diff --git a/contrib/gitian-build.sh b/contrib/gitian-build.sh old mode 100755 new mode 100644 index cfe4bd7d4..75c5b073f --- a/contrib/gitian-build.sh +++ b/contrib/gitian-build.sh @@ -1,406 +1,389 @@ +#!/bin/bash + # Copyright (c) 2016 The Bitcoin Core developers # Copyright (c) 2021 The Dogecoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. +# Systems to build +DESCRIPTORS=('osx' 'win' 'linux') +SIGN_DESCRIPTORS=('win-signed' 'osx-signed') + +# Gitian properties +export USE_DOCKER=0 +export USE_LXC=0 + +# Dependencies +ossPatchUrl="https://bitcoincore.org/cfields/osslsigncode-Backports-to-1.7.1.patch" +ossPatchHash="a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911" + +ossTarUrl="https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/osslsigncode/1.7.1-1/osslsigncode_1.7.1.orig.tar.gz" +ossTarHash="f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9" + +macosSdkUrl="https://bitcoincore.org/depends-sources/sdks/MacOSX10.11.sdk.tar.gz" +macosSdkHash="bec9d089ebf2e2dd59b1a811a38ec78ebd5da18cbbcd6ab39d1e59f64ac5033f" + # What to do -sign=false verify=false build=false -setupenv=false - -# Systems to build -linux=true -windows=true -osx=true +buildSigned=false +commit=false +test=false +enableCache=false # Other Basic variables SIGNER= VERSION= -commit=false url=https://github.com/dogecoin/dogecoin proc=2 mem=2000 -lxc=true -osslTarUrl=https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/osslsigncode/1.7.1-1/osslsigncode_1.7.1.orig.tar.gz -osslPatchUrl=https://bitcoincore.org/cfields/osslsigncode-Backports-to-1.7.1.patch scriptName=$(basename -- "$0") -signProg="gpg --detach-sign" -commitFiles=true +outputDir=$(pwd)/gitian-output -# Help Message -read -d '' usage <<- EOF -Usage: $scriptName [-c|u|v|b|s|B|o|h|j|m|] signer version +# Help message +read -r -d '' usage <<-EOF +Usage: $scriptName [options] version -Run this script from the directory containing the dogecoin, gitian-builder, gitian.sigs, and dogecoin-detached-sigs. +Standalone script to perform the gitian build of Dogecoin Core. Perform +deterministic build for multiples Operating System, using Docker, LXC or +KVM for virtualization. Sign binaries using PGP. + +Use https://github.com/devrandom/gitian-builder to manage the process. Arguments: -signer GPG signer to sign each build assert file -version Version number, commit, or branch to build. If building a commit or branch, the -c option must be specified +version Version number, commit, or branch to build. If building a + commit or branch, the -c option must be specified Options: --c|--commit Indicate that the version argument is for a commit or branch --u|--url Specify the URL of the repository. Default is https://github.com/dogecoin/dogecoin --v|--verify Verify the gitian build --b|--build Do a gitian build --s|--sign Make signed binaries for Windows and Mac OSX --B|--buildsign Build both signed and unsigned binaries --o|--os Specify which Operating Systems the build is for. Default is lwx. l for linux, w for windows, x for osx --j Number of processes to use. Default 2 --m Memory to allocate in MiB. Default 2000 ---kvm Use KVM instead of LXC ---setup Setup the gitian building environment. Uses KVM. If you want to use lxc, use the --lxc option. Only works on Debian-based systems (Ubuntu, Debian) ---detach-sign Create the assert file for detached signing. Will not commit anything. ---no-commit Do not commit anything to git --h|--help Print this help message +--setup Setup the gitian building environment. +-b|--build Do the gitian build +-B|--build-signed Build signed binaries for MacOS and Windows +-s|--sign name Sign builded executables with GPG using user ID +-v|--verify Verify the gitian build +--lxc Use LXC instead of KVM +--docker Use Docker instead of KVM +-o|--os lwx Specify which Operating Systems the build is for. Default is lwx, + l for Linux, w for Windows, x for MacOS +-j proc Number of processes to use. Default $proc +-m n Memory to allocate in MiB. Default $mem +--enable-cache Use local apt-cacher server. If you need to specify host, use + MIRROR_HOST environment variable +-c|--commit Indicate that the version argument is for a commit or branch +-u|--url repo Specify the URL of the repository. Default is https://github.com/dogecoin/dogecoin +--test CI TEST. Uses Docker +-h|--help Print this help message EOF # Get options and arguments while :; do case $1 in # Verify - -v|--verify) - verify=true + -v | --verify) + verify=true ;; # Build - -b|--build) - build=true + -b | --build) + build=true ;; - # Sign binaries - -s|--sign) - sign=true - ;; - # Build then Sign - -B|--buildsign) - sign=true - build=true + # Build signed binaries + -B | --build-signed) + buildSigned=true ;; # PGP Signer - -S|--signer) - if [ -n "$2" ] - then - SIGNER=$2 - shift - else - echo 'Error: "--signer" requires a non-empty argument.' - exit 1 - fi - ;; + -s | --sign) + if [ -n "$2" ]; then + SIGNER=$2 + shift + else + echo 'Error: "--sign" requires a PGP signer.' + exit 1 + fi + ;; # Operating Systems - -o|--os) - if [ -n "$2" ] - then - linux=false - windows=false - osx=false - if [[ "$2" = *"l"* ]] - then - linux=true - fi - if [[ "$2" = *"w"* ]] - then - windows=true - fi - if [[ "$2" = *"x"* ]] - then - osx=true - fi - shift - else - echo 'Error: "--os" requires an argument containing an l (for linux), w (for windows), or x (for Mac OSX)\n' - exit 1 - fi - ;; - # Help message - -h|--help) - echo "$usage" - exit 0 - ;; - # Commit or branch - -c|--commit) - commit=true - ;; - # Number of Processes - -j) - if [ -n "$2" ] - then - proc=$2 - shift - else - echo 'Error: "-j" requires an argument' - exit 1 - fi - ;; - # Memory to allocate - -m) - if [ -n "$2" ] - then - mem=$2 - shift - else - echo 'Error: "-m" requires an argument' - exit 1 - fi - ;; - # URL - -u) - if [ -n "$2" ] - then - url=$2 - shift - else - echo 'Error: "-u" requires an argument' - exit 1 - fi - ;; - # kvm - --kvm) - lxc=false + -o | --os) + if [ -n "$2" ]; then + DESCRIPTORS=() + SIGN_DESCRIPTORS=() + if [[ "$2" == *"l"* ]]; then + DESCRIPTORS+=('linux') + fi + if [[ "$2" == *"w"* ]]; then + DESCRIPTORS+=('win') + SIGN_DESCRIPTORS+=('win-signed') + fi + if [[ "$2" == *"x"* ]]; then + DESCRIPTORS+=('osx') + SIGN_DESCRIPTORS+=('osx-signed') + fi + shift + else + echo 'Error: "--os" specify os: l (linux), w (windows), or x (Mac OSX)' + exit 1 + fi ;; - # Detach sign - --detach-sign) - signProg="true" - commitFiles=false + # Help message + -h | --help) + echo "$usage" + exit 0 ;; - # Commit files - --no-commit) - commitFiles=false + # Commit or branch + -c | --commit) + commit=true + ;; + # Number of Processes + -j) + if [ -n "$2" ]; then + proc=$2 + shift + else + echo 'Error: "-j" requires an argument' + exit 1 + fi + ;; + # Memory to allocate + -m) + if [ -n "$2" ]; then + mem=$2 + shift + else + echo 'Error: "-m" requires an argument' + exit 1 + fi + ;; + # lxc + --lxc) + USE_LXC=1 + ;; + # docker + --docker) + USE_DOCKER=1 + ;; + # apt cacher + --enable-cache) + enableCache=true + ;; + # URL + -u) + if [ -n "$2" ]; then + url=$2 + shift + else + echo 'Error: "-u" requires an argument' + exit 1 + fi ;; # Setup --setup) setup=true ;; - *) # Default case: If no more options then break out of the loop. - break + --test) + test=true + ;; + *) # Default case: If no more options then break out of the loop. + break ;; esac shift done -# Set up LXC -if [[ $lxc = true ]] -then - export USE_LXC=1 - export LXC_BRIDGE=br0 +# Download specific file and verify hash +function download_file () { + local filename=$(basename $1) + + if [ ! -f $filename ]; then + wget $1 + fi + + # Verify file signature + echo "$2 $filename" | sha256sum -c --status + + if [ $? != 0 ]; then + echo "$scriptName: Signature for $filename don't match." + exit 1 + fi +} + +function move_build_files() { + find build/out -type f -exec mv '{}' $outputDir/dogecoin-binaries/${VERSION}/ \; +} + +function download_descriptor() { + if [[ ! $1 == 'test' ]]; then + uri="${url/github.com/raw.githubusercontent.com}"/"$2"/contrib/gitian-descriptors/gitian-"$1".yml + echo "Downloading descriptor ${1} ${uri}" + wget $uri -O gitian-"$1".yml || exit 1 + else + # CI tests + cp ../ci/descriptor/"$1".yml gitian-"$1".yml || exit 1 + fi +} + +### Test configuration ### + +if [[ $test == true ]]; then + if [[ $commit == true ]]; then + VERSION="f80bfe9068ac1a0619d48dad0d268894d926941e" + else + VERSION="1.14.3" + fi + DESCRIPTORS=('test') + SIGN_DESCRIPTORS=() + COMMIT=$VERSION + SIGNER="signer" + SHA256SUM="0d519f6ade0e601617a7c44b764eeae35a8784070c3e44f542011956f1743459" fi -# Check for OSX SDK -if [[ ! -e "gitian-builder/inputs/MacOSX10.11.sdk.tar.gz" && $osx == true ]] -then - echo "Cannot build for OSX, SDK does not exist. Will build for other OSes" - osx=false +### Arguments checks #### + +echo "Using ${proc} CPU and ${mem} RAM" + +# Control the selection of a single virtualisation software +if [ $(($USE_LXC + $USE_DOCKER)) -ge 2 ]; then + echo "$scriptName: Specify a single virtualisation solution between Docker, LXC or KVM." + exit fi -# Get signer -if [[ -n"$1" ]] -then - SIGNER=$1 - shift +if [ -n "$SIGNER" ]; then + echo "Testing GPG Keys available..." + result=$(gpg --list-secret-keys --keyid-format=long | grep sec | grep -v revoked | grep "" -c) + if [[ $result == "" ]]; then + echo "No GPG keys available..." + echo "Please follow this documentation: https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/generating-a-new-gpg-key" + exit 1 + fi + mkdir -p $outputDir/sigs fi # Get version -if [[ -n "$1" ]] -then +if [ -n "$1" ]; then VERSION=$1 - COMMIT=$VERSION - shift -fi -# Check that a signer is specified -if [[ $SIGNER == "" ]] -then - echo "$scriptName: Missing signer." - echo "Try $scriptName --help for more information" - exit 1 -fi - -# Check that a version is specified -if [[ $VERSION == "" ]] -then - echo "$scriptName: Missing version." - echo "Try $scriptName --help for more information" - exit 1 -fi - -# Add a "v" if no -c -if [[ $commit = false ]] -then - COMMIT="v${VERSION}" -fi -echo ${COMMIT} - -# Setup build environment -if [[ $setup = true ]] -then - sudo apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm qemu-utils - # GIT --date=format-local support - MIN_GIT_VERSION=2.7.0 - LASTEST_GIT_VERSION=2.32.0 - if ! (echo a version ${MIN_GIT_VERSION}; git --version) | sort -Vk3 | tail -1 | grep -q git; then - sudo apt-get install build-essential make libssl-dev libghc-zlib-dev libcurl4-gnutls-dev libexpat1-dev gettext unzip - wget https://github.com/git/git/archive/v${LASTEST_GIT_VERSION}.zip -O v${LASTEST_GIT_VERSION}.zip - unzip v${LASTEST_GIT_VERSION}.zip - pushd ./git-${LASTEST_GIT_VERSION} - make -j "${proc}" prefix=/usr/local all - make -j "${proc}" prefix=/usr/local install - popd + # Use tag or commit within repository + if [[ $commit == false ]]; then + COMMIT=v$VERSION + else + COMMIT=$VERSION fi +else + echo "$scriptName: Missing version, see --help for more information." + exit 1 +fi - # GIT CLONE +### Setup ### + +if [[ $setup == true ]]; then git clone https://github.com/dogecoin/gitian.sigs.git git clone https://github.com/dogecoin/dogecoin-detached-sigs.git git clone https://github.com/devrandom/gitian-builder.git + pushd ./gitian-builder - if [[ -n "$USE_LXC" ]] + + #Download dependencies + mkdir -p inputs + pushd inputs + + download_file $ossPatchUrl $ossPatchHash + download_file $ossTarUrl $ossTarHash + download_file $macosSdkUrl $macosSdkHash + + popd + + #Check if apt-cacher should be enabled + if [ -z "$MIRROR_HOST" ] && [[ $enableCache = false ]]; then + cacher_option="--disable-apt-cacher" + fi + + #Prepare containers depending of virtualization solution: lxc, docker, kvm + if [ "$USE_LXC" -eq 1 ] then - sudo apt-get install lxc - bin/make-base-vm --suite trusty --arch amd64 --lxc + sudo apt-get install -y lxc + bin/make-base-vm --suite trusty --arch amd64 --lxc $(echo $cacher_option) + elif [ "$USE_DOCKER" -eq 1 ]; then + bin/make-base-vm --suite trusty --arch amd64 --docker $(echo $cacher_option) else - bin/make-base-vm --suite trusty --arch amd64 + bin/make-base-vm --suite trusty --arch amd64 $(echo $cacher_option) fi popd fi -# Set up build -pushd ./dogecoin -git fetch -git checkout ${COMMIT} +# Download descriptors +mkdir -p ./gitian-descriptors/ + +pushd gitian-descriptors || exit 1 + +if [[ $build == true || $verify == true ]]; then + for descriptor in "${DESCRIPTORS[@]}"; do + download_descriptor "$descriptor" "$COMMIT" + done +fi + +if [[ $buildSigned == true ]]; then + for sign_descriptor in "${SIGN_DESCRIPTORS[@]}"; do + download_descriptor "$sign_descriptor" "$COMMIT" + done +fi + popd -# Build -if [[ $build = true ]] -then - # Make output folder - mkdir -p ./dogecoin-binaries/${VERSION} - - # Build Dependencies - echo "" - echo "Building Dependencies" - echo "" - pushd ./gitian-builder - mkdir -p inputs - wget -N -P inputs $osslPatchUrl - wget -N -P inputs $osslTarUrl - make -j "${proc}" -C ../dogecoin/depends download SOURCES_PATH=`pwd`/cache/common +### Build ### - # Linux - if [[ $linux = true ]] - then - echo "" - echo "Compiling ${VERSION} Linux" - echo "" - ./bin/gbuild -j ${proc} -m ${mem} --commit dogecoin=${COMMIT} --url dogecoin=${url} ../dogecoin/contrib/gitian-descriptors/gitian-linux.yml - ./bin/gsign -p $signProg --signer $SIGNER --release ${VERSION}-linux --destination ../gitian.sigs/ ../dogecoin/contrib/gitian-descriptors/gitian-linux.yml - mv build/out/dogecoin-*.tar.gz build/out/src/dogecoin-*.tar.gz ../dogecoin-binaries/${VERSION} - fi - # Windows - if [[ $windows = true ]] - then - echo "" - echo "Compiling ${VERSION} Windows" - echo "" - ./bin/gbuild -j ${proc} -m ${mem} --commit dogecoin=${COMMIT} --url dogecoin=${url} ../dogecoin/contrib/gitian-descriptors/gitian-win.yml - ./bin/gsign -p $signProg --signer $SIGNER --release ${VERSION}-win-unsigned --destination ../gitian.sigs/ ../dogecoin/contrib/gitian-descriptors/gitian-win.yml - mv build/out/dogecoin-*-win-unsigned.tar.gz inputs/dogecoin-win-unsigned.tar.gz - mv build/out/dogecoin-*.zip build/out/dogecoin-*.exe ../dogecoin-binaries/${VERSION} - fi - # Mac OSX - if [[ $osx = true ]] - then - echo "" - echo "Compiling ${VERSION} Mac OSX" - echo "" - ./bin/gbuild -j ${proc} -m ${mem} --commit dogecoin=${COMMIT} --url dogecoin=${url} ../dogecoin/contrib/gitian-descriptors/gitian-osx.yml - ./bin/gsign -p $signProg --signer $SIGNER --release ${VERSION}-osx-unsigned --destination ../gitian.sigs/ ../dogecoin/contrib/gitian-descriptors/gitian-osx.yml - mv build/out/dogecoin-*-osx-unsigned.tar.gz inputs/dogecoin-osx-unsigned.tar.gz - mv build/out/dogecoin-*.tar.gz build/out/dogecoin-*.dmg ../dogecoin-binaries/${VERSION} - fi - popd +if [[ $build == true ]]; then + # Make output folder + mkdir -p $outputDir/dogecoin-binaries/"$VERSION" - if [[ $commitFiles = true ]] - then - # Commit to gitian.sigs repo - echo "" - echo "Committing ${VERSION} Unsigned Sigs" - echo "" - pushd gitian.sigs - git add ${VERSION}-linux/${SIGNER} - git add ${VERSION}-win-unsigned/${SIGNER} - git add ${VERSION}-osx-unsigned/${SIGNER} - git commit -a -m "Add ${VERSION} unsigned sigs for ${SIGNER}" - popd + pushd ./gitian-builder || exit 1 + + # Clean dogecoin git directory because of old caching + if [ -d inputs/dogecoin/ ]; then + echo "Cleaning Dogecoin directory..." + rm -rf inputs/dogecoin/ + fi + + for descriptor in "${DESCRIPTORS[@]}"; do + echo "" + echo "Compiling ${VERSION} ${descriptor}" + echo "" + ./bin/gbuild -j "$proc" -m "$mem" --commit dogecoin="$COMMIT" --url dogecoin="$url" ../gitian-descriptors/gitian-"$descriptor".yml || exit 1 + + if [ -n "$SIGNER" ]; then + ./bin/gsign --signer "$SIGNER" --release "$VERSION"-"$descriptor" \ + --destination $outputDir/sigs/ ../gitian-descriptors/gitian-"$descriptor".yml fi + move_build_files + done + + popd || exit 1 fi -# Verify the build -if [[ $verify = true ]] -then - # Linux - pushd ./gitian-builder - echo "" - echo "Verifying v${VERSION} Linux" - echo "" - ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-linux ../dogecoin/contrib/gitian-descriptors/gitian-linux.yml - # Windows - echo "" - echo "Verifying v${VERSION} Windows" - echo "" - ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-win-unsigned ../dogecoin/contrib/gitian-descriptors/gitian-win.yml - # Mac OSX - echo "" - echo "Verifying v${VERSION} Mac OSX" - echo "" - ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-osx-unsigned ../dogecoin/contrib/gitian-descriptors/gitian-osx.yml - # Signed Windows - echo "" - echo "Verifying v${VERSION} Signed Windows" - echo "" - ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-osx-signed ../dogecoin/contrib/gitian-descriptors/gitian-osx-signer.yml - # Signed Mac OSX - echo "" - echo "Verifying v${VERSION} Signed Mac OSX" - echo "" - ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-osx-signed ../dogecoin/contrib/gitian-descriptors/gitian-osx-signer.yml - popd -fi +# Build signed binaries +if [[ $buildSigned == true ]]; then + pushd gitian-builder || exit 1 -# Sign binaries -if [[ $sign = true ]] -then - - pushd ./gitian-builder - # Sign Windows - if [[ $windows = true ]] - then - echo "" - echo "Signing ${VERSION} Windows" - echo "" - ./bin/gbuild -i --commit signature=${COMMIT} ../dogecoin/contrib/gitian-descriptors/gitian-win-signer.yml - ./bin/gsign -p $signProg --signer $SIGNER --release ${VERSION}-win-signed --destination ../gitian.sigs/ ../dogecoin/contrib/gitian-descriptors/gitian-win-signer.yml - mv build/out/dogecoin-*win64-setup.exe ../dogecoin-binaries/${VERSION} - mv build/out/dogecoin-*win32-setup.exe ../dogecoin-binaries/${VERSION} - fi - # Sign Mac OSX - if [[ $osx = true ]] - then - echo "" - echo "Signing ${VERSION} Mac OSX" - echo "" - ./bin/gbuild -i --commit signature=${COMMIT} ../dogecoin/contrib/gitian-descriptors/gitian-osx-signer.yml - ./bin/gsign -p $signProg --signer $SIGNER --release ${VERSION}-osx-signed --destination ../gitian.sigs/ ../dogecoin/contrib/gitian-descriptors/gitian-osx-signer.yml - mv build/out/dogecoin-osx-signed.dmg ../dogecoin-binaries/${VERSION}/dogecoin-${VERSION}-osx.dmg - fi - popd - - if [[ $commitFiles = true ]] - then - # Commit Sigs - pushd gitian.sigs - echo "" - echo "Committing ${VERSION} Signed Sigs" - echo "" - git add ${VERSION}-win-signed/${SIGNER} - git add ${VERSION}-osx-signed/${SIGNER} - git commit -a -m "Add ${VERSION} signed binary sigs for ${SIGNER}" - popd + for sign_descriptor in "${SIGN_DESCRIPTORS[@]}"; do + echo "" + echo "Compiling Binary ${VERSION} ${sign_descriptor}" + echo "" + ./bin/gbuild --skip-image --upgrade --commit signature="$COMMIT" ../gitian-descriptors/gitian-"$sign_descriptor".yml || exit 1 + if [ -n "$SIGNER" ]; then + ./bin/gsign --signer "$SIGNER" --release "$VERSION"-"$sign_descriptor" \ + --destination $outputDir/sigs/ ../gitian-descriptors/gitian-"$sign_descriptor".yml fi + move_build_files + done + + popd || exit 1 +fi + +### Signatures Verification ### + +if [[ $verify == true ]]; then + pushd ./gitian-builder || exit 1 + + for descriptor in "${DESCRIPTORS[@]}"; do + echo "" + echo "Verifying v${VERSION} ${descriptor}" + echo "" + ./bin/gverify -v -d ../gitian.sigs/ -r "${VERSION}"-"$descriptor" ../gitian-descriptors/gitian-"$descriptor".yml + done + + popd || exit 1 fi diff --git a/contrib/gitian-descriptors/gitian-osx-signer.yml b/contrib/gitian-descriptors/gitian-osx-signed.yml similarity index 100% rename from contrib/gitian-descriptors/gitian-osx-signer.yml rename to contrib/gitian-descriptors/gitian-osx-signed.yml diff --git a/contrib/gitian-descriptors/gitian-win-signer.yml b/contrib/gitian-descriptors/gitian-win-signed.yml similarity index 100% rename from contrib/gitian-descriptors/gitian-win-signer.yml rename to contrib/gitian-descriptors/gitian-win-signed.yml diff --git a/doc/gitian-building.md b/doc/gitian-building.md index 33348379c..ec2670708 100644 --- a/doc/gitian-building.md +++ b/doc/gitian-building.md @@ -1,466 +1,159 @@ -Gitian building -================ -*Setup instructions for a Gitian build of Dogecoin Core using a Debian VM or physical system.