Commit graph

40 commits

Author SHA1 Message Date
Wladimir J. van der Laan
2cc0df1fce
Merge #9514: release: Windows signing script
09fe2d9 release: update docs to show basic codesigning procedure (Cory Fields)
f642753 release: create a bundle for the new signing script (Cory Fields)
0068361 release: add win detached sig creator and our cert chain (Cory Fields)

Tree-SHA512: 032ad84697c70faaf857b9187f548282722cffca95d658e36413dc048ff02d9183253373254ffcc1158afb71140753f35abfc9fc8781ea5329c04d13c98759c0
2017-03-13 07:44:53 +01:00
Cory Fields
8e5cca027f gitian: bump descriptors for master
This was skipped for the 0.14 cycle.
2017-02-17 16:11:43 -05:00
Cory Fields
f642753887 release: create a bundle for the new signing script
Also change the mac filename to match

The procedure remains the same, but now there's a nifty script to automate
the signing process.

Future steps:
- Build osslsigncode in the gitian-win descriptor so that the signer itself is
  deterministic.
- Verify in the gitian-win-signer descriptor that the expected cert chain was
  used.
2017-01-10 18:58:09 -05:00
Micha
3f7581d9a4
[TRIVIAL] reorder Windows gitian build order to match Linux
The consistency is helpful for gauging Gitian build progress. Right now it's necessary to remember which platform builds in which order, which can be confusing if you're attempting to get a quick idea of how far along your builds are.
2016-10-18 01:07:53 +03:00
MarcoFalke
fa61756842 [gitian] set correct PATH for wrappers 2016-06-12 14:22:07 +02:00
Wladimir J. van der Laan
fd9881ae67
Merge #7283: [gitian] Default reference_datetime to commit author date
fa42a67 [gitian] hardcode datetime for depends (MarcoFalke)
fa58c76 [gitian] Default reference_datetime to commit author date (MarcoFalke)
2016-06-09 11:14:20 +02:00
Wladimir J. van der Laan
74c1347482 gitian: Add --disable-bench to config flags for windows
Forgot to do this in #7776.
2016-06-09 07:14:42 +02:00
Cory Fields
7e7eb2724e gitian: create debug packages for linux/windows
The -debug tarballs/zips contain detached debugging symbols. To use them, place
in the same dir as the target binary, and invoke gdb as usual.

Also, because the debug symbols add a substantial space requirement, the build
dirs are now deleted when they're no longer needed.
2016-06-07 23:13:49 -04:00
Cory Fields
ad38204e6e gitian: use CONFIG_SITE rather than hijacking the prefix 2016-06-07 22:11:43 -04:00
MarcoFalke
fa42a675c0 [gitian] hardcode datetime for depends 2016-04-10 22:58:16 +02:00
Wladimir J. van der Laan
f063863d1f build: Remove unnecessary executables from gitian release
This removes the following executables from the binary gitian release:

- test_bitcoin-qt[.exe]
- bench_bitcoin[.exe]

@jonasschnelli and me discussed this on IRC a few days ago - unlike the
normal `bitcoin_tests` which is useful to see if it is safe to run
bitcoin on a certain OS/environment combination, there is no good reason
to include these. Better to leave them out to reduce the download
size.

Sizes from the 0.12 release:
```
2.4M bitcoin-0.12.0/bin/bench_bitcoin.exe
 22M bitcoin-0.12.0/bin/test_bitcoin-qt.exe
```
2016-04-03 15:11:44 +02:00
MarcoFalke
fa58c76b9f [gitian] Default reference_datetime to commit author date 2016-03-01 19:47:27 +01:00
Luke Dashjr
e5daa2e2ae Merge branch 'master' into depends_curl 2016-02-27 06:11:37 +00:00
Luke Dashjr
5c70a6d6d1 Bugfix: gitian: Add curl to packages (now needed for depends) 2016-02-27 06:09:18 +00:00
Cory Fields
a81c87fafc release: add security/symbol checks to gitian 2016-01-26 23:07:04 -05:00
Wladimir J. van der Laan
3b468a0e60 gitian: Need ca-certificates and python for LXC builds 2016-01-18 10:59:14 +01:00
Wladimir J. van der Laan
eb2b74526a
Merge pull request #7251
fa09562 [gitian] Set reference date to something more recent (MarcoFalke)
2016-01-04 09:29:58 +01:00
MarcoFalke
fa095622c2 [gitian] Set reference date to something more recent 2016-01-02 18:11:49 +01:00
Wladimir J. van der Laan
c12ff995f7
Now that 0.12 has been branched, master is 0.12.99
... in preparation for 0.13
2015-12-03 12:07:01 +01:00
Wladimir J. van der Laan
957c0fd7c0 gitian: make windows build deterministic 2015-11-19 13:01:35 +01:00
Wladimir J. van der Laan
2e31d74b71 gitian: use trusty for building 2015-11-16 16:39:24 +01:00
Wladimir J. van der Laan
21d27ebad5 net: Disable upnp by default
Common sentiment is that the miniupnpc codebase likely contains further
vulnerabilities.

