diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index 36bf4a9f0..704089aed 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -1,188 +1,188 @@ --- name: "bitcoin-abc-0.20-linux" enable_cache: true distro: "debian" suites: -- "stretch" +- "buster" architectures: - "amd64" multiarch: - "i386" packages: - "curl" - "gperf" - "g++-aarch64-linux-gnu" - "gcc-aarch64-linux-gnu" - "binutils-aarch64-linux-gnu" - "g++-arm-linux-gnueabihf" - "gcc-arm-linux-gnueabihf" - "binutils-arm-linux-gnueabihf" - "binutils-gold" - "build-essential" - "git" - "pkg-config" - "autoconf" - "libtool" - "automake" - "faketime" - "bsdmainutils" - "ca-certificates" - "python" -- "lib32stdc++-6-dev" +- "lib32stdc++-8-dev" - "libc6-dev:i386" remotes: - "url": "https://github.com/Bitcoin-ABC/bitcoin-abc.git" "dir": "bitcoin" files: [] script: | WRAP_DIR=$HOME/wrapped HOSTS="i686-pc-linux-gnu x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu" CONFIGFLAGS="--enable-glibc-back-compat --enable-reduce-exports --disable-bench --disable-gui-tests" FAKETIME_HOST_PROGS="" FAKETIME_PROGS="date ar ranlib nm" HOST_CFLAGS="-O2 -g" HOST_CXXFLAGS="-O2 -g" HOST_LDFLAGS=-static-libstdc++ export QT_RCC_TEST=1 export QT_RCC_SOURCE_DATE_OVERRIDE=1 export GZIP="-9n" export TAR_OPTIONS="--mtime="$REFERENCE_DATE\\\ $REFERENCE_TIME"" export TZ="UTC" export BUILD_DIR=`pwd` mkdir -p ${WRAP_DIR} if test -n "$GBUILD_CACHE_ENABLED"; then export SOURCES_PATH=${GBUILD_COMMON_CACHE} export BASE_CACHE=${GBUILD_PACKAGE_CACHE} mkdir -p ${BASE_CACHE} ${SOURCES_PATH} fi function create_global_faketime_wrappers { for prog in ${FAKETIME_PROGS}; do echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog} echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog} echo 'export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${prog} echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${prog} echo "\$REAL \$@" >> $WRAP_DIR/${prog} chmod +x ${WRAP_DIR}/${prog} done } function create_per-host_faketime_wrappers { for i in $HOSTS; do for prog in ${FAKETIME_HOST_PROGS}; do echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${i}-${prog} echo "REAL=\`which -a ${i}-${prog} | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog} echo 'export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${i}-${prog} echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${i}-${prog} echo "\$REAL \$@" >> $WRAP_DIR/${i}-${prog} chmod +x ${WRAP_DIR}/${i}-${prog} done done } # Faketime for depends so intermediate results are comparable export PATH_orig=${PATH} create_global_faketime_wrappers "2000-01-01 12:00:00" create_per-host_faketime_wrappers "2000-01-01 12:00:00" export PATH=${WRAP_DIR}:${PATH} EXTRA_INCLUDES_BASE=$WRAP_DIR/extra_includes mkdir -p $EXTRA_INCLUDES_BASE # x86 needs /usr/include/i386-linux-gnu/asm pointed to /usr/include/x86_64-linux-gnu/asm, # but we can't write there. Instead, create a link here and force it to be included in the # search paths by wrapping gcc/g++. mkdir -p $EXTRA_INCLUDES_BASE/i686-pc-linux-gnu rm -f $WRAP_DIR/extra_includes/i686-pc-linux-gnu/asm ln -s /usr/include/x86_64-linux-gnu/asm $EXTRA_INCLUDES_BASE/i686-pc-linux-gnu/asm for prog in gcc g++; do rm -f ${WRAP_DIR}/${prog} cat << EOF > ${WRAP_DIR}/${prog} #!