Commit graph

79 commits

Author SHA1 Message Date
Wladimir J. van der Laan
2cc0df1fce
Merge #9514: release: Windows signing script
09fe2d9 release: update docs to show basic codesigning procedure (Cory Fields)
f642753 release: create a bundle for the new signing script (Cory Fields)
0068361 release: add win detached sig creator and our cert chain (Cory Fields)

Tree-SHA512: 032ad84697c70faaf857b9187f548282722cffca95d658e36413dc048ff02d9183253373254ffcc1158afb71140753f35abfc9fc8781ea5329c04d13c98759c0
2017-03-13 07:44:53 +01:00
Gregory Maxwell
e440ac7ef3 Introduce assumevalid setting to skip presumed valid scripts.
This disentangles the script validation skipping from checkpoints.

A new option is introduced "assumevalid" which specifies a block whos
 ancestors we assume all have valid scriptsigs and so we do not check
 them when they are also burried under the best header by two weeks
 worth of work.

Unlike checkpoints this has no influence on consensus unless you set
 it to a block with an invalid history.  Because of this it can be
 easily be updated without risk of influencing the network consensus.

This results in a massive IBD speedup.

This approach was independently recommended by Peter Todd and Luke-Jr
 since POW based signature skipping (see PR#9180) does not have the
 verifiable properties of a specific hash and may create bad incentives.

The downside is that, like checkpoints, the defaults bitrot and older
 releases will sync slower.  On the plus side users can provide their
 own value here, and if they set it to something crazy all that will
 happen is more time will be spend validating signatures.

Checkblocks and checklevel are also moved to the hidden debug options:
 Especially now that checkblocks has a low default there is little need
 to change these settings, and users frequently misunderstand them as
 influencing security or IBD speed.  By hiding them we offset the
 space added by this new option.
2017-01-13 15:42:24 +00:00
Cory Fields
09fe2d9ec4 release: update docs to show basic codesigning procedure 2017-01-10 20:32:03 -05:00
MarcoFalke
faead5e1a9 [doc] release-process: Mention GitHub release and archived release notes 2016-11-07 11:07:18 +01:00
Gregory Maxwell
fd46136dfa IBD check uses minimumchain work instead of checkpoints.
This introduces a 'minimum chain work' chainparam which is intended
 to be the known amount of work in the chain for the network at the
 time of software release.  If you don't have this much work, you're
 not yet caught up.

This is used instead of the count of blocks test from checkpoints.