I'd prefer to get rid of the dependency completely, but a compromise for
now is to at least disable it by default.
2015-10-09 21:09:44 +02:00
Cory Fields
a3ba9a553a gitian: make the windows signing process match OSX 2015-06-30 10:57:14 -04:00
Cory Fields
960e99404f gitian: Bump cache dir for current master
Do not backport.
2015-06-02 10:41:56 -04:00
Cory Fields
be656283f9 gitian: bump faketime to something more recent
This helps in file views where binaries are sorted by time
2015-06-02 10:39:34 -04:00
Cory Fields
06715165f9 build: change reduce exports/static libstdc++ options for gitian and travis
For Gitian releases:
  - Windows builds remain unchanged. libstdc++ was already linked statically.
  - OSX builds remain unchanged. libstdc++ is tied to the SDK and not worth
    messing with.
  - Linux builds now statically link libstdc++.

For Travis:
  - Match the previous behavior by adding --enable-reduce-exports as
  necessary.
  - Use static libstdc++ for the full Linux build.
2015-02-23 18:22:58 -05:00
Cory Fields
0c6ab676ee gitian: don't add . to tar list
Since permissions and timestamps are changed for the sake of determinism,
. must not be added to the archive. Otherwise, tar may try to modify pwd when
extracting.
2015-02-13 03:08:08 -05:00
Cory Fields
566c6cb8a2 gitian: attempt to fix tarball determinisim 2014-12-23 19:43:27 -05:00
Cory Fields
52bb7a7e1b gitian: update descriptors to use a sane uniform output 2014-11-25 18:49:02 -05:00
Cory Fields
246659aff1 gitian: make tarballs deterministic and nuke .la files from build output 2014-11-19 22:49:41 -05:00
Cory Fields
1aead42d41 gitian: descriptors overhaul
Descriptors now make use of the dependencies builder, so results are cached.
A very new version (>= e9741525c) of Gitian should be used in order to take
advantage of caching.
2014-11-19 22:49:41 -05:00
Luke Dashjr
ab72068565 Bugfix: Replace bashisms with standard sh in gitian descriptors 2014-10-03 23:45:26 +00:00
Wladimir J. van der Laan
6e7c4d17d8 gitian: upgrade OpenSSL to 1.0.1h
Upgrade for https://www.openssl.org/news/secadv_20140605.txt

Just in case - there is no vulnerability that affects ecdsa signing or
verification.

The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.

As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.

The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
2014-06-05 17:24:38 +02:00
Wladimir J. van der Laan
25d4911e86 gitian: upgrade miniupnpc input to 1.9
Bumps deps-linux, deps-win dependency versions as well.

qt-win does not need to be bumped, as although it depends on deps-win,
Qt doesn't use miniupnp. I verified this by rebuilding the dependency
and checking the the output is the same. Not having to rebuild Qt is a
good thing as it is huge.
2014-04-09 14:24:17 +02:00
Wladimir J. van der Laan
178825dec3
gitian: Version bump for Qt dependency
Bump Qt dependency version after OpenSSL update.
Very important. Thanks @michagogo for noting.
2014-04-08 11:51:59 +02:00
Wladimir J. van der Laan
4a811b0053
gitian: upgrade openssl to 1.0.1g for both win and linux
OpenSSL 1.0.1g fixes CVE-2014-0160.

Also bump dependency versions.
2014-04-08 08:40:02 +02:00
Wladimir J. van der Laan
93c3e21e92 Re-enable UPnP by default in gitian builds
IIRC this was the case with 0.8.6, so let's keep this to avoid the risk
of losing connectable nodes with 0.9 release.

Also our miniupnpc library was recently updated and I've heard
reports that it works better than before now.
2014-02-27 15:44:00 +01:00
Wladimir J. van der Laan
4ce9106ff8 gitian: sort generated source distribution archive for windows
Make the bitcoin-X.X.X.tar.gz deterministic.
2014-02-10 17:07:36 +01:00
Wladimir J. van der Laan
65615a3a78 Gitian fixes for 0.9.0rc1 build
- Add 'g++' package (virtualbox images don't have this by default)
- Workaround for determinism in Qt5 resources
- Pass --disable-maintainer-mode --disable-dependency-tracking to
  configure for libqrencode to avoid random errors about missing m4
  directory
- Fix typo -with-pic -> --with-pic

It is not necessary to rebuild dependencies after this commit.
Fixes #3610 and #3612.
2014-02-03 14:43:51 +01:00
Wladimir J. van der Laan
f622232bcf gitian: Windows 64 bit support
- Build a 64 bit version of all dependencies
- Show 32/64 bit version in "About..." for x86
- Export 64-bit .exes and installer from gitian build
2014-01-21 14:02:13 +01:00