/usr/bin/env bash REAL="`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1`" for var in "\$@" do if [ "\$var" = "-m32" ]; then export C_INCLUDE_PATH="$EXTRA_INCLUDES_BASE/i686-pc-linux-gnu" export CPLUS_INCLUDE_PATH="$EXTRA_INCLUDES_BASE/i686-pc-linux-gnu" break fi done \$REAL \$@ EOF chmod +x ${WRAP_DIR}/${prog} done cd bitcoin BASEPREFIX=`pwd`/depends # Build dependencies for each host for i in $HOSTS; do EXTRA_INCLUDES="$EXTRA_INCLUDES_BASE/$i" if [ -d "$EXTRA_INCLUDES" ]; then export HOST_ID_SALT="$EXTRA_INCLUDES" fi make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}" unset HOST_ID_SALT done # Faketime for binaries export PATH=${PATH_orig} create_global_faketime_wrappers "${REFERENCE_DATETIME}" create_per-host_faketime_wrappers "${REFERENCE_DATETIME}" export PATH=${WRAP_DIR}:${PATH} # Create the release tarball using (arbitrarily) the first host ./autogen.sh CONFIG_SITE=${BASEPREFIX}/`echo "${HOSTS}" | awk '{print $1;}'`/share/config.site ./configure --prefix=/ make dist SOURCEDIST=`echo bitcoin-abc-*.tar.gz` DISTNAME=`echo ${SOURCEDIST} | sed 's/.tar.*//'` # Correct tar file order mkdir -p temp pushd temp tar xf ../$SOURCEDIST find bitcoin-abc-* | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ../$SOURCEDIST popd ORIGPATH="$PATH" # Extract the release tarball into a dir for each host and build for i in ${HOSTS}; do export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH} mkdir -p distsrc-${i} cd distsrc-${i} INSTALLPATH=`pwd`/installed/${DISTNAME} mkdir -p ${INSTALLPATH} tar --strip-components=1 -xf ../$SOURCEDIST CONFIG_SITE=${BASEPREFIX}/${i}/share/config.site ./configure --prefix=/ --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} CFLAGS="${HOST_CFLAGS}" CXXFLAGS="${HOST_CXXFLAGS}" LDFLAGS="${HOST_LDFLAGS}" make ${MAKEOPTS} make ${MAKEOPTS} -C src check-security #TODO: This is a quick hack that disables symbol checking for arm. # Instead, we should investigate why these are popping up. # For aarch64, we'll need to bump up the min GLIBC version, as the abi # support wasn't introduced until 2.17. case $i in aarch64-*) : ;; arm-*) : ;; *) make ${MAKEOPTS} -C src check-symbols ;; esac make install DESTDIR=${INSTALLPATH} cd installed find . -name "lib*.la" -delete find . -name "lib*.a" -delete rm -rf ${DISTNAME}/lib/pkgconfig find ${DISTNAME}/bin -type f -executable -exec ../contrib/devtools/split-debug.sh {} {} {}.dbg \; find ${DISTNAME}/lib -type f -exec ../contrib/devtools/split-debug.sh {} {} {}.dbg \; find ${DISTNAME} -not -name "*.dbg" | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}.tar.gz find ${DISTNAME} -name "*.dbg" | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}-debug.tar.gz cd ../../ rm -rf distsrc-${i} done mkdir -p $OUTDIR/src mv $SOURCEDIST $OUTDIR/src diff --git a/contrib/gitian-descriptors/gitian-osx-signer.yml b/contrib/gitian-descriptors/gitian-osx-signer.yml index 57c423bbb..b744d407f 100644 --- a/contrib/gitian-descriptors/gitian-osx-signer.yml +++ b/contrib/gitian-descriptors/gitian-osx-signer.yml @@ -1,38 +1,38 @@ --- name: "bitcoin-dmg-signer" distro: "debian" suites: -- "stretch" +- "buster" architectures: - "amd64" packages: - "faketime" remotes: - "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git" "dir": "signature" files: - "bitcoin-osx-unsigned.tar.gz" script: | WRAP_DIR=$HOME/wrapped mkdir -p ${WRAP_DIR} export PATH=`pwd`:$PATH FAKETIME_PROGS="dmg genisoimage" # Create global faketime wrappers for prog in ${FAKETIME_PROGS}; do echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog} echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog} echo 'export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${prog} echo "export FAKETIME=\"${REFERENCE_DATETIME}\"" >> ${WRAP_DIR}/${prog} echo "\$REAL \$@" >> $WRAP_DIR/${prog} chmod +x ${WRAP_DIR}/${prog} done UNSIGNED=bitcoin-osx-unsigned.tar.gz SIGNED=bitcoin-osx-signed.dmg tar -xf ${UNSIGNED} OSX_VOLNAME="$(cat osx_volname)" ./detached-sig-apply.sh ${UNSIGNED} signature/osx ${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "${OSX_VOLNAME}" -no-pad -r -dir-mode 0755 -apple -o uncompressed.dmg signed-app ${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED} diff --git a/contrib/gitian-descriptors/gitian-osx.yml b/contrib/gitian-descriptors/gitian-osx.yml index 998ed3999..4c5a2cf7f 100644 --- a/contrib/gitian-descriptors/gitian-osx.yml +++ b/contrib/gitian-descriptors/gitian-osx.yml @@ -1,161 +1,162 @@ --- name: "bitcoin-abc-0.20-osx" enable_cache: true distro: "debian" suites: -- "stretch" +- "buster" architectures: - "amd64" packages: - "ca-certificates" - "curl" - "g++" - "git" - "pkg-config" - "autoconf" - "librsvg2-bin" - "libtiff-tools" - "libtool" - "automake" - "faketime" - "bsdmainutils" - "cmake" - "ninja-build" - "imagemagick" - "libcap-dev" - "libz-dev" - "libbz2-dev" +- "libtinfo5" - "python" - "python-dev" - "python-setuptools" - "fonts-tuffy" remotes: - "url": "https://github.com/Bitcoin-ABC/bitcoin-abc.git" "dir": "bitcoin" files: - "MacOSX10.11.sdk.tar.gz" script: | WRAP_DIR=$HOME/wrapped HOSTS="x86_64-apple-darwin14" CONFIGFLAGS="--enable-reduce-exports --disable-bench --disable-gui-tests GENISOIMAGE=$WRAP_DIR/genisoimage" FAKETIME_HOST_PROGS="" FAKETIME_PROGS="ar ranlib date dmg genisoimage" export QT_RCC_TEST=1 export QT_RCC_SOURCE_DATE_OVERRIDE=1 export GZIP="-9n" export TAR_OPTIONS="--mtime="$REFERENCE_DATE\\\ $REFERENCE_TIME"" export TZ="UTC" export BUILD_DIR=`pwd` mkdir -p ${WRAP_DIR} if test -n "$GBUILD_CACHE_ENABLED"; then export SOURCES_PATH=${GBUILD_COMMON_CACHE} export BASE_CACHE=${GBUILD_PACKAGE_CACHE} mkdir -p ${BASE_CACHE} ${SOURCES_PATH} fi export ZERO_AR_DATE=1 function create_global_faketime_wrappers { for prog in ${FAKETIME_PROGS}; do echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog} echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog} echo 'export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${prog} echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${prog} echo "\$REAL \$@" >> $WRAP_DIR/${prog} chmod +x ${WRAP_DIR}/${prog} done } function create_per-host_faketime_wrappers { for i in $HOSTS; do for prog in ${FAKETIME_HOST_PROGS}; do echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${i}-${prog} echo "REAL=\`which -a ${i}-${prog} | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog} echo 'export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${i}-${prog} echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${i}-${prog} echo "\$REAL \$@" >> $WRAP_DIR/${i}-${prog} chmod +x ${WRAP_DIR}/${i}-${prog} done done } # Faketime for depends so intermediate results are comparable export PATH_orig=${PATH} create_global_faketime_wrappers "2000-01-01 