 49 |
1 files changed, 27 insertions, 22 deletions
diff --git a/doc/release-process.md b/doc/release-process.md index cdcee0ec36..5ecb9334f5 100644 --- a/doc/release-process.md +++ b/doc/release-process.md @@ -25,7 +25,7 @@ Release Process ###update gitian - In order to take advantage of the new caching features in gitian, be sure to update to a recent version (e9741525c or higher is recommended) + In order to take advantage of the new caching features in gitian, be sure to update to a recent version (`e9741525c` or later is recommended) ###perform gitian builds @@ -41,10 +41,12 @@ Release Process ###fetch and build inputs: (first time, or when dependency versions change) mkdir -p inputs + wget -P inputs https://bitcoincore.org/cfields/osslsigncode-Backports-to-1.7.1.patch + wget -P inputs http://downloads.sourceforge.net/project/osslsigncode/osslsigncode/osslsigncode-1.7.1.tar.gz Register and download the Apple SDK: (see OSX Readme for details) - https://developer.apple.com/downloads/download.action?path=Developer_Tools/xcode_6.1.1/xcode_6.1.1.dmg + https://developer.apple.com/devcenter/download.action?path=/Developer_Tools/xcode_6.1.1/xcode_6.1.1.dmg Using a Mac, create a tarball for the 10.9 SDK and copy it to the inputs directory: @@ -64,20 +66,21 @@ Release Process ./bin/gsign --signer $SIGNER --release ${VERSION}-linux --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml mv build/out/bitcoin-*.tar.gz build/out/src/bitcoin-*.tar.gz ../ ./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-win --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win.yml + ./bin/gsign --signer $SIGNER --release ${VERSION}-win-unsigned --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win.yml + mv build/out/bitcoin-*-win-unsigned.tar.gz inputs/bitcoin-win-unsigned.tar.gz mv build/out/bitcoin-*.zip build/out/bitcoin-*.exe ../ ./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml ./bin/gsign --signer $SIGNER --release ${VERSION}-osx-unsigned --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml - mv build/out/bitcoin-*-unsigned.tar.gz inputs/bitcoin-osx-unsigned.tar.gz + mv build/out/bitcoin-*-osx-unsigned.tar.gz inputs/bitcoin-osx-unsigned.tar.gz mv build/out/bitcoin-*.tar.gz build/out/bitcoin-*.dmg ../ popd Build output expected: 1. source tarball (bitcoin-${VERSION}.tar.gz) - 2. linux 32-bit and 64-bit binaries dist tarballs (bitcoin-${VERSION}-linux[32|64].tar.gz) - 3. windows 32-bit and 64-bit installers and dist zips (bitcoin-${VERSION}-win[32|64]-setup.exe, bitcoin-${VERSION}-win[32|64].zip) - 4. OSX unsigned installer (bitcoin-${VERSION}-osx-unsigned.dmg) - 5. Gitian signatures (in gitian.sigs/${VERSION}-<linux|win|osx-unsigned>/(your gitian key)/ + 2. linux 32-bit and 64-bit dist tarballs (bitcoin-${VERSION}-linux[32|64].tar.gz) + 3. windows 32-bit and 64-bit unsigned installers and dist zips (bitcoin-${VERSION}-win[32|64]-setup-unsigned.exe, bitcoin-${VERSION}-win[32|64].zip) + 4. OSX unsigned installer and dist tarball (bitcoin-${VERSION}-osx-unsigned.dmg, bitcoin-${VERSION}-osx64.tar.gz) + 5. Gitian signatures (in gitian.sigs/${VERSION}-<linux|{win,osx}-unsigned>/(your gitian key)/ ###Next steps: @@ -85,30 +88,38 @@ Commit your signature to gitian.sigs: pushd gitian.sigs git add ${VERSION}-linux/${SIGNER} - git add ${VERSION}-win/${SIGNER} + git add ${VERSION}-win-unsigned/${SIGNER} git add ${VERSION}-osx-unsigned/${SIGNER} git commit -a git push # Assuming you can push to the gitian.sigs tree popd - Wait for OSX detached signature: - Once the OSX build has 3 matching signatures, Gavin will sign it with the apple App-Store key. - He will then upload a detached signature to be combined with the unsigned app to create a signed binary. + Wait for Windows/OSX detached signatures: + Once the Windows/OSX builds each have 3 matching signatures, they will be signed with their respective release keys. + Detached signatures will then be committed to the bitcoin-detached-sigs repository, which can be combined with the unsigned apps to create signed binaries. Create the signed OSX binary: pushd ./gitian-builder - # Fetch the signature as instructed by Gavin - cp signature.tar.gz inputs/ - ./bin/gbuild -i ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml + ./bin/gbuild -i --commit signature=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml ./bin/gsign --signer $SIGNER --release ${VERSION}-osx-signed --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml mv build/out/bitcoin-osx-signed.dmg ../bitcoin-${VERSION}-osx.dmg popd -Commit your signature for the signed OSX binary: + Create the signed Windows binaries: + + pushd ./gitian-builder + ./bin/gbuild -i --commit signature=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml + ./bin/gsign --signer $SIGNER --release ${VERSION}-win-signed --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml + mv build/out/bitcoin-*win64-setup.exe ../bitcoin-${VERSION}-win64-setup.exe + mv build/out/bitcoin-*win32-setup.exe ../bitcoin-${VERSION}-win32-setup.exe + popd + +Commit your signature for the signed OSX/Windows binaries: pushd gitian.sigs git add ${VERSION}-osx-signed/${SIGNER} + git add ${VERSION}-win-signed/${SIGNER} git commit -a git push # Assuming you can push to the gitian.sigs tree popd @@ -117,12 +128,6 @@ Commit your signature for the signed OSX binary: ### After 3 or more people have gitian-built and their results match: -- Perform code-signing. - - - Code-sign Windows -setup.exe (in a Windows virtual machine using signtool) - - Note: only Gavin has the code-signing keys currently. - - Create `SHA256SUMS.asc` for the builds, and GPG-sign it: ```bash sha256sum * > SHA256SUMS |