gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures #6269

pull theuni wants to merge 1 commits into bitcoin:master from theuni:osx-sigs-git changing 4 files +11 −11
  1. theuni commented at 10:02 PM on June 10, 2015: member

    Rather than fetching a signature.tar.gz from somewhere on the net, instruct Gitian to use a signature from a tag in the bitcoin-detached-sigs repository which corresponds to the tag of the release being built.

    Gitian should then be run something like:

    ./bin/gbuild --commit signature=v0.11.0rc2 ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml

    This changes detached-sig-apply.sh to take a dirname rather than a tarball as an argument, though detached-sig-create.sh still outputs a tarball for convenience.

    The dir structure was also altered to add an 'osx' prefix, so that detached win signatures may be added in the future without clashing.

    I've successfully tested by creating tags in local bitcoin/bitcoin-detached-sigs repos and walking through the build process like a real release.

    Safe for 0.11 backport.

  2. gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures
    Rather than fetching a signature.tar.gz from somewhere on the net, instruct
Gitian to use a signature from a tag in the bitcoin-detached-sigs repository
which corresponds to the tag of the release being built.

This changes detached-sig-apply.sh to take a dirname rather than a tarball as
an argument, though detached-sig-create.sh still outputs a tarball for
convenience.
    c110575a92
  3. fanquake commented at 4:53 AM on June 11, 2015: member

    Concept ACK. Definite improvement over the someone pastes a URL in IRC and everyone fetches it method.

    Now that you've removed Gavin from the doc, does that mean that the key is held by multiple people? Do we assume the signer is whoever commits the sig to the repo?

  4. laanwj added the label Build system on Jun 12, 2015
  5. laanwj commented at 7:50 AM on June 12, 2015: member

    Now that you've removed Gavin from the doc, does that mean that the key is held by multiple people? Do we assume the signer is whoever commits the sig to the repo?

    For privacy/security reasons we'd rather not elaborate on that. Still need to figure a way to do threshold signing, or multisig. so there is no central point of failure there.

  6. luke-jr commented at 12:14 AM on June 15, 2015: member

    How does this interact with other signers? Will a central key be available for use to sign releases outside bitcoin/bitcoin?

  7. laanwj commented at 7:42 AM on June 15, 2015: member

    @luke-jr This just changes how the signatures are distributed (and integrated)

  8. laanwj merged this on Jun 15, 2015
  9. laanwj closed this on Jun 15, 2015
  10. laanwj referenced this in commit d4565b6080 on Jun 15, 2015
  11. laanwj referenced this in commit 95aca44095 on Jun 15, 2015
  12. theuni commented at 5:50 PM on June 15, 2015: member

    Yes, this was just a change in how the signatures are fetched to make things easier for gitian builders. Now there's no need to look around on irc/mail for a link to a sig, the descriptor knows where to look and can use it as soon as it's been committed.

  13. MarcoFalke locked this on Sep 8, 2021
Contributors
theunifanquakelaanwjluke-jr
Labels
Build system
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-18 15:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me