12:00:00" create_per-host_faketime_wrappers "2000-01-01 12:00:00" export PATH=${WRAP_DIR}:${PATH} cd bitcoin BASEPREFIX=`pwd`/depends mkdir -p ${BASEPREFIX}/SDKs tar -C ${BASEPREFIX}/SDKs -xf ${BUILD_DIR}/MacOSX10.11.sdk.tar.gz # Build dependencies for each host for i in $HOSTS; do make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}" done # Faketime for binaries export PATH=${PATH_orig} create_global_faketime_wrappers "${REFERENCE_DATETIME}" create_per-host_faketime_wrappers "${REFERENCE_DATETIME}" export PATH=${WRAP_DIR}:${PATH} # Create the release tarball using (arbitrarily) the first host ./autogen.sh CONFIG_SITE=${BASEPREFIX}/`echo "${HOSTS}" | awk '{print $1;}'`/share/config.site ./configure --prefix=/ make dist SOURCEDIST=`echo bitcoin-abc-*.tar.gz` DISTNAME=`echo ${SOURCEDIST} | sed 's/.tar.*//'` # Correct tar file order mkdir -p temp pushd temp tar xf ../$SOURCEDIST find bitcoin-abc-* | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ../$SOURCEDIST popd ORIGPATH="$PATH" # Extract the release tarball into a dir for each host and build for i in ${HOSTS}; do export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH} mkdir -p distsrc-${i} cd distsrc-${i} INSTALLPATH=`pwd`/installed/${DISTNAME} mkdir -p ${INSTALLPATH} tar --strip-components=1 -xf ../$SOURCEDIST CONFIG_SITE=${BASEPREFIX}/${i}/share/config.site ./configure --prefix=/ --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} make ${MAKEOPTS} make install-strip DESTDIR=${INSTALLPATH} make osx_volname make deploydir OSX_VOLNAME="$(cat osx_volname)" mkdir -p unsigned-app-${i} cp osx_volname unsigned-app-${i}/ cp contrib/macdeploy/detached-sig-apply.sh unsigned-app-${i} cp contrib/macdeploy/detached-sig-create.sh unsigned-app-${i} cp ${BASEPREFIX}/${i}/native/bin/dmg ${BASEPREFIX}/${i}/native/bin/genisoimage unsigned-app-${i} cp ${BASEPREFIX}/${i}/native/bin/${i}-codesign_allocate unsigned-app-${i}/codesign_allocate cp ${BASEPREFIX}/${i}/native/bin/${i}-pagestuff unsigned-app-${i}/pagestuff mv dist unsigned-app-${i} pushd unsigned-app-${i} find . | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz popd make deploy ${WRAP_DIR}/dmg dmg "${OSX_VOLNAME}.dmg" ${OUTDIR}/${DISTNAME}-osx-unsigned.dmg cd installed find . -name "lib*.la" -delete find . -name "lib*.a" -delete rm -rf ${DISTNAME}/lib/pkgconfig find ${DISTNAME} | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}.tar.gz cd ../../ done mkdir -p $OUTDIR/src mv $SOURCEDIST $OUTDIR/src mv ${OUTDIR}/${DISTNAME}-x86_64-*.tar.gz ${OUTDIR}/${DISTNAME}-osx64.tar.gz diff --git a/contrib/gitian-descriptors/gitian-win-signer.yml b/contrib/gitian-descriptors/gitian-win-signer.yml index afdb13c49..a7db806b5 100644 --- a/contrib/gitian-descriptors/gitian-win-signer.yml +++ b/contrib/gitian-descriptors/gitian-win-signer.yml @@ -1,39 +1,39 @@ --- name: "bitcoin-win-signer" distro: "debian" suites: -- "stretch" +- "buster" architectures: - "amd64" packages: - "libssl-dev" - "autoconf" remotes: - "url": "https://github.com/bitcoin-core/bitcoin-detached-sigs.git" "dir": "signature" files: - "osslsigncode-1.7.1.tar.gz" - "osslsigncode-Backports-to-1.7.1.patch" - "bitcoin-win-unsigned.tar.gz" script: | BUILD_DIR=`pwd` SIGDIR=${BUILD_DIR}/signature/win UNSIGNED_DIR=${BUILD_DIR}/unsigned echo "f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 