This criteria is trivial to keep updated as there is no element of
subjectivity, trust, or position dependence to it. It is also a more
reliable metric of sync status than a block count.
2016-11-02 01:47:02 +00:00
MarcoFalke
eeeebdd3cb [doc] Rework docs
* Minor formatting such as adjusting links
* Move sections of `doc/multiwallet-qt.md` to the source code and delete
  the file, as it is outdated
* Fix typo in the release notes
* Amend release process to mention update of BLOCK_CHAIN_SIZE
2016-10-04 13:27:38 +02:00
Wladimir J. van der Laan
7b784cc2bb
Merge #8852: Mention Gitian building script in doc (Laudaa)
203e2dd Mention Gitian building script in doc. (Lauda)
2016-09-30 20:50:44 +02:00
Lauda
203e2ddad8 Mention Gitian building script in doc. 2016-09-30 20:32:10 +02:00
fanquake
b1948723c9 Remove old manpages from contrib/debian 2016-09-25 13:33:57 +02:00
fanquake
c25083bcef
[trivial][doc] Mention gpg --refresh-keys in release-process.md 2016-08-26 20:08:30 +08:00
MarcoFalke
faa59318db [doc] gbuild: Set memory explicitly (default is too low) 2016-07-18 10:55:14 +02:00
Wladimir J. van der Laan
9f1807af24
Merge #8233: Mention Linux ARM executables in release process and notes
06f40ef depends: Mention aarch64 as common cross-compile target (Wladimir J. van der Laan)
05f64c9 doc: Mention Linux ARM builds in release notes (Wladimir J. van der Laan)
b7bf037 doc: Mention ARM executables in release process (Wladimir J. van der Laan)
2016-06-22 14:51:21 +02:00
Wladimir J. van der Laan
b7bf037121 doc: Mention ARM executables in release process
Mention ARM executables in the release process documentation
(these were introduced in #8188).
As well as that Linux tarballs have changed name to contain an
architecture tuple, instead of `linux32`/`linux64`.
Also mention that `-debug` files should not be uploaded (these were
introduced in #8167).
2016-06-21 14:14:25 +02:00
fanquake
e5a680dc6a
[Doc] Update OS X build notes for 10.11 SDK 2016-06-20 20:30:08 +08:00
MarcoFalke
faf3d11ad7 [doc] Update bitcoin-core GitHub links 2016-04-29 23:07:06 +02:00
Wladimir J. van der Laan
c907f4d56b doc: Update release process
The actual release process quite diverged from what was written here,
also clarify things a bit.
2016-04-25 13:29:53 +02:00
MarcoFalke
faf4c837fb [gitian] Move keys to contrib/gitian-keys 2016-04-15 11:58:46 +02:00
MarcoFalke
fa97f95c15 [doc] Fix markdown 2016-03-01 14:35:19 +01:00
MarcoFalke
fa616c2fed [doc] Update release-process.md 2016-02-04 00:08:34 +01:00
Paul Rabahy
c6325cf2f9 Minor improvements to the release process
Instruct people to "git fetch" so that if this is their 2nd+ gitian build they will have a fresh bitcoin repo.
Instruct people to add all the known pgp keys to their keyring so that gverify will print more useful info.
2016-01-26 18:26:08 -05:00
Mitchell Cash
99963b938f Correct spelling mistakes in doc folder
- OSX —> OS X
- XCode —> Xcode
- github —> GitHub
- homebrew —> Homebrew
- gitian —> Gitian
- Other miscellaneous obvious spelling fixes and whitespace removal
2015-10-18 06:25:43 +10:00
Michael
a0d5e0d2f4 [doc] Cleanup release-process documentation 2015-10-14 07:54:29 +08:00
Midnight Magic
c73a8ea271
Clarifying offline build process using gbuild --url and noting it is not
done automatically.

At some point along the line, fully offline builds were no longer happening
when strictly following the release-process.md instructions.

We should ensure that users who might want to torify or build offline need
to take extra steps to remain offline.

Also, corrections to build process: including gverify examples for new builders.
2015-09-17 14:25:41 -07:00
Micha
6e849b8309 Ideal release process for Windows detached signing
This is an ideal version of what the release process should look like,
making it more consistent with the OS X process. Some of the changes
described here would need to be made in the descriptors, which is somewhat
beyond what I would feel comfortable doing, not really understanding the signature process in depth.

[skip ci]
2015-06-30 11:22:41 -04:00
Cory Fields
d08cfc2bd7 gitian: add a gitian-win-signer descriptor
This is exactly like the current OSX signing process.

osslsigncode has been patched to detach and re-attach Windows signatures.
The changes can be seen here: https://github.com/theuni/osslsigncode/commits/attach-signature

There's a pull-request open upstream for the changes:
https://sourceforge.net/p/osslsigncode/osslsigncode/merge-requests/3/

This work has been back-ported to the stable 1.7.1 release of osslsigncode, so
that a smaller patch can be reviewed.
2015-06-18 18:17:36 -04:00
Cory Fields
c110575a92 gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures
Rather than fetching a signature.tar.gz from somewhere on the net, instruct
Gitian to use a signature from a tag in the bitcoin-detached-sigs repository
which corresponds to the tag of the release being built.

