gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures
Rather than fetching a signature.tar.gz from somewhere on the net, instruct Gitian to use a signature from a tag in the bitcoin-detached-sigs repository which corresponds to the tag of the release being built. This changes detached-sig-apply.sh to take a dirname rather than a tarball as an argument, though detached-sig-create.sh still outputs a tarball for convenience.
This commit is contained in:
parent
eba2f061a0
commit
c110575a92
4 changed files with 11 additions and 11 deletions
|
@ -8,10 +8,11 @@ packages:
|
||||||
- "libc6:i386"
|
- "libc6:i386"
|
||||||
- "faketime"
|
- "faketime"
|
||||||
reference_datetime: "2015-06-01 00:00:00"
|
reference_datetime: "2015-06-01 00:00:00"
|
||||||
remotes: []
|
remotes:
|
||||||
|
- "url": "https://github.com/bitcoin/bitcoin-detached-sigs.git"
|
||||||
|
"dir": "signature"
|
||||||
files:
|
files:
|
||||||
- "bitcoin-osx-unsigned.tar.gz"
|
- "bitcoin-osx-unsigned.tar.gz"
|
||||||
- "signature.tar.gz"
|
|
||||||
script: |
|
script: |
|
||||||
WRAP_DIR=$HOME/wrapped
|
WRAP_DIR=$HOME/wrapped
|
||||||
mkdir -p ${WRAP_DIR}
|
mkdir -p ${WRAP_DIR}
|
||||||
|
@ -32,6 +33,6 @@ script: |
|
||||||
SIGNED=bitcoin-osx-signed.dmg
|
SIGNED=bitcoin-osx-signed.dmg
|
||||||
|
|
||||||
tar -xf ${UNSIGNED}
|
tar -xf ${UNSIGNED}
|
||||||
./detached-sig-apply.sh ${UNSIGNED} signature.tar.gz
|
./detached-sig-apply.sh ${UNSIGNED} signature/osx
|
||||||
${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "Bitcoin-Core" -no-pad -r -apple -o uncompressed.dmg signed-app
|
${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "Bitcoin-Core" -no-pad -r -apple -o uncompressed.dmg signed-app
|
||||||
${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}
|
${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}
|
||||||
|
|
|
@ -20,7 +20,7 @@ fi
|
||||||
|
|
||||||
rm -rf ${TEMPDIR} && mkdir -p ${TEMPDIR}
|
rm -rf ${TEMPDIR} && mkdir -p ${TEMPDIR}
|
||||||
tar -C ${TEMPDIR} -xf ${UNSIGNED}
|
tar -C ${TEMPDIR} -xf ${UNSIGNED}
|
||||||
tar -C ${TEMPDIR} -xf ${SIGNATURE}
|
cp -rf "${SIGNATURE}"/* ${TEMPDIR}
|
||||||
|
|
||||||
if [ -z "${PAGESTUFF}" ]; then
|
if [ -z "${PAGESTUFF}" ]; then
|
||||||
PAGESTUFF=${TEMPDIR}/pagestuff
|
PAGESTUFF=${TEMPDIR}/pagestuff
|
||||||
|
|
|
@ -7,6 +7,7 @@ CODESIGN=codesign
|
||||||
TEMPDIR=sign.temp
|
TEMPDIR=sign.temp
|
||||||
TEMPLIST=${TEMPDIR}/signatures.txt
|
TEMPLIST=${TEMPDIR}/signatures.txt
|
||||||
OUT=signature.tar.gz
|
OUT=signature.tar.gz
|
||||||
|
OUTROOT=osx
|
||||||
|
|
||||||
if [ ! -n "$1" ]; then
|
if [ ! -n "$1" ]; then
|
||||||
echo "usage: $0 <codesign args>"
|
echo "usage: $0 <codesign args>"
|
||||||
|
@ -23,7 +24,7 @@ grep -v CodeResources < "${TEMPLIST}" | while read i; do
|
||||||
TARGETFILE="${BUNDLE}/`echo "${i}" | sed "s|.*${BUNDLE}/||"`"
|
TARGETFILE="${BUNDLE}/`echo "${i}" | sed "s|.*${BUNDLE}/||"`"