osslsigncode-1.7.1.tar.gz" | sha256sum -c echo "a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 osslsigncode-Backports-to-1.7.1.patch" | sha256sum -c mkdir -p ${UNSIGNED_DIR} tar -C ${UNSIGNED_DIR} -xf bitcoin-win-unsigned.tar.gz tar xf osslsigncode-1.7.1.tar.gz cd osslsigncode-1.7.1 patch -p1 < ${BUILD_DIR}/osslsigncode-Backports-to-1.7.1.patch ./configure --without-gsf --without-curl --disable-dependency-tracking make find ${UNSIGNED_DIR} -name "*-unsigned.exe" | while read i; do INFILE="`basename "${i}"`" OUTFILE="`echo "${INFILE}" | sed s/-unsigned//`" ./osslsigncode attach-signature -in "${i}" -out "${OUTDIR}/${OUTFILE}" -sigin "${SIGDIR}/${INFILE}.pem" done diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index 4156c4d92..0ea6fd37b 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -1,171 +1,171 @@ --- name: "bitcoin-abc-0.20-win" enable_cache: true distro: "debian" suites: -- "stretch" +- "buster" architectures: - "amd64" packages: - "curl" - "g++" - "git" - "pkg-config" - "autoconf" - "libtool" - "automake" - "faketime" - "bsdmainutils" - "mingw-w64" - "g++-mingw-w64" - "nsis" - "zip" - "ca-certificates" - "python" - "rename" remotes: - "url": "https://github.com/Bitcoin-ABC/bitcoin-abc.git" "dir": "bitcoin" files: [] script: | WRAP_DIR=$HOME/wrapped HOSTS="i686-w64-mingw32 x86_64-w64-mingw32" CONFIGFLAGS="--enable-reduce-exports --disable-bench --disable-gui-tests --without-seeder" FAKETIME_HOST_PROGS="ar ranlib nm windres strip objcopy" FAKETIME_PROGS="date makensis zip" HOST_CFLAGS="-O2 -g" HOST_CXXFLAGS="-O2 -g" export QT_RCC_TEST=1 export QT_RCC_SOURCE_DATE_OVERRIDE=1 export GZIP="-9n" export TAR_OPTIONS="--mtime="$REFERENCE_DATE\\\ $REFERENCE_TIME"" export TZ="UTC" export BUILD_DIR=`pwd` mkdir -p ${WRAP_DIR} if test -n "$GBUILD_CACHE_ENABLED"; then export SOURCES_PATH=${GBUILD_COMMON_CACHE} export BASE_CACHE=${GBUILD_PACKAGE_CACHE} mkdir -p ${BASE_CACHE} ${SOURCES_PATH} fi function create_global_faketime_wrappers { for prog in ${FAKETIME_PROGS}; do echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${prog} echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog} echo 'export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${prog} echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${prog} echo "\$REAL \$@" >> $WRAP_DIR/${prog} chmod +x ${WRAP_DIR}/${prog} done } function create_per-host_faketime_wrappers { for i in $HOSTS; do for prog in ${FAKETIME_HOST_PROGS}; do echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${i}-${prog} echo "REAL=\`which -a ${i}-${prog} | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog} echo 'export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${i}-${prog} echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${i}-${prog} echo "\$REAL \$@" >> $WRAP_DIR/${i}-${prog} chmod +x ${WRAP_DIR}/${i}-${prog} done done } function create_per-host_linker_wrapper { # This is only needed for trusty, as the mingw linker leaks a few bytes of # heap, causing non-determinism. See discussion in https://github.com/bitcoin/bitcoin/pull/6900 for i in $HOSTS; do mkdir -p ${WRAP_DIR}/${i} for prog in collect2; do echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${i}/${prog} REAL=$(${i}-gcc -print-prog-name=${prog}) echo "export MALLOC_PERTURB_=255" >> ${WRAP_DIR}/${i}/${prog} echo "${REAL} \$@" >> $WRAP_DIR/${i}/${prog} chmod +x ${WRAP_DIR}/${i}/${prog} done for prog in gcc g++; do echo '#!