* +# Gitian building -Gitian is the deterministic build process that is used to build the Dogecoin -Core executables. It provides a way to be reasonably sure that the -executables are really built from the source on GitHub. It also makes sure that -the same, tested dependencies are used and statically built into the executable. +> *Gitian is a secure source-control oriented software distribution method. This means you can download trusted binaries that are verified by multiple builders.* +Source : [Gitian.org](https://gitian.org/) -Multiple developers build the source code by following a specific descriptor -("recipe"), cryptographically sign the result, and upload the resulting signature. -These results are compared and only if they match, the build is accepted and uploaded -to dogecoin.com. +Gitian is a deterministic build process that is used to release Dogecoin Core executables. It use same dependencies in a virtualized environment to build binaries. This let independent builders compare binaries hashes to verify and sign released executables. -More independent Gitian builders are needed, which is why this guide exists. -It is preferred you follow these steps yourself instead of using someone else's -VM image to avoid 'contaminating' the build. +To reduce probability of compromised binaries during releases, more independent gitian builders are needed ! -Table of Contents ------------------- +Participate and help to secure the process by following this guide. -- [Create a new VirtualBox VM](#create-a-new-virtualbox-vm) -- [Connecting to the VM](#connecting-to-the-vm) -- [Setting up Debian for Gitian building](#setting-up-debian-for-gitian-building) -- [Installing Gitian](#installing-gitian) -- [Setting up the Gitian image](#setting-up-the-gitian-image) -- [Getting and building the inputs](#getting-and-building-the-inputs) -- [Building Dogecoin Core](#building-dogecoin-core) -- [Building an alternative repository](#building-an-alternative-repository) -- [Signing externally](#signing-externally) -- [Uploading signatures](#uploading-signatures) +### Table of contents -Preparing the Gitian builder host ---------------------------------- +1. [Install dependencies](#install-dependencies) + * [Common dependencies](#common-dependencies) + * [Docker](#docker) + * [LXC](#lxc) + * [KVM](#kvm) + * [Apt-cacher](#apt-cacher) +2. [Usage](#usage) + * [Syntax](#syntax) + * [Example](#example) + * [Signing externally](#signing-externally) +3. [Publish signatures](#publish-signatures) -The first step is to prepare the host environment that will be used to perform the Gitian builds. -This guide explains how to set up the environment, and how to start the builds. +## Install dependencies -Debian Linux was chosen as the host distribution because it has a lightweight install (in contrast to Ubuntu) and is readily available. -Any kind of virtualization can be used, for example: -- [VirtualBox](https://www.virtualbox.org/) (covered by this guide) -- [KVM](http://www.linux-kvm.org/page/Main_Page) -- [LXC](https://linuxcontainers.org/), see also [Gitian host docker container](https://github.com/gdm85/tenku/tree/master/docker/gitian-bitcoin-host/README.md). +To perform a gitian build, you can use different virtualization software : Docker, KVM or LXC. Dependencies will change according to your choice. -You can also install Gitian on actual hardware instead of using virtualization. +You need to install some required dependencies whatever you will choose. -Create a new VirtualBox VM ---------------------------- -In the VirtualBox GUI click "New" and choose the following parameters in the wizard: +Use your packet manager to install them : `apt`, `brew`, `dnf`, `pacman`... -![](gitian-building/create_new_vm.png) - -- Type: Linux, Debian (64-bit) - -![](gitian-building/create_vm_memsize.png) - -- Memory Size: at least 3000MB, anything less and the build might not complete. - -![](gitian-building/create_vm_hard_disk.png) - -- Hard Disk: Create a virtual hard disk now - -![](gitian-building/create_vm_hard_disk_file_type.png) - -- Hard Disk file type: Use the default, VDI (VirtualBox Disk Image) - -![](gitian-building/create_vm_storage_physical_hard_disk.png) - -- Storage on physical hard disk: Dynamically Allocated - -![](gitian-building/create_vm_file_location_size.png) - -- File location and size: at least 40GB; as low as 20GB *may* be possible, but better to err on the safe side -- Click `Create` - -After creating the VM, we need to configure it. - -- Click the `Settings` button, then go to the `Network` tab. Adapter 1 should be attached to `NAT`. - -![](gitian-building/network_settings.png) - -- Click `Advanced`, then `Port Forwarding`. We want to set up a port through which we can reach the VM to get files in and out. -- Create a new rule by clicking the plus icon. - -![](gitian-building/port_forwarding_rules.png) - -- Set up the new rule the following way: - - Name: `SSH` - - Protocol: `TCP` - - Leave Host IP empty - - Host Port: `22222` - - Leave Guest IP empty - - Guest Port: `22` - -- Click `Ok` twice to save. - -Get the [Debian 8.x net installer](http://cdimage.debian.org/mirror/cdimage/archive/8.5.0/amd64/iso-cd/debian-8.5.0-amd64-netinst.iso) (a more recent minor version should also work, see also [Debian Network installation](https://www.debian.org/CD/netinst/)). -This DVD image can be [validated](https://www.debian.org/CD/verify) using a SHA256 hashing tool, for example on -Unixy OSes by entering the following in a terminal: - - echo "ad4e8c27c561ad8248d5ebc1d36eb172f884057bfeb2c22ead823f59fa8c3dff debian-8.5.0-amd64-netinst.iso" | sha256sum -c - # (must return OK) - -Then start the VM. On the first launch you will be asked for a CD or DVD image. Choose the downloaded ISO. - -![](gitian-building/select_startup_disk.png) - -Installing Debian ------------------- - -This section will explain how to install Debian on the newly created VM. - -- Choose the non-graphical installer. We do not need the graphical environment; it will only increase installation time and disk usage. - -![](gitian-building/debian_install_1_boot_menu.png) - -**Note**: Navigating in the Debian installer: -To keep a setting at the default and proceed, just press `Enter`. -To select a different button, press `Tab`. - -- Choose locale and keyboard settings (doesn't matter, you can just go with the defaults or select your own