highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-07-12 15:22:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge #16669: build: use new fork of osslsigncode for windows gitian signing

Browse Source 
feb5075777 build: use osslsigncode 2.0 in gitian (fanquake)

Pull request description:

  The original osslsigncode project, https://sourceforge.net/projects/osslsigncode, has been marked as abandonware:
  > This is now - and has been for a long while - abandonware. Feel free to create your own forks etc.".

  However, a fork has emerged, https://github.com/mtrojnar/osslsigncode, that has incorporated
  theuni's patches ([add the -pem option in extract-signature mode ](36715c1183) & [add the attach-signature command](3be7eb1676)) as well as updated the tool to work with OpenSSL 1.1 and other improvements.

  This commit switches the windows signer descriptor to use this new version of `osslsigncode`.

  I've tested using this new version of `osslsigncode` while doing a 0.18.1 gitian build, and it "seems" to work. However this needs a look over from Cory, to check if the tool is still compatible with his usage in the [`detached-sig-create.sh`](https://github.com/bitcoin/bitcoin/blob/master/contrib/windeploy/detached-sig-create.sh) script, as well as some review of the changes to `osslsigncode` itself. Hence WIP and chasing Concept ACKs / NACKs.

ACKs for top commit:
  MarcoFalke:
    Concept ACK feb5075777 given that this upstream is now used in Ubuntu and Debian
  laanwj:
    ACK feb5075777

Tree-SHA512: c48de6dc32751d96dd04b920bfacca40af47a2883330ba0700371d56c580a7e45cedd8d8a913709d56be036762b63cb1825a98cff7aa77b6d7804fab11220850
This commit is contained in:
Wladimir J. van der Laan
2019-11-18 14:39:11 +01:00
parent ca1eeba0b0 feb5075777
commit 6fde676f64
3 changed files with 12 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
contrib/gitian-descriptors/gitian-win-signer.yml
View File

@ -6,15 +6,15 @@ suites:
architectures:
- "linux64"
packages:
# Once osslsigncode supports openssl 1.1, we can change this back to libssl-dev
- "libssl1.0-dev"
- "libssl-dev"
- "autoconf"
- "libtool"
- "pkg-config"
remotes:
- "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git"
"dir": "signature"
files:
- "osslsigncode-1.7.1.tar.gz"
- "osslsigncode-Backports-to-1.7.1.patch"
- "osslsigncode-2.0.tar.gz"
- "bitcoin-win-unsigned.tar.gz"
script: |
set -e -o pipefail
@ -23,16 +23,15 @@ script: |
SIGDIR=${BUILD_DIR}/signature/win
UNSIGNED_DIR=${BUILD_DIR}/unsigned
echo "f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 osslsigncode-1.7.1.tar.gz" | sha256sum -c
echo "a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 osslsigncode-Backports-to-1.7.1.patch" | sha256sum -c
echo "5a60e0a4b3e0b4d655317b2f12a810211c50242138322b16e7e01c6fbb89d92f osslsigncode-2.0.tar.gz" | sha256sum -c
mkdir -p ${UNSIGNED_DIR}
tar -C ${UNSIGNED_DIR} -xf bitcoin-win-unsigned.tar.gz
tar xf osslsigncode-1.7.1.tar.gz
cd osslsigncode-1.7.1
patch -p1 < ${BUILD_DIR}/osslsigncode-Backports-to-1.7.1.patch
tar xf osslsigncode-2.0.tar.gz
cd osslsigncode-2.0
./autogen.sh
./configure --without-gsf --without-curl --disable-dependency-tracking
make
find ${UNSIGNED_DIR} -name "*-unsigned.exe" | while read i; do