| Age | Commit message (Collapse) | Author |
|---|
|
fabb72b contrib: Remove xpired 522739F6 key (MarcoFalke)
faeab66 contrib: Replace developer keys with list of pgp fingerprints (MarcoFalke)
Pull request description:
Having to host a copy of the keys in this repo was a common source of discussion and distraction, caused by problems such as:
* Outdated keys. Unclear whether and when to replace by fresh copies.
* Unclear when to add a key of a new developer or Gitian builder.
The problems are solved by
* Having no keys but only the fingerprints
* Adding a rule of thumb, when to add a new key
<strike>Moving the keys to a different repo solves none of these issues, but since the keys are not bound to releases or git branches of Bitcoin Core, they should live somewhere else.
Obviously, all keys are hosted and distributed on key servers, but were added to the repo solely for convenience and redundancy.
Moving the mirror of those keys to a different repo makes it less distracting to update them -- let's say -- prior to every major release.
I updated our `doc/release-process.md` to reflect the new location.
DEPENDS_ON https://github.com/bitcoin-core/gitian.sigs/pull/621
</strike>
Tree-SHA512: c00795a07603190e26dc4526f6ce11e492fb048dc7ef54b38f859b77dcde25f58ec4449f5cf3f85a5e9c2dd2743bde53f7ff03c8eccf0d75d51784a6b164e47d
|
|
7444149 Document method for reviewers to verify chainTxData (John Newbery)
Pull request description:
This commit adds the final block hash of the window to getchaintxstats
and documents how reviewers can verify changes to chainTxData.
Tree-SHA512: d16abb5f47d058e52660f4d495f1e453205b1b83716d7c810ff62a70338db721386c1808ec1fc8468f514e4d80cc58e3c96eeb3184cbbcb1d07830fa5e53f342
|
|
This commit adds the final block hash of the window to getchaintxstats
and documents how reviewers can verify changes to chainTxData.
|
|
1340eda3b7 Fix typos (practicalswift)
Pull request description:
Fix typos.
Tree-SHA512: 533a136831387ef26e9a74ba078437496bee38cc026da73fa9e6f6e7f4d5665eccac24cf3ef05e6d3af1329a1214f5ce71b039ddb8378b074e6d4408b8701f95
|
|
Adds a short explanation how to update chainTxData to the release
process. Mention where to get the data, and link to an example.
|
|
|
|
|
|
|
|
|
|
41b8821 Add updating of chainTxData to release process (Pieter Wuille)
Tree-SHA512: f7d6e72b19aa83fc4851a9316d6c6a236e0e914d637525cda42c0b15a94543b8072ce67b57d6b12141332a03b64b6c715dff4d61e6e58e0197b22305b35ad65d
|
|
09fe2d9 release: update docs to show basic codesigning procedure (Cory Fields)
f642753 release: create a bundle for the new signing script (Cory Fields)
0068361 release: add win detached sig creator and our cert chain (Cory Fields)
Tree-SHA512: 032ad84697c70faaf857b9187f548282722cffca95d658e36413dc048ff02d9183253373254ffcc1158afb71140753f35abfc9fc8781ea5329c04d13c98759c0
|
|
|
|
This disentangles the script validation skipping from checkpoints.
A new option is introduced "assumevalid" which specifies a block whos
ancestors we assume all have valid scriptsigs and so we do not check
them when they are also burried under the best header by two weeks
worth of work.
Unlike checkpoints this has no influence on consensus unless you set
it to a block with an invalid history. Because of this it can be
easily be updated without risk of influencing the network consensus.
This results in a massive IBD speedup.
This approach was independently recommended by Peter Todd and Luke-Jr
since POW based signature skipping (see PR#9180) does not have the
verifiable properties of a specific hash and may create bad incentives.
The downside is that, like checkpoints, the defaults bitrot and older
releases will sync slower. On the plus side users can provide their
own value here, and if they set it to something crazy all that will
happen is more time will be spend validating signatures.
Checkblocks and checklevel are also moved to the hidden debug options:
Especially now that checkblocks has a low default there is little need
to change these settings, and users frequently misunderstand them as
influencing security or IBD speed. By hiding them we offset the
space added by this new option.
|
|
|
|
|
|
This introduces a 'minimum chain work' chainparam which is intended
to be the known amount of work in the chain for the network at the
time of software release. If you don't have this much work, you're
not yet caught up.
This is used instead of the count of blocks test from checkpoints.
This criteria is trivial to keep updated as there is no element of
subjectivity, trust, or position dependence to it. It is also a more
reliable metric of sync status than a block count.
|
|
* Minor formatting such as adjusting links
* Move sections of `doc/multiwallet-qt.md` to the source code and delete
the file, as it is outdated
* Fix typo in the release notes
* Amend release process to mention update of BLOCK_CHAIN_SIZE
|
|
203e2dd Mention Gitian building script in doc. (Lauda)
|
|
|
|
|
|
|
|
|
|
06f40ef depends: Mention aarch64 as common cross-compile target (Wladimir J. van der Laan)
05f64c9 doc: Mention Linux ARM builds in release notes (Wladimir J. van der Laan)
b7bf037 doc: Mention ARM executables in release process (Wladimir J. van der Laan)
|
|
Mention ARM executables in the release process documentation
(these were introduced in #8188).
As well as that Linux tarballs have changed name to contain an
architecture tuple, instead of `linux32`/`linux64`.
Also mention that `-debug` files should not be uploaded (these were
introduced in #8167).
|
|
|
|
|
|
The actual release process quite diverged from what was written here,
also clarify things a bit.
|
|
|
|
|
|
|
|
Instruct people to "git fetch" so that if this is their 2nd+ gitian build they will have a fresh bitcoin repo.
Instruct people to add all the known pgp keys to their keyring so that gverify will print more useful info.
|
|
- OSX —> OS X
- XCode —> Xcode
- github —> GitHub
- homebrew —> Homebrew
- gitian —> Gitian
- Other miscellaneous obvious spelling fixes and whitespace removal
|
|
|
|
done automatically.
At some point along the line, fully offline builds were no longer happening
when strictly following the release-process.md instructions.
We should ensure that users who might want to torify or build offline need
to take extra steps to remain offline.
Also, corrections to build process: including gverify examples for new builders.
|
|
This is an ideal version of what the release process should look like,
making it more consistent with the OS X process. Some of the changes
described here would need to be made in the descriptors, which is somewhat
beyond what I would feel comfortable doing, not really understanding the signature process in depth.
[skip ci]
|
|
This is exactly like the current OSX signing process.
osslsigncode has been patched to detach and re-attach Windows signatures.
The changes can be seen here: https://github.com/theuni/osslsigncode/commits/attach-signature
There's a pull-request open upstream for the changes:
https://sourceforge.net/p/osslsigncode/osslsigncode/merge-requests/3/
This work has been back-ported to the stable 1.7.1 release of osslsigncode, so
that a smaller patch can be reviewed.
|
|
Rather than fetching a signature.tar.gz from somewhere on the net, instruct
Gitian to use a signature from a tag in the bitcoin-detached-sigs repository
which corresponds to the tag of the release being built.
This changes detached-sig-apply.sh to take a dirname rather than a tarball as
an argument, though detached-sig-create.sh still outputs a tarball for
convenience.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Add instructions for manually fetching sources, as well as some misc. fixes.
|
|
|
|
- Split linux32/linux64 releases
- Split win32/win64 zips
- Post-processing should no longer be required. The deterministic outputs are
ready for consumption.
|
|
|
|
0dcb0a5 doc: Add instructions for consistent Mac OS X build names (Saivann)
|
|
|
|
|
