maxmustermann/dogecoin
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

build: use osslsigncode 2.0 in gitian

Browse source 
The original osslsigncode project (https://sourceforge.net/projects/osslsigncode/) has been marked as abandonware,
"This is now - and has been for a long while - abandonware. Feel free to create your own forks etc.".

However, a fork at https://github.com/mtrojnar/osslsigncode has emerged that has incorporated
theuni's patches, updated the tool to work with OpenSSL 1.1 and made other improvements.

This commit switches the windows signer descriptor to use this new version of osslsigncode.
This commit is contained in:
fanquake 2019-08-20 14:33:39 +08:00
parent a22b62481a
commit feb5075777
No known key found for this signature in database
GPG key ID: 2EEB9F5CC09526C1
3 changed files with 12 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
contrib/gitian-build.py
View file

@ -51,10 +51,8 @@ def build():
os.chdir('gitian-builder') os.chdir('gitian-builder')
os.makedirs('inputs', exist_ok=True) os.makedirs('inputs', exist_ok=True)
subprocess.check_call(['wget', '-N', '-P', 'inputs', 'https://downloads.sourceforge.net/project/osslsigncode/osslsigncode/osslsigncode-1.7.1.tar.gz']) subprocess.check_call(['wget', '-O' 'osslsigncode-2.0.tar.gz' '-N', '-P', 'inputs', 'https://github.com/mtrojnar/osslsigncode/archive/2.0.tar.gz'])
subprocess.check_call(['wget', '-N', '-P', 'inputs', 'https://bitcoincore.org/cfields/osslsigncode-Backports-to-1.7.1.patch']) subprocess.check_call(["echo '5a60e0a4b3e0b4d655317b2f12a810211c50242138322b16e7e01c6fbb89d92f inputs/osslsigncode-2.0.tar.gz' | sha256sum -c"], shell=True)
subprocess.check_call(["echo 'a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 inputs/osslsigncode-Backports-to-1.7.1.patch' | sha256sum -c"], shell=True)
subprocess.check_call(["echo 'f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 inputs/osslsigncode-1.7.1.tar.gz' | sha256sum -c"], shell=True)
subprocess.check_call(['make', '-C', '../bitcoin/depends', 'download', 'SOURCES_PATH=' + os.getcwd() + '/cache/common']) subprocess.check_call(['make', '-C', '../bitcoin/depends', 'download', 'SOURCES_PATH=' + os.getcwd() + '/cache/common'])
if args.linux: if args.linux:

17
contrib/gitian-descriptors/gitian-win-signer.yml
View file

@ -6,15 +6,15 @@ suites:
architectures: architectures:
- "amd64" - "amd64"
packages: packages:
# Once osslsigncode supports openssl 1.1, we can change this back to libssl-dev - "libssl-dev"
- "libssl1.0-dev"
- "autoconf" - "autoconf"
- "libtool"
- "pkg-config"
remotes: remotes:
- "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git" - "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git"
"dir": "signature" "dir": "signature"
files: files:
- "osslsigncode-1.7.1.tar.gz" - "osslsigncode-2.0.tar.gz"
- "osslsigncode-Backports-to-1.7.1.patch"
- "bitcoin-win-unsigned.tar.gz" - "bitcoin-win-unsigned.tar.gz"
script: | script: |
set -e -o pipefail set -e -o pipefail
@ -23,16 +23,15 @@ script: |
SIGDIR=${BUILD_DIR}/signature/win SIGDIR=${BUILD_DIR}/signature/win
UNSIGNED_DIR=${BUILD_DIR}/unsigned UNSIGNED_DIR=${BUILD_DIR}/unsigned
echo "f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 osslsigncode-1.7.1.tar.gz" | sha256sum -c echo "5a60e0a4b3e0b4d655317b2f12a810211c50242138322b16e7e01c6fbb89d92f osslsigncode-2.0.tar.gz" | sha256sum -c
echo "a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 osslsigncode-Backports-to-1.7.1.patch" | sha256sum -c
mkdir -p ${UNSIGNED_DIR} mkdir -p ${UNSIGNED_DIR}
tar -C ${UNSIGNED_DIR} -xf bitcoin-win-unsigned.tar.gz tar -C ${UNSIGNED_DIR} -xf bitcoin-win-unsigned.tar.gz
tar xf osslsigncode-1.7.1.tar.gz tar xf osslsigncode-2.0.tar.gz
cd osslsigncode-1.7.1 cd osslsigncode-2.0
patch -p1 < ${BUILD_DIR}/osslsigncode-Backports-to-1.7.1.patch
./autogen.sh
./configure --without-gsf --without-curl --disable-dependency-tracking ./configure --without-gsf --without-curl --disable-dependency-tracking
make make
find ${UNSIGNED_DIR} -name "*-unsigned.exe" | while read i; do find ${UNSIGNED_DIR} -name "*-unsigned.exe" | while read i; do

6
doc/release-process.md
View file

@ -116,10 +116,8 @@ Ensure gitian-builder is up-to-date:
pushd ./gitian-builder pushd ./gitian-builder
mkdir -p inputs mkdir -p inputs
wget -P inputs https://bitcoincore.org/cfields/osslsigncode-Backports-to-1.7.1.patch wget -O osslsigncode-2.0.tar.gz -P inputs https://github.com/mtrojnar/osslsigncode/archive/2.0.tar.gz
echo 'a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 inputs/osslsigncode-Backports-to-1.7.1.patch' | sha256sum -c echo '5a60e0a4b3e0b4d655317b2f12a810211c50242138322b16e7e01c6fbb89d92f inputs/osslsigncode-2.0.tar.gz' | sha256sum -c
wget -P inputs https://downloads.sourceforge.net/project/osslsigncode/osslsigncode/osslsigncode-1.7.1.tar.gz
echo 'f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 inputs/osslsigncode-1.7.1.tar.gz' | sha256sum -c
popd popd
Create the macOS SDK tarball, see the [macOS build instructions](build-osx.md#deterministic-macos-dmg-notes) for details, and copy it into the inputs directory. Create the macOS SDK tarball, see the [macOS build instructions](build-osx.md#deterministic-macos-dmg-notes) for details, and copy it into the inputs directory.