c73a8ea271
done automatically. At some point along the line, fully offline builds were no longer happening when strictly following the release-process.md instructions. We should ensure that users who might want to torify or build offline need to take extra steps to remain offline. Also, corrections to build process: including gverify examples for new builders.
205 lines
8.9 KiB
Markdown
205 lines
8.9 KiB
Markdown
Release Process
|
|
====================
|
|
|
|
* update translations (ping wumpus, Diapolo or tcatm on IRC)
|
|
* see https://github.com/bitcoin/bitcoin/blob/master/doc/translation_process.md#syncing-with-transifex
|
|
|
|
* * *
|
|
|
|
###first time only or for new builders, check out the source in the following directory hierarchy
|
|
|
|
cd /path/to/your/toplevel/build
|
|
git clone https://github.com/bitcoin/gitian.sigs.git
|
|
git clone https://github.com/devrandom/gitian-builder.git
|
|
git clone https://github.com/bitcoin/bitcoin.git
|
|
|
|
###for bitcoin maintainers/release engineers, update (commit) version in sources
|
|
|
|
pushd ./bitcoin
|
|
contrib/verifysfbinaries/verify.sh
|
|
doc/README*
|
|
share/setup.nsi
|
|
src/clientversion.h (change CLIENT_VERSION_IS_RELEASE to true)
|
|
|
|
###for bitcoin maintainers/release engineers, tag version in git
|
|
|
|
git tag -s v(new version, e.g. 0.8.0)
|
|
|
|
###for bitcoin maintainers/release engineers, write release notes. git shortlog helps a lot, for example:
|
|
|
|
git shortlog --no-merges v(current version, e.g. 0.7.2)..v(new version, e.g. 0.8.0)
|
|
popd
|
|
|
|
* * *
|
|
|
|
###update gitian, gitian.sigs, checkout bitcoin version, and perform gitian builds
|
|
|
|
To ensure your gitian descriptors are accurate for direct reference for gbuild, below, run the following from a directory containing the bitcoin source:
|
|
|
|
pushd ./bitcoin
|
|
export SIGNER=(your gitian key, ie bluematt, sipa, etc)
|
|
export VERSION=(new version, e.g. 0.8.0)
|
|
git checkout v${VERSION}
|
|
popd
|
|
|
|
Ensure your gitian.sigs are up-to-date if you wish to gverify your builds against other gitian signatures:
|
|
|
|
pushd ./gitian.sigs
|
|
git pull
|
|
popd
|
|
|
|
Ensure your gitian-builder sources are up-to-date to take advantage of the new caching features of gitian (`e9741525c` or later is recommended)
|
|
|
|
pushd ./gitian-builder
|
|
git pull
|
|
|
|
###fetch and create inputs: (first time, or when dependency versions change)
|
|
|
|
mkdir -p inputs
|
|
wget -P inputs https://bitcoincore.org/cfields/osslsigncode-Backports-to-1.7.1.patch
|
|
wget -P inputs http://downloads.sourceforge.net/project/osslsigncode/osslsigncode/osslsigncode-1.7.1.tar.gz
|
|
|
|
Register and download the Apple SDK: (see OSX Readme for details)
|
|
|
|
https://developer.apple.com/devcenter/download.action?path=/Developer_Tools/xcode_6.1.1/xcode_6.1.1.dmg
|
|
|
|
Using a Mac, create a tarball for the 10.9 SDK and copy it to the inputs directory:
|
|
|
|
tar -C /Volumes/Xcode/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/ -czf MacOSX10.9.sdk.tar.gz MacOSX10.9.sdk
|
|
|
|
###Optional: Seed the Gitian sources cache and offline git repositories
|
|
|
|
By default, gitian will fetch source files as needed. To cache them ahead of time:
|
|
|
|
make -C ../bitcoin/depends download SOURCES_PATH=`pwd`/cache/common
|
|
|
|
Only missing files will be fetched, so this is safe to re-run for each build.
|
|
|
|
Clone the detached-sigs repository:
|
|
|
|
popd
|
|
git clone https://github.com/bitcoin/bitcoin-detached-sigs.git
|
|
pushd ./bitcoin-builder
|
|
|
|
NOTE: Offline builds must use the --url flag to ensure gitian fetches only from local URLs.
|
|
For example: ./bin/bguild --url bitcoin=/path/to/bitcoin,signature=/path/to/sigs {rest of arguments}
|
|
The following gbuild invocations DO NOT DO THIS by default.
