[28.x] Backport #31407 #32563

pull fanquake wants to merge 11 commits into bitcoin:28.x from fanquake:backport_codesigning changing 7 files +143 −75
  1. fanquake commented at 12:46 pm on May 19, 2025: member
    Backports #31407 + #32003.
  2. guix: Rename unsigned.tar.gz to codesigning.tar.gz 
    The tarballs used for codesigning are more than merely unsigned, they
also contain scripts and other data for codesigning. Rename them to
codesigning.tar.gz to distinguish from tarballs containing actually just
the unsigned binaries.

Github-Pull: #31407
Rebased-From: c214e5268fa9322a83cbba6d47d33f830efdd89e
    82a96c416b
  3. guix: Rename MacOS binaries to unsigned.tar.gz 
    The MacOS binaries are unsigned and therefore also unusable on MacOS.
Indicate as such by naming the tarball "unsigned".

Github-Pull: #31407
Rebased-From: d9d49cd533bd430776c0cbe2fd666ffec3e6637b
    398caff58e
  4. guix: Rename Windows unsigned binaries to unsigned.zip 
    As codesigned binaries will be published, the unsigned ones should be
clearly marked as such.

Github-Pull: #31407
Rebased-From: 4e5c9ceb9dd5a6ad8eea689d916a632e4d482812
    840a1dcdfe
  5. build: Include all MacOS binaries for codesigning 
    Github-Pull: #31407
Rebased-From: dd4ec840eeb468e94cfc9e3c72cfbfd6704dc0da
    26211e0f0e
  6. build: Include all Windows binaries for codesigning 
    Github-Pull: #31407
Rebased-From: e8b3c44da6e060464970717bbd0a5bf84867b82c
    0e36154386
  7. guix: Update signapple 
    Github-Pull: #31407
Rebased-From: 710d5b5149d0bc36d2643281d81f8f9b0c51b480
    6eb425e598
  8. contrib: Sign and notarize all MacOS binaries 
    Signapple has been updated to sign individual binaries, and notarize app
bundles and binaries. When codesigning, all individual binaries will be
codesigned, and both the app bundle and individual binaries will be
notarized.

Github-Pull: #31407
Rebased-From: 31d325464d0cf2d06888e0c543ae26a944f2ec6b
    ca4c96d5a1
  9. guix: Apply codesignatures to all MacOS binaries 
    Github-Pull: #31407
Rebased-From: aafbd23fd97ac242f7f83e5f0fff20044176e126
    95b5b0a36c
  10. guix: Apply all codesignatures to Windows binaries 
    Github-Pull: #31407
Rebased-From: e181bda061ca63021511be6e286fdf6a5818df49
    428ff8b0da
  11. doc: remove note about macOS self-signing 
    Followup to #31407.

Github-Pull: #32003
Rebased-From: c873ab6f23e027af1c5837256ce3c9eccaf409cb
    fcbccf3ba0
  12. doc: update release-notes.md 371a63e073
  13. fanquake added this to the milestone 28.2 on May 19, 2025
  14. DrahtBot commented at 12:46 pm on May 19, 2025: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32563.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept ACK pinheadmz

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    LLM Linter (✨ experimental)

    Possible typos and grammar issues:

    • Deterministic produce -> Deterministically produce [should be adverb modifying ‘produce’]
  15. DrahtBot added the label Backport on May 19, 2025
  16. pinheadmz commented at 1:18 pm on May 19, 2025: member
    Concept ACK, starting guix build of this branch and will try to codesign with certificate
  17. DrahtBot added the label CI failed on May 19, 2025
  18. pinheadmz commented at 2:50 pm on May 19, 2025: member

    codesigning hung forever at one point. I SIGINT it and got a possibly helpful error:

     0--> ./detached-sig-create.sh <redacted>
 1WARNING: Part of the file was not parsed: 37803 bytes
 2Enter the passphrase for <redacted>:
 3Enter the passphrase for <redacted>:
 4WARNING: Part of the file was not parsed: 37803 bytes
 5Code signature created
 6WARNING: Part of the file was not parsed: 37803 bytes
 7WARNING: Part of the file was not parsed: 37803 bytes
 8Code signature applied
 9WARNING: Part of the file was not parsed: 37803 bytes
10Code signature is valid
11Notarization ID: 3d941711-8e4b-473c-b504-02f5348a0176
12Uploading...
13Polling notarization status
14Polling notarization status
15Polling notarization status
16Polling notarization status
17Polling notarization status
18WARNING: Part of the file was not parsed: 37803 bytes
19Stapling
20Notarization stapled to bundle
21
22^C
23
24Traceback (most recent call last):
25  File "/opt/homebrew/Cellar/python@3.11/3.11.11/Frameworks/Python.framework/Versions/3.11/lib/python3.11/zipfile.py", line 1815, in write
26    shutil.copyfileobj(src, dest, 1024*8)
27  File "/opt/homebrew/Cellar/python@3.11/3.11.11/Frameworks/Python.framework/Versions/3.11/lib/python3.11/shutil.py", line 200, in copyfileobj
28    fdst_write(buf)
29  File "/opt/homebrew/Cellar/python@3.11/3.11.11/Frameworks/Python.framework/Versions/3.11/lib/python3.11/zipfile.py", line 1178, in write
30    data = self._compressor.compress(data)
31           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
32KeyboardInterrupt
33
34During handling of the above exception, another exception occurred:
35
36Traceback (most recent call last):
37  File "/opt/homebrew/bin/signapple", line 8, in <module>
38    sys.exit(main())
39             ^^^^^^
40  File "/Users/matthewzipkin/Desktop/work/signapple/signapple/__init__.py", line 192, in main
41    args.func(args)
42  File "/Users/matthewzipkin/Desktop/work/signapple/signapple/__init__.py", line 52, in do_notarize
43    notarize(
44  File "/Users/matthewzipkin/Desktop/work/signapple/signapple/notarize.py", line 345, in notarize
45    _submit_for_notarization(
46  File "/Users/matthewzipkin/Desktop/work/signapple/signapple/notarize.py", line 292, in _submit_for_notarization
47    zipped = shutil.make_archive(
48             ^^^^^^^^^^^^^^^^^^^^
49  File "/opt/homebrew/Cellar/python@3.11/3.11.11/Frameworks/Python.framework/Versions/3.11/lib/python3.11/shutil.py", line 1165, in make_archive
50    filename = func(base_name, base_dir, **kwargs)
51               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
52  File "/opt/homebrew/Cellar/python@3.11/3.11.11/Frameworks/Python.framework/Versions/3.11/lib/python3.11/shutil.py", line 1046, in _make_zipfile
53    zf.write(path, arcname)
54  File "/opt/homebrew/Cellar/python@3.11/3.11.11/Frameworks/Python.framework/Versions/3.11/lib/python3.11/zipfile.py", line 1814, in write
55    with open(filename, "rb") as src, self.open(zinfo, 'w') as dest:
56  File "/opt/homebrew/Cellar/python@3.11/3.11.11/Frameworks/Python.framework/Versions/3.11/lib/python3.11/zipfile.py", line 1201, in close
57    raise RuntimeError("File size too large, try using force_zip64")
58RuntimeError: File size too large, try using force_zip64


fanquake DrahtBot pinheadmz

Labels
Backport CI failed

Milestone
28.2

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-05-20 03:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me