information) - -![](gitian-building/debian_install_2_select_a_language.png) -![](gitian-building/debian_install_3_select_location.png) -![](gitian-building/debian_install_4_configure_keyboard.png) - -- The VM will detect network settings using DHCP, this should all proceed automatically -- Configure the network: - - Hostname `debian`. - - Leave domain name empty. - -![](gitian-building/debian_install_5_configure_the_network.png) - -- Choose a root password and enter it twice (remember it for later) - -![](gitian-building/debian_install_6a_set_up_root_password.png) - -- Name the new user `debian` (the full name doesn't matter, you can leave it empty) -- Set the account username as `debian` - -![](gitian-building/debian_install_7_set_up_user_fullname.png) -![](gitian-building/debian_install_8_set_up_username.png) - -- Choose a user password and enter it twice (remember it for later) - -![](gitian-building/debian_install_9_user_password.png) - -- The installer will set up the clock using a time server; this process should be automatic -- Set up the clock: choose a time zone (depends on the locale settings that you picked earlier; specifics don't matter) - -![](gitian-building/debian_install_10_configure_clock.png) - -- Disk setup - - Partitioning method: Guided - Use the entire disk - -![](gitian-building/debian_install_11_partition_disks.png) - - - Select disk to partition: SCSI1 (0,0,0) - -![](gitian-building/debian_install_12_choose_disk.png) - - - Partition Disks -> *All files in one partition* - -![](gitian-building/all_files_in_one_partition.png) - - - Finish partitioning and write changes to disk -> *Yes* (`Tab`, `Enter` to select the `Yes` button) - -![](gitian-building/debian_install_14_finish.png) -![](gitian-building/debian_install_15_write_changes.png) - -- The base system will be installed, this will take a minute or so -- Choose a mirror (any will do) - -![](gitian-building/debian_install_16_choose_a_mirror.png) - -- Enter proxy information (unless you are on an intranet, leave this empty) - -![](gitian-building/debian_install_18_proxy_settings.png) - -- Wait a bit while 'Select and install software' runs -- Participate in popularity contest -> *No* -- Choose software to install. We need just the base system. -- Make sure only 'SSH server' and 'Standard System Utilities' are checked -- Uncheck 'Debian Desktop Environment' and 'Print Server' - -![](gitian-building/debian_install_19_software_selection.png) - -- Install the GRUB boot loader to the master boot record? -> Yes - -![](gitian-building/debian_install_20_install_grub.png) - -- Device for boot loader installation -> ata-VBOX_HARDDISK - -![](gitian-building/debian_install_21_install_grub_bootloader.png) - -- Installation Complete -> *Continue* -- After installation, the VM will reboot and you will have a working Debian VM. Congratulations! - -![](gitian-building/debian_install_22_finish_installation.png) - - -After Installation -------------------- -The next step in the guide involves logging in as root via SSH. -SSH login for root users is disabled by default, so we'll enable that now. - -Login to the VM using username `root` and the root password you chose earlier. -You'll be presented with a screen similar to this. - -![](gitian-building/debian_root_login.png) - -Type: +### Common dependencies +Following dependencies are required to run `gitian-build.sh`: ``` -sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config +git ruby wget ``` -and press enter. Then, + +Optionally, to sign or verify binaries : ``` -/etc/init.d/ssh restart +pgp ``` -and enter to restart SSH. Logout by typing 'logout' and pressing 'enter'. +*To create a PGP key to sign files, see : https://gnupg.org/gph/en/manual.html#INTRO. +You will need to specify your [user ID](https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html), find it using `gpg -k`.* -Connecting to the VM ----------------------- +### Docker -After the VM has booted you can connect to it using SSH, and files can be copied from and to the VM using a SFTP utility. -Connect to `localhost`, port `22222` (or the port configured when installing the VM). -On Windows you can use [putty](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) and [WinSCP](http://winscp.net/eng/index.php). +Follow [Docker official documentation](https://docs.docker.com/engine/install/) to install it for your operating system. -For example, to connect as `root` from a Linux command prompt use +Make sure your user can run `docker` command without root privilege by being in the docker group : +```bash +$ sudo usermod -aG docker $(whoami) - $ ssh root@localhost -p 22222 - The authenticity of host '[localhost]:22222 ([127.0.0.1]:22222)' can't be established. - RSA key fingerprint is ae:f5:c8:9f:17:c6:c7:1b:c2:1b:12:31:1d:bb:d0:c7. - Are you sure you want to continue connecting (yes/no)? yes - Warning: Permanently added '[localhost]:22222' (RSA) to the list of known hosts. - root@localhost's password: (enter root password configured during install) +# Enable group without logging out +$ newgrp docker +``` - The programs included with the Debian GNU/Linux system are free software; - the exact distribution terms for each program are described in the - individual files in /usr/share/doc/*/copyright. +Then use `--docker` option with `gitian-build.sh`. - Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent - permitted by applicable law. - root@debian:~# +### LXC +Install the following package : +``` +lxc +``` -Replace `root` with `debian` to log in as user. +Then use `--lxc` option with `gitian-build.sh`. -Setting up Debian for Gitian building --------------------------------------- +### KVM -In this section we will be setting up the Debian installation for Gitian building. +[Documentation not available, help is welcome] -First we need to log in as `root` to set up dependencies and make sure that our -user can use the sudo command. Type/paste the following in the terminal: +### Apt-cacher + +Disabled by default, `apt-cacher` enable to cache locally downloaded dependencies to save resources. + +You will need the following package : +``` +apache2 apt-cacher-ng +``` + +You can use your local server by using `--enable-apt-cacher`, or define `MIRROR_HOST` if you need to specify the server address. + +> **Be nice:** Please use cache for intensive ressource usage to save mirrors bandwith. + +## Usage + +`gitian-build.sh` is a standalone script, it can be downloaded and run outside of Dogecoin Core repository. + +It can download dependency files for the [Gitian](https://github.com/devrandom/gitian-builder), build and optionally sign binaries, or verify signatures. + +Binaries and signatures will