|
||||||
SIZE=`pagestuff "$i" -p | tail -2 | grep size | sed 's/[^0-9]*//g'`
|
SIZE=`pagestuff "$i" -p | tail -2 | grep size | sed 's/[^0-9]*//g'`
|
||||||
OFFSET=`pagestuff "$i" -p | tail -2 | grep offset | sed 's/[^0-9]*//g'`
|
OFFSET=`pagestuff "$i" -p | tail -2 | grep offset | sed 's/[^0-9]*//g'`
|
||||||
SIGNFILE="${TEMPDIR}/${TARGETFILE}.sign"
|
SIGNFILE="${TEMPDIR}/${OUTROOT}/${TARGETFILE}.sign"
|
||||||
DIRNAME="`dirname "${SIGNFILE}"`"
|
DIRNAME="`dirname "${SIGNFILE}"`"
|
||||||
mkdir -p "${DIRNAME}"
|
mkdir -p "${DIRNAME}"
|
||||||
echo "Adding detached signature for: ${TARGETFILE}. Size: ${SIZE}. Offset: ${OFFSET}"
|
echo "Adding detached signature for: ${TARGETFILE}. Size: ${SIZE}. Offset: ${OFFSET}"
|
||||||
|
@ -32,7 +33,7 @@ done
|
||||||
|
|
||||||
grep CodeResources < "${TEMPLIST}" | while read i; do
|
grep CodeResources < "${TEMPLIST}" | while read i; do
|
||||||
TARGETFILE="${BUNDLE}/`echo "${i}" | sed "s|.*${BUNDLE}/||"`"
|
TARGETFILE="${BUNDLE}/`echo "${i}" | sed "s|.*${BUNDLE}/||"`"
|
||||||
RESOURCE="${TEMPDIR}/${TARGETFILE}"
|
RESOURCE="${TEMPDIR}/${OUTROOT}/${TARGETFILE}"
|
||||||
DIRNAME="`dirname "${RESOURCE}"`"
|
DIRNAME="`dirname "${RESOURCE}"`"
|
||||||
mkdir -p "${DIRNAME}"
|
mkdir -p "${DIRNAME}"
|
||||||
echo "Adding resource for: "${TARGETFILE}""
|
echo "Adding resource for: "${TARGETFILE}""
|
||||||
|
|
|
@ -92,15 +92,13 @@ Commit your signature to gitian.sigs:
|
||||||
popd
|
popd
|
||||||
|
|
||||||
Wait for OSX detached signature:
|
Wait for OSX detached signature:
|
||||||
Once the OSX build has 3 matching signatures, Gavin will sign it with the apple App-Store key.
|
Once the OSX build has 3 matching signatures, it will be signed with the Apple App-Store key.
|
||||||
He will then upload a detached signature to be combined with the unsigned app to create a signed binary.
|
A detached signature will then be committed to the bitcoin-detached-sigs repository, which can be combined with the unsigned app to create a signed binary.
|
||||||
|
|
||||||
Create the signed OSX binary:
|
Create the signed OSX binary:
|
||||||
|
|
||||||
pushd ./gitian-builder
|
pushd ./gitian-builder
|
||||||
# Fetch the signature as instructed by Gavin
|
./bin/gbuild -i --commit signature=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml
|
||||||
cp signature.tar.gz inputs/
|
|
||||||
./bin/gbuild -i ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml
|
|
||||||
./bin/gsign --signer $SIGNER --release ${VERSION}-osx-signed --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml
|
./bin/gsign --signer $SIGNER --release ${VERSION}-osx-signed --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml
|
||||||
mv build/out/bitcoin-osx-signed.dmg ../bitcoin-${VERSION}-osx.dmg
|
mv build/out/bitcoin-osx-signed.dmg ../bitcoin-${VERSION}-osx.dmg
|
||||||
popd
|
popd
|
||||||
|
|
Loading…
Reference in a new issue