Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures #6269
Rather than fetching a signature.tar.gz from somewhere on the net, instruct Gitian to use a signature from a tag in the bitcoin-detached-sigs repository which corresponds to the tag of the release being built.
Gitian should then be run something like:
./bin/gbuild --commit signature=v0.11.0rc2 ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml
This changes detached-sig-apply.sh to take a dirname rather than a tarball as an argument, though detached-sig-create.sh still outputs a tarball for convenience.
The dir structure was also altered to add an 'osx' prefix, so that detached win signatures may be added in the future without clashing.
I've successfully tested by creating tags in local bitcoin/bitcoin-detached-sigs repos and walking through the build process like a real release.
Safe for 0.11 backport.
Concept ACK. Definite improvement over the someone pastes a URL in IRC and everyone fetches it method.
Now that you've removed Gavin from the doc, does that mean that the key is held by multiple people? Do we assume the signer is whoever commits the sig to the repo?
For privacy/security reasons we'd rather not elaborate on that. Still need to figure a way to do threshold signing, or multisig. so there is no central point of failure there.