be created in folder `gitian-output/`. + +### Syntax ```bash -apt-get install git ruby sudo apt-cacher-ng qemu-utils debootstrap lxc python-cheetah parted kpartx bridge-utils make ubuntu-archive-keyring curl -adduser debian sudo +$ ./gitian-build.sh [options] version + +# See help menu for available options +$ ./gitian-build.sh --help +Arguments: +version Version number, commit, or branch to build. If building a + commit or branch, the -c option must be specified + +Options: +--setup Setup dependencies for the gitian building environment. Uses Docker +-b|--build Do the gitian build +-B|--build-signed Build signed binaries for MacOS and Windows +-s|--sign name Sign builded executables with GPG +-v|--verify Verify the gitian build +--lxc Use LXC instead of KVM +--docker Use Docker instead of KVM +-o|--os lwx Specify which Operating Systems the build is for. Default is lwx, + l for Linux, w for Windows, x for MacOS +-j proc Number of processes to use. Default 2 +-m n Memory to allocate in MiB. Default 2000 +--enable-cache Use local apt-cacher server. If you need to specify host, use + MIRROR_HOST environment variable + +-c|--commit Indicate that the version argument is for a commit or branch +-u|--url repo Specify the URL of the repository. Default is https://github.com/dogecoin/dogecoin +--test CI TEST. Uses Docker +-h|--help Print this help message ``` -Then set up LXC and the rest with the following, which is a complex jumble of settings and workarounds: +### Example +The entire gitian flow can be performed step by step, example using docker : ```bash -# the version of lxc-start in Debian needs to run as root, so make sure -# that the build script can execute it without providing a password -echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc -echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-execute" >> /etc/sudoers.d/gitian-lxc -# make /etc/rc.local script that sets up bridge between guest and host -echo '#!/bin/sh -e' > /etc/rc.local -echo 'brctl addbr br0' >> /etc/rc.local -echo 'ifconfig br0 10.0.3.2/24 up' >> /etc/rc.local -echo 'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' >> /etc/rc.local -echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >> /etc/rc.local -echo 'exit 0' >> /etc/rc.local -# make sure that USE_LXC is always set when logging in as debian, -# and configure LXC IP addresses -echo 'export USE_LXC=1' >> /home/debian/.profile -echo 'export GITIAN_HOST_IP=10.0.3.2' >> /home/debian/.profile -echo 'export LXC_GUEST_IP=10.0.3.5' >> /home/debian/.profile -reboot +# Download Gitian dependencies +$ ./gitian-build.sh --docker --setup 1.14.4 + +# Build & sign executables +$ ./gitian-build.sh --docker --build --sign SIGNER 1.14.4 + +# Verify signatures +$ ./gitian-build.sh --verify 1.14.4 ``` -At the end the VM is rebooted to make sure that the changes take effect. The steps in this -section only need to be performed once. - -Installing Gitian ------------------- - -Re-login as the user `debian` that was created during installation. -The rest of the steps in this guide will be performed as that user. - -There is no `python-vm-builder` package in Debian, so we need to install it from source ourselves, - +Or to do everything at once : ```bash -wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr494.orig.tar.gz -echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c -# (verification -- must return OK) -tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz -cd vm-builder-0.12.4+bzr494 -sudo python setup.py install -cd .. +$ ./gitian-build.sh --docker --setup --build --sign SIGNER --verify 1.14.4 ``` -**Note**: When sudo asks for a password, enter the password for the user *debian* not for *root*. - -Clone the git repositories for dogecoin and Gitian. - -```bash -git clone https://github.com/devrandom/gitian-builder.git -git clone https://github.com/dogecoin/dogecoin.git -git clone https://github.com/dogecoin/gitian.sigs.git -``` - -Setting up the Gitian image -------------------------- - -Gitian needs a virtual image of the operating system to build in. -Currently this is Ubuntu Trusty x86_64. -This image will be copied and used every time that a build is started to -make sure that the build is deterministic. -Creating the image will take a while, but only has to be done once. - -Execute the following as user `debian`: - -```bash -cd gitian-builder -bin/make-base-vm --lxc --arch amd64 --suite trusty -``` - -There will be a lot of warnings printed during the build of the image. These can be ignored. - -**Note**: When sudo asks for a password, enter the password for the user *debian* not for *root*. - -Getting and building the inputs --------------------------------- - -At this point you have two options, you can either use the automated script (found in [contrib/gitian-build.sh](/contrib/gitian-build.sh)) or you could manually do everything by following this guide. If you're using the automated script, then run it with the "--setup" command. Afterwards, run it with the "--build" command (example: "contrib/gitian-building.sh -b signer 0.13.0"). Otherwise ignore this. - -Follow the instructions in [doc/release-process.md](release-process.md#fetch-and-create-inputs-first-time-or-when-dependency-versions-change) -in the dogecoin repository under 'Fetch and create inputs' to install sources which require -manual intervention. Also optionally follow the next step: 'Seed the Gitian sources cache -and offline git repositories' which will fetch the remaining files required for building -offline. - -Building Dogecoin Core ----------------- - -To build Dogecoin Core (for Linux, OS X and Windows) just follow the steps under 'perform -Gitian builds' in [doc/release-process.md](release-process.md#perform-gitian-builds) in the dogecoin repository. - -This may take some time as it will build all the dependencies needed for each descriptor. -These dependencies will be cached after a successful build to avoid rebuilding them when possible. - -At any time you can check the package installation and build progress with - -```bash -tail -f var/install.log -tail -f var/build.log -``` - -Output from `gbuild` will look something like - - Initialized empty Git repository in /home/debian/gitian-builder/inputs/dogecoin/.git/ - remote: Counting objects: 57959, done. - remote: Total 57959 (delta 0), reused 0 (delta 0), pack-reused 57958 - Receiving objects: 100% (57959/57959), 53.76 MiB | 484.00 KiB/s, done. - Resolving deltas: 100% (41590/41590), done. - From https://github.com/dogecoin/dogecoin - ... (new tags, new branch etc) - --- Building for trusty amd64 --- - Stopping target if it is up - Making a new image copy - stdin: is not a tty - Starting target - Checking if target is up - Preparing build environment - Updating apt-get repository (log in var/install.log) - Installing additional packages (log in var/install.log) - Grabbing package manifest - stdin: is not a tty - Creating build script (var/build-script) - lxc-start: Connection refused - inotify event with no name (mask 32768) - Running build script (log in var/build.log) - -Building an alternative repository ------------------------------------ - -If you want to do a test build of a pull on GitHub it can be useful to point -the Gitian builder at an alternative repository, using the same descriptors -and inputs. - -For example: -```bash -URL=https://github.com/laanwj/dogecoin.git -COMMIT=2014_03_windows_unicode_path -./bin/gbuild --commit dogecoin=${COMMIT} --url dogecoin=${URL} ../dogecoin/contrib/gitian-descriptors/gitian-linux.yml -./bin/gbuild --commit dogecoin=${COMMIT} --url dogecoin=${URL} ../dogecoin/contrib/gitian-descriptors/gitian-win.yml -./bin/gbuild --commit dogecoin=${COMMIT} --url dogecoin=${URL} ../dogecoin/contrib/gitian-descriptors/gitian-osx.yml -``` - -Building fully offline ------------------------ - -For building fully offline including attaching signatures to unsigned builds, the detached-sigs repository -and the dogecoin git repository with the desired tag must both be available locally, and then gbuild must be -told where to find them. It also requires an apt-cacher-ng which is fully-populated but set to offline mode, or -manually disabling gitian-builder's use of apt-get to update the VM build environment. - -To configure apt-cacher-ng as an offline cacher, you will need to first populate its cache with the relevant -files. You must additionally patch target-bin/bootstrap-fixup to set its apt sources to something other than -plain archive.ubuntu.com: us.archive.ubuntu.com works. - -So, if you use LXC: - -```bash -export PATH="$PATH":/path/to/gitian-builder/libexec -export USE_LXC=1 -cd /path/to/gitian-builder -./libexec/make-clean-vm --suite trusty --arch amd64 - -LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root apt-get update -LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root \ - -e DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -y install \ - $( sed -ne '/^packages:/,/[^-] .*/ {/^- .*/{s/"//g;s/- //;p}}' ../dogecoin/contrib/gitian-descriptors/*|sort|uniq ) -LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root apt-get -q -y purge grub -LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root -e DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade -``` - -And then set offline mode for apt-cacher-ng: - -``` -/etc/apt-cacher-ng/acng.conf -[...] -Offlinemode: 1 -[...] - -service apt-cacher-ng restart -``` - -Then when building, override the remote URLs that gbuild would otherwise pull from the Gitian descriptors:: -```bash - -cd /some/root/path/ -git clone https://github.com/dogecoin/dogecoin-detached-sigs.git - -BTCPATH=/some/root/path/dogecoin -SIGPATH=/some/root/path/dogecoin-detached-sigs - -./bin/gbuild --url dogecoin=${BTCPATH},signature=${SIGPATH} ../dogecoin/contrib/gitian-descriptors/gitian-win-signer.yml -``` - -Signing externally -------------------- +### Signing externally If you want to do the PGP signing on another device, that's also possible; just define `SIGNER` as mentioned and follow the steps in the build process as normal. - gpg: skipped "laanwj": secret key not available +```bash +$ gpg: skipped "laanwj": secret key not available +``` -When you execute `gsign` you will get an error from GPG, which can be ignored. Copy the resulting `.assert` files -in `gitian.sigs` to your signing machine and do +When you execute `gsign` you will get an error from GPG, which can be ignored. Copy the resulting `.assert` files in `gitian.sigs` to your signing machine and do ```bash gpg --detach-sign ${VERSION}-linux/${SIGNER}/dogecoin-linux-build.assert @@ -468,12 +161,12 @@ in `gitian.sigs` to your signing machine and do gpg --detach-sign ${VERSION}-osx-unsigned/${SIGNER}/dogecoin-osx-build.assert ``` -This will create the `.sig` files that can be committed together with the `.assert` files to assert your -Gitian build. +This will create the `.sig` files that can be committed together with the `.assert` files to assert your Gitian build. -Uploading signatures ---------------------- +## Publish signatures -After building and signing you can push your signatures (both the `.assert` and `.assert.sig` files) to the -[dogecoin/gitian.sigs](https://github.com/dogecoin/gitian.sigs/) repository, or if that's not possible create a pull -request. You can also mail the files to Wladimir (laanwj@gmail.com) and he will commit them. +Gitian signatures for each release are added to https://github.com/dogecoin/gitian.sigs. + +`gitian-build.sh` will create signatures inside `gitian-output/sigs/` folder. Create a pull request to [dogecoin/gitian.sigs](https://github.com/dogecoin/gitian.sigs) to publish your signatures, the `.assert` and `.assert.sig` files. + +**When your PR is merged, you will officially be a *Gitian Builder of Dogecoin* !** diff --git a/doc/gitian-building/all_files_in_one_partition.png b/doc/gitian-building/all_files_in_one_partition.png deleted file mode 100644 index 8cbb0d8ad..000000000 Binary files a/doc/gitian-building/all_files_in_one_partition.png and /dev/null differ diff --git a/doc/gitian-building/create_new_vm.png b/doc/gitian-building/create_new_vm.png deleted file mode 100644 index dd22428e1..000000000 Binary files a/doc/gitian-building/create_new_vm.png and /dev/null differ diff --git a/doc/gitian-building/create_vm_file_location_size.png b/doc/gitian-building/create_vm_file_location_size.png deleted file mode 100644 index 5f77206b6..000000000 Binary files a/doc/gitian-building/create_vm_file_location_size.png and /dev/null differ diff --git a/doc/gitian-building/create_vm_hard_disk.png b/doc/gitian-building/create_vm_hard_disk.png deleted file mode 100644 index 8e29816fa..000000000 Binary files a/doc/gitian-building/create_vm_hard_disk.png and /dev/null differ diff --git a/doc/gitian-building/create_vm_hard_disk_file_type.png b/doc/gitian-building/create_vm_hard_disk_file_type.png deleted file mode 100644 index a157211cf..000000000 Binary files a/doc/gitian-building/create_vm_hard_disk_file_type.png and /dev/null differ diff --git a/doc/gitian-building/create_vm_memsize.png b/doc/gitian-building/create_vm_memsize.png deleted file mode 100644 index 6f42cda73..000000000 Binary files a/doc/gitian-building/create_vm_memsize.png and /dev/null differ diff --git a/doc/gitian-building/create_vm_storage_physical_hard_disk.png b/doc/gitian-building/create_vm_storage_physical_hard_disk.png deleted file mode 100644 index cee16a6c6..000000000 Binary files a/doc/gitian-building/create_vm_storage_physical_hard_disk.