New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures #6269

Merged
merged 1 commit into from Jun 15, 2015

Conversation

Projects
None yet
4 participants
@theuni
Member

theuni commented Jun 10, 2015

Rather than fetching a signature.tar.gz from somewhere on the net, instruct Gitian to use a signature from a tag in the bitcoin-detached-sigs repository which corresponds to the tag of the release being built.

Gitian should then be run something like:

./bin/gbuild --commit signature=v0.11.0rc2 ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml

This changes detached-sig-apply.sh to take a dirname rather than a tarball as an argument, though detached-sig-create.sh still outputs a tarball for convenience.

The dir structure was also altered to add an 'osx' prefix, so that detached win signatures may be added in the future without clashing.

I've successfully tested by creating tags in local bitcoin/bitcoin-detached-sigs repos and walking through the build process like a real release.

Safe for 0.11 backport.

gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures
Rather than fetching a signature.tar.gz from somewhere on the net, instruct
Gitian to use a signature from a tag in the bitcoin-detached-sigs repository
which corresponds to the tag of the release being built.

This changes detached-sig-apply.sh to take a dirname rather than a tarball as
an argument, though detached-sig-create.sh still outputs a tarball for
convenience.
@fanquake

This comment has been minimized.

Show comment
Hide comment
@fanquake

fanquake Jun 11, 2015

Member

Concept ACK. Definite improvement over the someone pastes a URL in IRC and everyone fetches it method.

Now that you've removed Gavin from the doc, does that mean that the key is held by multiple people? Do we assume the signer is whoever commits the sig to the repo?

Member

fanquake commented Jun 11, 2015

Concept ACK. Definite improvement over the someone pastes a URL in IRC and everyone fetches it method.

Now that you've removed Gavin from the doc, does that mean that the key is held by multiple people? Do we assume the signer is whoever commits the sig to the repo?

@laanwj laanwj added the Build system label Jun 12, 2015

@laanwj

This comment has been minimized.

Show comment
Hide comment
@laanwj

laanwj Jun 12, 2015

Member

Now that you've removed Gavin from the doc, does that mean that the key is held by multiple people? Do we assume the signer is whoever commits the sig to the repo?

For privacy/security reasons we'd rather not elaborate on that. Still need to figure a way to do threshold signing, or multisig. so there is no central point of failure there.

Member

laanwj commented Jun 12, 2015

Now that you've removed Gavin from the doc, does that mean that the key is held by multiple people? Do we assume the signer is whoever commits the sig to the repo?

For privacy/security reasons we'd rather not elaborate on that. Still need to figure a way to do threshold signing, or multisig. so there is no central point of failure there.

@luke-jr

This comment has been minimized.

Show comment
Hide comment
@luke-jr

luke-jr Jun 15, 2015

Member

How does this interact with other signers? Will a central key be available for use to sign releases outside bitcoin/bitcoin?

Member

luke-jr commented Jun 15, 2015

How does this interact with other signers? Will a central key be available for use to sign releases outside bitcoin/bitcoin?

@laanwj

This comment has been minimized.

Show comment
Hide comment
@laanwj

laanwj Jun 15, 2015

Member

@luke-jr This just changes how the signatures are distributed (and integrated)

Member

laanwj commented Jun 15, 2015

@luke-jr This just changes how the signatures are distributed (and integrated)

@laanwj laanwj merged commit c110575 into bitcoin:master Jun 15, 2015

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

laanwj added a commit that referenced this pull request Jun 15, 2015

Merge pull request #6269
c110575 gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures (Cory Fields)

laanwj added a commit that referenced this pull request Jun 15, 2015

gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures
Rather than fetching a signature.tar.gz from somewhere on the net, instruct
Gitian to use a signature from a tag in the bitcoin-detached-sigs repository
which corresponds to the tag of the release being built.

This changes detached-sig-apply.sh to take a dirname rather than a tarball as
an argument, though detached-sig-create.sh still outputs a tarball for
convenience.

Github-Pull: #6269
Rebased-From: c110575
@theuni

This comment has been minimized.

Show comment
Hide comment
@theuni

theuni Jun 15, 2015

Member

Yes, this was just a change in how the signatures are fetched to make things easier for gitian builders. Now there's no need to look around on irc/mail for a link to a sig, the descriptor knows where to look and can use it as soon as it's been committed.

Member

theuni commented Jun 15, 2015

Yes, this was just a change in how the signatures are fetched to make things easier for gitian builders. Now there's no need to look around on irc/mail for a link to a sig, the descriptor knows where to look and can use it as soon as it's been committed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment