add Apple SDK download to gitian-build.py #14539

pull charlesrocket wants to merge 1 commits into bitcoin:master from charlesrocket:gitian-build-sdk changing 1 files +2 −0
  1. charlesrocket commented at 7:50 PM on October 21, 2018: none

    Add Apple SDK to macos build stage. This would provide easier approach to the builds.

  2. add Apple SDK download and checksum 055c7dddc6
  3. charlesrocket renamed this:
    add Apple SDK download and checksum
    add Apple SDK download to gitian-build.py
    on Oct 21, 2018
  4. fanquake added the label Scripts and tools on Oct 21, 2018
  5. Sjors commented at 7:04 AM on October 22, 2018: member

    Concept ACK. I didn't even know we were hosting this file.

    It's a lot easier than the instructions here: https://github.com/bitcoin-core/docs/blob/master/gitian-building/gitian-building-mac-os-sdk.md#macos-host

    macOS doesn't have sha256sum by default, so it's better to use shashum -a 256. It also needs a double space:

    echo 'bec9d089ebf2e2dd59b1a811a38ec78ebd5da18cbbcd6ab39d1e59f64ac5033f  inputs/MacOSX10.11.sdk.tar.gz' | shasum -a 256 -c

    The checksum bec9d089ebf2e2dd59b1a811a38ec78ebd5da18cbbcd6ab39d1e59f64ac5033f matches the download from bitcoincore.org, but it does not match the version I obtained from Apple and extracted some time ago (3df21687a963d46e2356f6df2ab4ec72b05a993a132a797884aaefe7d924e3ed). Maybe that process wasn't deterministic.

  6. luke-jr commented at 11:36 AM on October 22, 2018: member

    NACK. People need to download the SDK from Apple and convert it to the tar.gz themselves. This is for two reasons: 1) security, not trusting some opaque blob provided by the project, and 2) we don't even have a license to distribute this file last I checked (it's full of Apple-copyrighted stuff).

    We're not hosting the file for people to download, only as an internal thing for Travis to run with it. If people start downloading it, we might need to rename or IP-lock fetches.

    The process of converting the SDK to a tar.gz is not intended to be deterministic.

    (Also, if it turns out people are using someone else's SDK, we should probably check their gitian signatures and reject them, since reused SDKs defeat the point of the process...)

  7. ken2812221 commented at 1:01 PM on October 22, 2018: contributor

    NACK. Agree with @luke-jr

  8. charlesrocket commented at 2:45 PM on October 22, 2018: none

    @luke-jr I had the same feeling about the SDK, but then I spotted it on the server and thought maybe something is changed along with clang

  9. jonasschnelli commented at 4:05 PM on October 22, 2018: contributor

    @luke-jr: your point 1): is there a different (on security) compared to download the clang compiler?

  10. luke-jr commented at 7:47 PM on October 22, 2018: member

    @jonasschnelli Downloading from a vendor vs downloading from someone involved in Bitcoin.

  11. fanquake deleted a comment on Oct 22, 2018
  12. fanquake deleted a comment on Oct 22, 2018
  13. fanquake deleted a comment on Oct 22, 2018
  14. charlesrocket commented at 12:37 AM on October 23, 2018: none

    @jonasschnelli there is a point here since you can not really verify how tar was packed, besides the fact that it is hosted on official project domain. think it would be right to close this for now.

  15. charlesrocket closed this on Oct 23, 2018
  16. Sjors commented at 3:24 AM on October 23, 2018: member

    Sorry for the duplicate posts; Github was giving me error messages.

    Agree with @luke-jr.

    We could however make it marginally easier to automatically download and extract the thing from Apple. Dealing with their 2FA in a Python script is not a good idea, but the script could pause and tell the user "Login to your Apple account and download the following URL to [here]"

  17. charlesrocket commented at 2:35 PM on October 27, 2018: none

    @Sjors theres xcode-install, but apple has no method for authentication on their website that could fit in a script, and they not planning to change that

  18. DrahtBot locked this on Sep 8, 2021
Contributors
charlesrocketSjorsluke-jrken2812221jonasschnelli
Labels
Scripts and tools
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-22 18:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me