guix: use osslsigncode 2.5 #27179
Merged
guix: use osslsigncode 2.5 #27179
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. |
fanquake
force-pushed
the
osslsigncode_2_4
branch
from
e25dabb
to
3558f46
Compare
|
It appears that osslsigncode has been updated to do more verification of the signature after applying it. It now requires having a CA bundle which is not currently present in our environment. The package diff --git a/contrib/guix/libexec/codesign.sh b/contrib/guix/libexec/codesign.sh
index f6322d761c..6ffa0f07b2 100755
--- a/contrib/guix/libexec/codesign.sh
+++ b/contrib/guix/libexec/codesign.sh
@@ -77,6 +77,7 @@ mkdir -p "$DISTSRC"
osslsigncode attach-signature \
-in "$infile" \
-out "${OUTDIR}/${infile_base/-unsigned}" \
+ -CAfile "$GUIX_ENVIRONMENT/etc/ssl/certs/ca-certificates.crt" \
-sigin codesignatures/win/"$infile_base".pem
done
;;
diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm
index 3519ec4b2b..85e3213ff9 100644
--- a/contrib/guix/manifest.scm
+++ b/contrib/guix/manifest.scm
@@ -601,7 +601,8 @@ inspecting signatures in Mach-O binaries.")
(list zip
(make-mingw-pthreads-cross-toolchain "x86_64-w64-mingw32")
(make-nsis-for-gcc-10 nsis-x86_64)
- osslsigncode))
+ osslsigncode
+ nss-certs))
((string-contains target "-linux-")
(list (make-bitcoin-cross-toolchain target)))
((string-contains target "darwin") |
Co-authored-by: Andrew Chow <github@achow101.com>
fanquake
force-pushed
the
osslsigncode_2_4
branch
from
3558f46
to
285edfa
Compare
|
@achow101 thanks for taking a look. Rebased, and pulled your changes in here, for further testing. |
c1471783bd078d094d886dc010ba6798c6d6abbd3b5329d7ce0ff3df05a3bcd9 guix-build-285edfadcacd/output/dist-archive/bitcoin-285edfadcacd.tar.gz
151e208ad965f1c89dda0ea01cff659930cdce060e1fc32e7db474fe5814a4a1 guix-build-285edfadcacd/output/x86_64-w64-mingw32/SHA256SUMS.part
d83fb0326d5c195d32a3243d494c34b6d0810c0aa36e174ff0d1eb1664f40413 guix-build-285edfadcacd/output/x86_64-w64-mingw32/bitcoin-285edfadcacd-win64-debug.zip
6f557b84042874ffbb6755cd279b3e45fa16b89eece12f8c3ab2546d4222c129 guix-build-285edfadcacd/output/x86_64-w64-mingw32/bitcoin-285edfadcacd-win64-setup-unsigned.exe
bb7e6579f81289046922b183676fa8e38502a19f61e3ad80969143ebdc602896 guix-build-285edfadcacd/output/x86_64-w64-mingw32/bitcoin-285edfadcacd-win64-unsigned.tar.gz
c87d623f93ff8995cc84e19af5a8195aa4b97c6c8c59bf37bc4f7c347ed69601 guix-build-285edfadcacd/output/x86_64-w64-mingw32/bitcoin-285edfadcacd-win64.zip |
|
ACK 285edfa |
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Mar 20, 2023
285edfa guix: use osslsigncode 2.5 (fanquake) Pull request description: Switches to using a newer version of [osslsigncode](https://github.com/mtrojnar/osslsigncode) in our Guix environment. achow101 can you test this with some sort of WIndows code-signing dry-run (no-rush). ACKs for top commit: achow101: ACK 285edfa Tree-SHA512: 2ab8f65e506bd97e74e76f24e791ae20694e567a751cc57d3a27f31f0733e3530d058ef19825a35dc21d1342e3fffc52d8d643258198c669cc68b6db41bda629
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 14, 2024
285edfa guix: use osslsigncode 2.5 (fanquake) Pull request description: Switches to using a newer version of [osslsigncode](https://github.com/mtrojnar/osslsigncode) in our Guix environment. achow101 can you test this with some sort of WIndows code-signing dry-run (no-rush). ACKs for top commit: achow101: ACK 285edfa Tree-SHA512: 2ab8f65e506bd97e74e76f24e791ae20694e567a751cc57d3a27f31f0733e3530d058ef19825a35dc21d1342e3fffc52d8d643258198c669cc68b6db41bda629
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 16, 2024
285edfa guix: use osslsigncode 2.5 (fanquake) Pull request description: Switches to using a newer version of [osslsigncode](https://github.com/mtrojnar/osslsigncode) in our Guix environment. achow101 can you test this with some sort of WIndows code-signing dry-run (no-rush). ACKs for top commit: achow101: ACK 285edfa Tree-SHA512: 2ab8f65e506bd97e74e76f24e791ae20694e567a751cc57d3a27f31f0733e3530d058ef19825a35dc21d1342e3fffc52d8d643258198c669cc68b6db41bda629
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 19, 2024
285edfa guix: use osslsigncode 2.5 (fanquake) Pull request description: Switches to using a newer version of [osslsigncode](https://github.com/mtrojnar/osslsigncode) in our Guix environment. achow101 can you test this with some sort of WIndows code-signing dry-run (no-rush). ACKs for top commit: achow101: ACK 285edfa Tree-SHA512: 2ab8f65e506bd97e74e76f24e791ae20694e567a751cc57d3a27f31f0733e3530d058ef19825a35dc21d1342e3fffc52d8d643258198c669cc68b6db41bda629
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 24, 2024
285edfa guix: use osslsigncode 2.5 (fanquake) Pull request description: Switches to using a newer version of [osslsigncode](https://github.com/mtrojnar/osslsigncode) in our Guix environment. achow101 can you test this with some sort of WIndows code-signing dry-run (no-rush). ACKs for top commit: achow101: ACK 285edfa Tree-SHA512: 2ab8f65e506bd97e74e76f24e791ae20694e567a751cc57d3a27f31f0733e3530d058ef19825a35dc21d1342e3fffc52d8d643258198c669cc68b6db41bda629
Fabcien
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Jan 31, 2024
Summary: Co-authored-by: Andrew Chow <github@achow101.com> This is a backport of [[bitcoin/bitcoin#27179 | core#27179]] Depends on D15325 Test Plan: `contrib/guix/guix-build` Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D15326
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Switches to using a newer version of osslsigncode in our Guix environment.
achow101 can you test this with some sort of WIndows code-signing dry-run (no-rush).