Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures #6269

Merged
merged 1 commit into from Jun 15, 2015

Conversation

@theuni
Copy link
Member

theuni commented Jun 10, 2015

Rather than fetching a signature.tar.gz from somewhere on the net, instruct Gitian to use a signature from a tag in the bitcoin-detached-sigs repository which corresponds to the tag of the release being built.

Gitian should then be run something like:

./bin/gbuild --commit signature=v0.11.0rc2 ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml

This changes detached-sig-apply.sh to take a dirname rather than a tarball as an argument, though detached-sig-create.sh still outputs a tarball for convenience.

The dir structure was also altered to add an 'osx' prefix, so that detached win signatures may be added in the future without clashing.

I've successfully tested by creating tags in local bitcoin/bitcoin-detached-sigs repos and walking through the build process like a real release.

Safe for 0.11 backport.

Rather than fetching a signature.tar.gz from somewhere on the net, instruct
Gitian to use a signature from a tag in the bitcoin-detached-sigs repository
which corresponds to the tag of the release being built.

This changes detached-sig-apply.sh to take a dirname rather than a tarball as
an argument, though detached-sig-create.sh still outputs a tarball for
convenience.
@fanquake
Copy link
Member

fanquake commented Jun 11, 2015

Concept ACK. Definite improvement over the someone pastes a URL in IRC and everyone fetches it method.

Now that you've removed Gavin from the doc, does that mean that the key is held by multiple people? Do we assume the signer is whoever commits the sig to the repo?

@laanwj laanwj added the Build system label Jun 12, 2015
@laanwj
Copy link
Member

laanwj commented Jun 12, 2015

Now that you've removed Gavin from the doc, does that mean that the key is held by multiple people? Do we assume the signer is whoever commits the sig to the repo?

For privacy/security reasons we'd rather not elaborate on that. Still need to figure a way to do threshold signing, or multisig. so there is no central point of failure there.

@luke-jr
Copy link
Member

luke-jr commented Jun 15, 2015

How does this interact with other signers? Will a central key be available for use to sign releases outside bitcoin/bitcoin?

@laanwj
Copy link
Member

laanwj commented Jun 15, 2015

@luke-jr This just changes how the signatures are distributed (and integrated)

@laanwj laanwj merged commit c110575 into bitcoin:master Jun 15, 2015
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
laanwj added a commit that referenced this pull request Jun 15, 2015
c110575 gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures (Cory Fields)
laanwj added a commit that referenced this pull request Jun 15, 2015
Rather than fetching a signature.tar.gz from somewhere on the net, instruct
Gitian to use a signature from a tag in the bitcoin-detached-sigs repository
which corresponds to the tag of the release being built.

This changes detached-sig-apply.sh to take a dirname rather than a tarball as
an argument, though detached-sig-create.sh still outputs a tarball for
convenience.

Github-Pull: #6269
Rebased-From: c110575
@theuni
Copy link
Member Author

theuni commented Jun 15, 2015

Yes, this was just a change in how the signatures are fetched to make things easier for gitian builders. Now there's no need to look around on irc/mail for a link to a sig, the descriptor knows where to look and can use it as soon as it's been committed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
You can’t perform that action at this time.