diff --git a/contrib/gitian-build.py b/contrib/gitian-build.py --- a/contrib/gitian-build.py +++ b/contrib/gitian-build.py @@ -63,8 +63,6 @@ print('\nCompiling ' + args.version + ' Linux') subprocess.check_call(['bin/gbuild', '-j', args.jobs, '-m', args.memory, '--commit', 'bitcoin='+args.commit, '--url', 'bitcoin='+args.url, '../bitcoin-abc/contrib/gitian-descriptors/gitian-linux.yml']) - subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version + - '-linux', '--destination', '../gitian.sigs/', '../bitcoin-abc/contrib/gitian-descriptors/gitian-linux.yml']) os.makedirs('../' + base_output_dir + '/linux', exist_ok=True) subprocess.check_call( 'mv build/out/bitcoin-*.tar.gz ../' + base_output_dir + '/linux', shell=True) @@ -75,8 +73,6 @@ print('\nCompiling ' + args.version + ' Windows') subprocess.check_call(['bin/gbuild', '-j', args.jobs, '-m', args.memory, '--commit', 'bitcoin='+args.commit, '--url', 'bitcoin='+args.url, '../bitcoin-abc/contrib/gitian-descriptors/gitian-win.yml']) - subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version + - '-win-unsigned', '--destination', '../gitian.sigs/', '../bitcoin-abc/contrib/gitian-descriptors/gitian-win.yml']) os.makedirs('../' + base_output_dir + '/win', exist_ok=True) subprocess.check_call( 'mv build/out/bitcoin-*-win-unsigned.tar.gz inputs/', shell=True) @@ -89,8 +85,6 @@ print('\nCompiling ' + args.version + ' MacOS') subprocess.check_call(['bin/gbuild', '-j', args.jobs, '-m', args.memory, '--commit', 'bitcoin='+args.commit, '--url', 'bitcoin='+args.url, '../bitcoin-abc/contrib/gitian-descriptors/gitian-osx.yml']) - subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version + - '-osx-unsigned', '--destination', '../gitian.sigs/', '../bitcoin-abc/contrib/gitian-descriptors/gitian-osx.yml']) os.makedirs('../' + base_output_dir + '/osx', exist_ok=True) subprocess.check_call( 'mv build/out/bitcoin-*-osx-unsigned.tar.gz inputs/', shell=True) @@ -101,6 +95,28 @@ os.chdir(workdir) + +def sign_build(): + global args, workdir + os.chdir('gitian-builder') + + if args.linux: + print('\nSigning build ' + args.version + ' Linux') + subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version + + '-linux', '--destination', '../gitian.sigs/', '../bitcoin-abc/contrib/gitian-descriptors/gitian-linux.yml']) + + if args.windows: + print('\nSigning build ' + args.version + ' Windows') + subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version + + '-win-unsigned', '--destination', '../gitian.sigs/', '../bitcoin-abc/contrib/gitian-descriptors/gitian-win.yml']) + + if args.macos: + print('\nSigning build ' + args.version + ' MacOS') + subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version + + '-osx-unsigned', '--destination', '../gitian.sigs/', '../bitcoin-abc/contrib/gitian-descriptors/gitian-osx.yml']) + + os.chdir(workdir) + if args.commit_files: print('\nCommitting '+args.version+' Unsigned Sigs\n') os.chdir('gitian.sigs') @@ -184,7 +200,7 @@ global args, workdir num_cpus = multiprocessing.cpu_count() - parser = argparse.ArgumentParser(usage='%(prog)s [options] signer version') + parser = argparse.ArgumentParser(usage='%(prog)s [options] version') parser.add_argument('-c', '--commit', action='store_true', dest='commit', help='Indicate that the version argument is for a commit or branch') parser.add_argument('-p', '--pull', action='store_true', dest='pull', @@ -195,8 +211,12 @@ dest='verify', help='Verify the Gitian build') parser.add_argument('-b', '--build', action='store_true', dest='build', help='Do a Gitian build') - parser.add_argument('-s', '--sign-binaries', action='store_true', dest='sign_binaries', - help='Make signed binaries for Windows and MacOS') + parser.add_argument('-s', '--signer', dest='signer', + help='GPG signer to sign each build assert file') + parser.add_argument('-i', '--sign-build', action='store_true', dest='sign_build', + help='Sign the build assert file. Must also set --signer. Default is to not sign the build assert file.') + parser.add_argument('-I', '--sign-binaries', action='store_true', dest='sign_binaries', + help='Make signed binaries for Windows and MacOS. Must also set --signer') parser.add_argument('-o', '--os', dest='os', default='lwm', help='Specify which Operating Systems the build is for. Default is %(default)s. l for Linux, w for Windows, m for MacOS') parser.add_argument('-j', '--jobs', dest='jobs', default=str(num_cpus), @@ -214,8 +234,6 @@ parser.add_argument('-n', '--no-commit', action='store_false', dest='commit_files', help='Do not commit anything to git') parser.add_argument( - 'signer', help='GPG signer to sign each build assert file') - parser.add_argument( 'version', help='Version number, commit, or branch to build. If building a commit or branch, the -c option must be specified') args = parser.parse_args() @@ -249,11 +267,7 @@ args.macos = False script_name = os.path.basename(sys.argv[0]) - # Signer and version shouldn't be empty - if args.signer == '': - print(script_name+': Missing signer.') - print('Try '+script_name+' --help for more information') - exit(1) + # Version shouldn't be empty if args.version == '': print(script_name+': Missing version.') print('Try '+script_name+' --help for more information') @@ -285,6 +299,14 @@ if args.build: build() + if (args.sign_build or args.sign_binaries) and not args.signer: + print(script_name+': Missing signer.') + print('Try '+script_name+' --help for more information') + exit(1) + + if args.sign_build: + sign_build() + if args.sign_binaries: sign_binaries()