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_10_configure_clock.png b/doc/gitian-building/debian_install_10_configure_clock.png deleted file mode 100644 index 7cda038ae..000000000 Binary files a/doc/gitian-building/debian_install_10_configure_clock.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_11_partition_disks.png b/doc/gitian-building/debian_install_11_partition_disks.png deleted file mode 100644 index 2a648c517..000000000 Binary files a/doc/gitian-building/debian_install_11_partition_disks.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_12_choose_disk.png b/doc/gitian-building/debian_install_12_choose_disk.png deleted file mode 100644 index 0f3acc498..000000000 Binary files a/doc/gitian-building/debian_install_12_choose_disk.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_14_finish.png b/doc/gitian-building/debian_install_14_finish.png deleted file mode 100644 index c8ef0b37a..000000000 Binary files a/doc/gitian-building/debian_install_14_finish.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_15_write_changes.png b/doc/gitian-building/debian_install_15_write_changes.png deleted file mode 100644 index d8de00dec..000000000 Binary files a/doc/gitian-building/debian_install_15_write_changes.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_16_choose_a_mirror.png b/doc/gitian-building/debian_install_16_choose_a_mirror.png deleted file mode 100644 index 0bd985b38..000000000 Binary files a/doc/gitian-building/debian_install_16_choose_a_mirror.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_18_proxy_settings.png b/doc/gitian-building/debian_install_18_proxy_settings.png deleted file mode 100644 index 2c19919f6..000000000 Binary files a/doc/gitian-building/debian_install_18_proxy_settings.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_19_software_selection.png b/doc/gitian-building/debian_install_19_software_selection.png deleted file mode 100644 index 5430456b1..000000000 Binary files a/doc/gitian-building/debian_install_19_software_selection.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_1_boot_menu.png b/doc/gitian-building/debian_install_1_boot_menu.png deleted file mode 100644 index 216502e1c..000000000 Binary files a/doc/gitian-building/debian_install_1_boot_menu.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_20_install_grub.png b/doc/gitian-building/debian_install_20_install_grub.png deleted file mode 100644 index d853c1587..000000000 Binary files a/doc/gitian-building/debian_install_20_install_grub.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_21_install_grub_bootloader.png b/doc/gitian-building/debian_install_21_install_grub_bootloader.png deleted file mode 100644 index 493ab806a..000000000 Binary files a/doc/gitian-building/debian_install_21_install_grub_bootloader.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_22_finish_installation.png b/doc/gitian-building/debian_install_22_finish_installation.png deleted file mode 100644 index 7c4445585..000000000 Binary files a/doc/gitian-building/debian_install_22_finish_installation.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_2_select_a_language.png b/doc/gitian-building/debian_install_2_select_a_language.png deleted file mode 100644 index 0228ae2c0..000000000 Binary files a/doc/gitian-building/debian_install_2_select_a_language.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_3_select_location.png b/doc/gitian-building/debian_install_3_select_location.png deleted file mode 100644 index 7b18fba97..000000000 Binary files a/doc/gitian-building/debian_install_3_select_location.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_4_configure_keyboard.png b/doc/gitian-building/debian_install_4_configure_keyboard.png deleted file mode 100644 index 8e46117de..000000000 Binary files a/doc/gitian-building/debian_install_4_configure_keyboard.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_5_configure_the_network.png b/doc/gitian-building/debian_install_5_configure_the_network.png deleted file mode 100644 index 8e3720f24..000000000 Binary files a/doc/gitian-building/debian_install_5_configure_the_network.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_6_domain_name.png b/doc/gitian-building/debian_install_6_domain_name.png deleted file mode 100644 index 7a986d92f..000000000 Binary files a/doc/gitian-building/debian_install_6_domain_name.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_6a_set_up_root_password.png b/doc/gitian-building/debian_install_6a_set_up_root_password.png deleted file mode 100644 index dcade1196..000000000 Binary files a/doc/gitian-building/debian_install_6a_set_up_root_password.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_7_set_up_user_fullname.png b/doc/gitian-building/debian_install_7_set_up_user_fullname.png deleted file mode 100644 index 6763c6e08..000000000 Binary files a/doc/gitian-building/debian_install_7_set_up_user_fullname.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_8_set_up_username.png b/doc/gitian-building/debian_install_8_set_up_username.png deleted file mode 100644 index bb04de96d..000000000 Binary files a/doc/gitian-building/debian_install_8_set_up_username.png and /dev/null differ diff --git a/doc/gitian-building/debian_install_9_user_password.png b/doc/gitian-building/debian_install_9_user_password.png deleted file mode 100644 index 981f1181d..000000000 Binary files a/doc/gitian-building/debian_install_9_user_password.png and /dev/null differ diff --git a/doc/gitian-building/debian_root_login.png b/doc/gitian-building/debian_root_login.png deleted file mode 100644 index 14cdd5ba5..000000000 Binary files a/doc/gitian-building/debian_root_login.png and /dev/null differ diff --git a/doc/gitian-building/network_settings.png b/doc/gitian-building/network_settings.png deleted file mode 100644 index 9e714fd15..000000000 Binary files a/doc/gitian-building/network_settings.png and /dev/null differ diff --git a/doc/gitian-building/port_forwarding_rules.png b/doc/gitian-building/port_forwarding_rules.png deleted file mode 100644 index 9e1fa2af2..000000000 Binary files a/doc/gitian-building/port_forwarding_rules.png and /dev/null differ diff --git a/doc/gitian-building/select_startup_disk.png b/doc/gitian-building/select_startup_disk.png deleted file mode 100644 index 59bc093e2..000000000 Binary files a/doc/gitian-building/select_startup_disk.png and /dev/null differ