This changes detached-sig-apply.sh to take a dirname rather than a tarball as
an argument, though detached-sig-create.sh still outputs a tarball for
convenience.
2015-06-10 17:54:46 -04:00
Luke Dashjr
cfc600d833 Bugfix: Correct links for Xcode download 2015-06-05 02:29:41 +00:00
Luke Dashjr
b05a89b2de Non-grammatical language improvements 2015-05-02 15:23:59 +00:00
David A. Harding
2dc679d22f
Docs: Use new Bitcoin.org download URLs 2015-04-03 07:51:31 +02:00
Wladimir J. van der Laan
a77021a763
doc: Add note-to-self about SHA256SUMS to release-process.md 2015-02-16 10:38:00 +01:00
Cory Fields
f0172bf91e osx: bump build sdk to 10.9 2015-01-20 01:49:20 -05:00
Cory Fields
0d50c2fd81 dmg: fix deterministic dmg creation and docs 2014-12-30 02:47:38 -05:00
Cory Fields
e27d7cb248 docs: release process fixups
Add instructions for manually fetching sources, as well as some misc. fixes.
2014-12-11 19:23:12 -05:00
Cory Fields
7a9cf80b19 docs: add/update docs for osx dmg signing 2014-11-26 01:00:42 -05:00
Cory Fields
dfef929bf7 release: update docs to reflect new layout
- Split linux32/linux64 releases
- Split win32/win64 zips
- Post-processing should no longer be required. The deterministic outputs are
  ready for consumption.
2014-11-25 19:26:40 -05:00
Cory Fields
4bbbdf3244 gitian: quick docs update 2014-11-19 22:49:41 -05:00
Wladimir J. van der Laan
2dc37e7a49
Merge pull request #4991
0dcb0a5 doc: Add instructions for consistent Mac OS X build names (Saivann)
2014-10-02 12:07:13 +02:00
Wladimir J. van der Laan
28fb5f388d
doc: update gpg command line for SHA256SUMS.asc in release process 2014-09-29 16:58:49 +02:00
Saivann
0dcb0a5578
doc: Add instructions for consistent Mac OS X build names 2014-09-27 14:51:24 -04:00
Wladimir J. van der Laan
a38eaea082
doc: Update SHA256SUMS.asc step in release-process.md
- The Hash: header is prepended by gpg, and states the hashing used by
  gpg, not what is used to hash the files

- Add more detailed steps
2014-09-27 15:58:55 +02:00
Wladimir J. van der Laan
27fc5277f7
build: change cdrkit location in build-process.md
The cdrkit.org domain expired.
Thanks to gdm85 on IRC for reporting this.
2014-09-22 16:40:49 +02:00
Wladimir J. van der Laan
e1eb741e34 doc: Modernize steps to be followed after release
Remove old references to sourceforge, add what actually should be done
and provide some more details.
2014-08-04 09:53:21 +02:00
Michael Ford
9d5ad718cf Fix formatting in release-process.md 2014-07-02 16:32:02 +08:00
Micha
462ad223d6
Clean up release-process.md after OS X gitian changes
This is PR #4271, but with the changes to the descriptors, both the names of the
files and the names of the intermediate build artifact archives, removed.
This also closes #3775 if it goes in, because it covers the changes in
that PR.
2014-07-01 19:29:44 +03:00
Drak
e9f2460c58 Add dependencies for Mac OSX gitian builds 2014-06-24 18:06:52 +01:00
Wladimir J. van der Laan
17db9767c4
doc: Remove unused section from release-process.md
It is outdated information. If we ever resurrect gitian-downloader it
can be brought back from history and updated.
2014-06-23 12:04:33 +02:00
Drak
040c2d3f57 Fix formatting 2014-06-21 21:57:50 +01:00
Wladimir J. van der Laan
6e7c4d17d8 gitian: upgrade OpenSSL to 1.0.1h
Upgrade for https://www.openssl.org/news/secadv_20140605.txt

Just in case - there is no vulnerability that affects ecdsa signing or
verification.

The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.

As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.

The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
2014-06-05 17:24:38 +02:00
Wladimir J. van der Laan
1411a51fef doc: Update hash in release process for new windows deps intermediate
This was forgotten in 25d4911.
2014-06-02 11:01:02 +02:00
Wladimir J. van der Laan
386e732a5f gitian: make linux qt intermediate deterministic
A qt installation date snuck into the host utils (lrelease etc)
This doesn't affect the end product, so no dependency version bump.

It also doesn't explain why gavin's and mine build is different
2014-06-02 09:46:59 +02:00