build: use osslsigncode 2.0 in gitian

The original osslsigncode project (https://sourceforge.net/projects/osslsigncode/) has been marked as abandonware, "This is now - and has been for a long while - abandonware. Feel free to create your own forks etc.". However, a fork at https://github.com/mtrojnar/osslsigncode has emerged that has incorporated theuni's patches, updated the tool to work with OpenSSL 1.1 and made other improvements. This commit switches the windows signer descriptor to use this new version of osslsigncode.
2019-08-20 14:33:39 +08:00 · 2019-08-20 14:33:39 +08:00 · feb5075777
parent a22b62481a
commit feb5075777
3 changed files with 12 additions and 17 deletions
--- a/contrib/gitian-build.py
+++ b/contrib/gitian-build.py
@ -51,10 +51,8 @@ def build():
    os.chdir('gitian-builder')
    os.makedirs('inputs', exist_ok=True)

-    subprocess.check_call(['wget', '-N', '-P', 'inputs', 'https://downloads.sourceforge.net/project/osslsigncode/osslsigncode/osslsigncode-1.7.1.tar.gz'])
-    subprocess.check_call(['wget', '-N', '-P', 'inputs', 'https://bitcoincore.org/cfields/osslsigncode-Backports-to-1.7.1.patch'])
-    subprocess.check_call(["echo 'a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 inputs/osslsigncode-Backports-to-1.7.1.patch' | sha256sum -c"], shell=True)
-    subprocess.check_call(["echo 'f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 inputs/osslsigncode-1.7.1.tar.gz' | sha256sum -c"], shell=True)
+    subprocess.check_call(['wget', '-O' 'osslsigncode-2.0.tar.gz' '-N', '-P', 'inputs', 'https://github.com/mtrojnar/osslsigncode/archive/2.0.tar.gz'])
+    subprocess.check_call(["echo '5a60e0a4b3e0b4d655317b2f12a810211c50242138322b16e7e01c6fbb89d92f inputs/osslsigncode-2.0.tar.gz' | sha256sum -c"], shell=True)
    subprocess.check_call(['make', '-C', '../bitcoin/depends', 'download', 'SOURCES_PATH=' + os.getcwd() + '/cache/common'])

    if args.linux:
--- a/contrib/gitian-descriptors/gitian-win-signer.yml
+++ b/contrib/gitian-descriptors/gitian-win-signer.yml
@ -6,15 +6,15 @@ suites:
 architectures:
 - "amd64"
 packages:
-# Once osslsigncode supports openssl 1.1, we can change this back to libssl-dev
- "libssl1.0-dev"
+- "libssl-dev"
 - "autoconf"
+- "libtool"
+- "pkg-config"
 remotes:
 - "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git"
  "dir": "signature"
 files:
- "osslsigncode-1.7.1.tar.gz"
- "osslsigncode-Backports-to-1.7.1.patch"
+- "osslsigncode-2.0.tar.gz"
 - "bitcoin-win-unsigned.tar.gz"
 script: |
  set -e -o pipefail
@ -23,16 +23,15 @@ script: |
  SIGDIR=${BUILD_DIR}/signature/win
  UNSIGNED_DIR=${BUILD_DIR}/unsigned

-  echo "f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9  osslsigncode-1.7.1.tar.gz" | sha256sum -c
-  echo "a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911  osslsigncode-Backports-to-1.7.1.patch" | sha256sum -c
+  echo "5a60e0a4b3e0b4d655317b2f12a810211c50242138322b16e7e01c6fbb89d92f  osslsigncode-2.0.tar.gz" | sha256sum -c

  mkdir -p ${UNSIGNED_DIR}
  tar -C ${UNSIGNED_DIR} -xf bitcoin-win-unsigned.tar.gz

-  tar xf osslsigncode-1.7.1.tar.gz
-  cd osslsigncode-1.7.1
-  patch -p1 < ${BUILD_DIR}/osslsigncode-Backports-to-1.7.1.patch
+  tar xf osslsigncode-2.0.tar.gz
+  cd osslsigncode-2.0

+  ./autogen.sh
  ./configure --without-gsf --without-curl --disable-dependency-tracking
  make
  find ${UNSIGNED_DIR} -name "*-unsigned.exe" | while read i; do
--- a/doc/release-process.md
+++ b/doc/release-process.md
@ -116,10 +116,8 @@ Ensure gitian-builder is up-to-date:

    pushd ./gitian-builder
    mkdir -p inputs
-    wget -P inputs https://bitcoincore.org/cfields/osslsigncode-Backports-to-1.7.1.patch
-    echo 'a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 inputs/osslsigncode-Backports-to-1.7.1.patch' | sha256sum -c
-    wget -P inputs https://downloads.sourceforge.net/project/osslsigncode/osslsigncode/osslsigncode-1.7.1.tar.gz
-    echo 'f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 inputs/osslsigncode-1.7.1.tar.gz' | sha256sum -c
+    wget -O osslsigncode-2.0.tar.gz -P inputs https://github.com/mtrojnar/osslsigncode/archive/2.0.tar.gz
+    echo '5a60e0a4b3e0b4d655317b2f12a810211c50242138322b16e7e01c6fbb89d92f inputs/osslsigncode-2.0.tar.gz' | sha256sum -c
    popd

 Create the macOS SDK tarball, see the [macOS build instructions](build-osx.md#deterministic-macos-dmg-notes) for details, and copy it into the inputs directory.