|
|
|
|
###Build (and optionally verify) Bitcoin Core for Linux, Windows, and OS X:
|
|
|
|
./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
|
|
./bin/gsign --signer $SIGNER --release ${VERSION}-linux --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
|
|
./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-linux ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
|
|
mv build/out/bitcoin-*.tar.gz build/out/src/bitcoin-*.tar.gz ../
|
|
|
|
./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
|
|
./bin/gsign --signer $SIGNER --release ${VERSION}-win-unsigned --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
|
|
./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-win-unsigned ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
|
|
mv build/out/bitcoin-*-win-unsigned.tar.gz inputs/bitcoin-win-unsigned.tar.gz
|
|
mv build/out/bitcoin-*.zip build/out/bitcoin-*.exe ../
|
|
|
|
./bin/gbuild --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml
|
|
./bin/gsign --signer $SIGNER --release ${VERSION}-osx-unsigned --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml
|
|
./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-osx-unsigned ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml
|
|
mv build/out/bitcoin-*-osx-unsigned.tar.gz inputs/bitcoin-osx-unsigned.tar.gz
|
|
mv build/out/bitcoin-*.tar.gz build/out/bitcoin-*.dmg ../
|
|
popd
|
|
|
|
Build output expected:
|
|
|
|
1. source tarball (bitcoin-${VERSION}.tar.gz)
|
|
2. linux 32-bit and 64-bit dist tarballs (bitcoin-${VERSION}-linux[32|64].tar.gz)
|
|
3. windows 32-bit and 64-bit unsigned installers and dist zips (bitcoin-${VERSION}-win[32|64]-setup-unsigned.exe, bitcoin-${VERSION}-win[32|64].zip)
|
|
4. OSX unsigned installer and dist tarball (bitcoin-${VERSION}-osx-unsigned.dmg, bitcoin-${VERSION}-osx64.tar.gz)
|
|
5. Gitian signatures (in gitian.sigs/${VERSION}-<linux|{win,osx}-unsigned>/(your gitian key)/
|
|
|
|
###Next steps:
|
|
|
|
Commit your signature to gitian.sigs:
|
|
|
|
pushd gitian.sigs
|
|
git add ${VERSION}-linux/${SIGNER}
|
|
git add ${VERSION}-win-unsigned/${SIGNER}
|
|
git add ${VERSION}-osx-unsigned/${SIGNER}
|
|
git commit -a
|
|
git push # Assuming you can push to the gitian.sigs tree
|
|
popd
|
|
|
|
Wait for Windows/OSX detached signatures:
|
|
Once the Windows/OSX builds each have 3 matching signatures, they will be signed with their respective release keys.
|
|
Detached signatures will then be committed to the bitcoin-detached-sigs repository, which can be combined with the unsigned apps to create signed binaries.
|
|
|
|
Create (and optionally verify) the signed OSX binary:
|
|
|
|
pushd ./gitian-builder
|
|
./bin/gbuild -i --commit signature=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml
|
|
./bin/gsign --signer $SIGNER --release ${VERSION}-osx-signed --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml
|
|
./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-osx-signed ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml
|
|
mv build/out/bitcoin-osx-signed.dmg ../bitcoin-${VERSION}-osx.dmg
|
|
popd
|
|
|
|
Create (and optionally verify) the signed Windows binaries:
|
|
|
|
pushd ./gitian-builder
|
|
./bin/gbuild -i --commit signature=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
|
|
./bin/gsign --signer $SIGNER --release ${VERSION}-win-signed --destination ../gitian.sigs/ ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
|
|
./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-win-signed ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
|
|
mv build/out/bitcoin-*win64-setup.exe ../bitcoin-${VERSION}-win64-setup.exe
|
|
mv build/out/bitcoin-*win32-setup.exe ../bitcoin-${VERSION}-win32-setup.exe
|
|
popd
|
|
|
|
Commit your signature for the signed OSX/Windows binaries:
|
|
|
|
pushd gitian.sigs
|
|
git add ${VERSION}-osx-signed/${SIGNER}
|
|
git add ${VERSION}-win-signed/${SIGNER}
|
|
git commit -a
|
|
git push # Assuming you can push to the gitian.sigs tree
|
|
popd
|
|
|
|
-------------------------------------------------------------------------
|
|
|
|
### After 3 or more people have gitian-built and their results match:
|
|
|
|
- Create `SHA256SUMS.asc` for the builds, and GPG-sign it:
|
|
```bash
|
|
sha256sum * > SHA256SUMS
|
|
gpg --digest-algo sha256 --clearsign SHA256SUMS # outputs SHA256SUMS.asc
|
|
rm SHA256SUMS
|
|
```
|
|
(the digest algorithm is forced to sha256 to avoid confusion of the `Hash:` header that GPG adds with the SHA256 used for the files)
|
|
Note: check that SHA256SUMS itself doesn't end up in SHA256SUMS, which is a spurious/nonsensical entry.
|
|
|
|
- Upload zips and installers, as well as `SHA256SUMS.asc` from last step, to the bitcoin.org server
|
|
into `/var/www/bin/bitcoin-core-${VERSION}`
|
|
|
|
- Update bitcoin.org version
|
|
|
|
- First, check to see if the Bitcoin.org maintainers have prepared a
|
|
release: https://github.com/bitcoin/bitcoin.org/labels/Releases
|
|
|
|
- If they have, it will have previously failed their Travis CI
|
|
checks because the final release files weren't uploaded.
|
|
Trigger a Travis CI rebuild---if it passes, merge.
|
|
|
|
- If they have not prepared a release, follow the Bitcoin.org release
|
|
instructions: https://github.com/bitcoin/bitcoin.org#release-notes
|
|
|
|
- After the pull request is merged, the website will automatically show the newest version within 15 minutes, as well
|
|
as update the OS download links. Ping @saivann/@harding (saivann/harding on Freenode) in case anything goes wrong
|
|
|
|
- Announce the release:
|
|
|
|
- Release sticky on bitcointalk: https://bitcointalk.org/index.php?board=1.0
|
|
|
|
- Bitcoin-development mailing list
|
|
|
|
- Update title of #bitcoin on Freenode IRC
|
|
|
|
- Optionally reddit /r/Bitcoin, ... but this will usually sort out itself
|
|
|
|
- Notify BlueMatt so that he can start building [https://launchpad.net/~bitcoin/+archive/ubuntu/bitcoin](the PPAs)
|
|
|
|
- Add release notes for the new version to the directory `doc/release-notes` in git master
|
|
|
|
- Celebrate
|