/usr/bin/env bash' > ${WRAP_DIR}/${i}-${prog} echo "REAL=\`which -a ${i}-${prog}-posix | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog} echo 'export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${i}-${prog} echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${i}-${prog} echo "export COMPILER_PATH=${WRAP_DIR}/${i}" >> ${WRAP_DIR}/${i}-${prog} echo "\$REAL \$@" >> $WRAP_DIR/${i}-${prog} chmod +x ${WRAP_DIR}/${i}-${prog} done done } # Faketime for depends so intermediate results are comparable export PATH_orig=${PATH} create_global_faketime_wrappers "2000-01-01 12:00:00" create_per-host_faketime_wrappers "2000-01-01 12:00:00" create_per-host_linker_wrapper "2000-01-01 12:00:00" export PATH=${WRAP_DIR}:${PATH} cd bitcoin BASEPREFIX=`pwd`/depends # Build dependencies for each host for i in $HOSTS; do make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}" done # Faketime for binaries export PATH=${PATH_orig} create_global_faketime_wrappers "${REFERENCE_DATETIME}" create_per-host_faketime_wrappers "${REFERENCE_DATETIME}" create_per-host_linker_wrapper "${REFERENCE_DATETIME}" export PATH=${WRAP_DIR}:${PATH} # Create the release tarball using (arbitrarily) the first host ./autogen.sh CONFIG_SITE=${BASEPREFIX}/`echo "${HOSTS}" | awk '{print $1;}'`/share/config.site ./configure --prefix=/ make dist SOURCEDIST=`echo bitcoin-abc-*.tar.gz` DISTNAME=`echo ${SOURCEDIST} | sed 's/.tar.*//'` # Correct tar file order mkdir -p temp pushd temp tar xf ../$SOURCEDIST find bitcoin-abc-* | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ../$SOURCEDIST mkdir -p $OUTDIR/src cp ../$SOURCEDIST $OUTDIR/src popd ORIGPATH="$PATH" # Extract the release tarball into a dir for each host and build for i in ${HOSTS}; do export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH} mkdir -p distsrc-${i} cd distsrc-${i} INSTALLPATH=`pwd`/installed/${DISTNAME} mkdir -p ${INSTALLPATH} tar --strip-components=1 -xf ../$SOURCEDIST CONFIG_SITE=${BASEPREFIX}/${i}/share/config.site ./configure --prefix=/ --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} CFLAGS="${HOST_CFLAGS}" CXXFLAGS="${HOST_CXXFLAGS}" make ${MAKEOPTS} make ${MAKEOPTS} -C src check-security make deploy make install DESTDIR=${INSTALLPATH} cp -f bitcoin-abc-*setup*.exe $OUTDIR/ cd installed mv ${DISTNAME}/bin/*.dll ${DISTNAME}/lib/ find . -name "lib*.la" -delete find . -name "lib*.a" -delete rm -rf ${DISTNAME}/lib/pkgconfig find ${DISTNAME}/bin -type f -executable -exec ${i}-objcopy --only-keep-debug {} {}.dbg \; -exec ${i}-strip -s {} \; -exec ${i}-objcopy --add-gnu-debuglink={}.dbg {} \; find ${DISTNAME}/lib -type f -exec ${i}-objcopy --only-keep-debug {} {}.dbg \; -exec ${i}-strip -s {} \; -exec ${i}-objcopy --add-gnu-debuglink={}.dbg {} \; find ${DISTNAME} -not -name "*.dbg" -type f | sort | zip -X@ ${OUTDIR}/${DISTNAME}-${i}.zip find ${DISTNAME} -name "*.dbg" -type f | sort | zip -X@ ${OUTDIR}/${DISTNAME}-${i}-debug.zip cd ../../ rm -rf distsrc-${i} done cd $OUTDIR rename 's/-setup\.exe$/-setup-unsigned.exe/' *-setup.exe find . -name "*-setup-unsigned.exe" | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-win-unsigned.tar.gz mv ${OUTDIR}/${DISTNAME}-x86_64-*-debug.zip ${OUTDIR}/${DISTNAME}-win64-debug.zip mv ${OUTDIR}/${DISTNAME}-i686-*-debug.zip ${OUTDIR}/${DISTNAME}-win32-debug.zip mv ${OUTDIR}/${DISTNAME}-x86_64-*.zip ${OUTDIR}/${DISTNAME}-win64.zip mv ${OUTDIR}/${DISTNAME}-i686-*.zip ${OUTDIR}/${DISTNAME}-win32.zip diff --git a/doc/gitian-building/gitian-building-create-vm-debian.md b/doc/gitian-building/gitian-building-create-vm-debian.md index 51435bd76..c4e1a0712 100644 --- a/doc/gitian-building/gitian-building-create-vm-debian.md +++ b/doc/gitian-building/gitian-building-create-vm-debian.md @@ -1,225 +1,225 @@ # Setup Debian virtual machine on VirtualBox Table of Contents ----------------- - [Create a new VirtualBox VM](#create-a-new-virtualbox-vm) - [Connecting to the VM](#connecting-to-the-vm) Create a new VirtualBox VM -------------------------- In the VirtualBox GUI click "New" and choose the following parameters in the wizard: ![](figs/create_new_vm_debian.png) - Type: Linux, Debian (64-bit) ![](figs/create_vm_memsize.png) - Memory Size: at least 3000MB, anything less and the build might not complete. ![](figs/create_vm_hard_disk.png) - Hard Disk: Create a virtual hard disk now ![](figs/create_vm_hard_disk_file_type.png) - Hard Disk file type: Use the default, VDI (VirtualBox Disk Image) ![](figs/create_vm_storage_physical_hard_disk.png) - Storage on physical hard disk: Dynamically Allocated ![](figs/create_vm_file_location_size.png) - File location and size: at least 40GB - Click `Create` After creating the VM, we need to configure it. - Click the `Settings` button, then go to `System` tab and `Processor` sub-tab. Increase the number of processors to the number of cores on your machine if you want builds to be faster. ![](figs/system_settings.png) - Go to the `Network` tab. Adapter 1 should be attached to `NAT`. ![](figs/network_settings.png) - Click `Advanced`, then `Port Forwarding`. We want to set up a port through which we can reach the VM to get files in and out. - Create a new rule by clicking the plus icon. ![](figs/port_forwarding_rules.png) - Set up the new rule the following way: - Name: `SSH` - Protocol: `TCP` - Leave Host IP empty - Host Port: `22222` - Leave Guest IP empty - Guest Port: `22` - Click `Ok` twice to save. -Get the [Debian 9.x net installer](https://cdimage.debian.org/debian-cd/9.8.0/amd64/iso-cd/debian-9.8.0-amd64-netinst.iso) (a more recent minor version should also work, see also [Debian Network installation](https://www.debian.org/CD/netinst/)). +Get the [Debian 10.x net installer](https://cdimage.debian.org/debian-cd/10.1.0/amd64/iso-cd/debian-10.1.0-amd64-netinst.iso) (a more recent minor version should also work, see also [Debian Network installation](https://www.debian.org/CD/netinst/)). This DVD image can be [validated](https://www.debian.org/CD/verify) using a SHA256 hashing tool, for example on Unixy OSes by entering the following in a terminal: ```bash -echo "73bd56fb4548efa384bf32fd25808b99198f81c23cf19ab9e6507d898cd58dce debian-9.8.0-amd64-netinst.iso" | sha256sum -c +echo "7915fdb77a0c2623b4481fc5f0a8052330defe1cde1e0834ff233818dc6f301e debian-10.1.0-amd64-netinst.iso" | sha256sum -c # (must return OK) ``` Replace `sha256sum` with `shasum` on macOS. Then start the VM. On the first launch you will be asked for a CD or DVD image. Choose the downloaded ISO. ![](figs/select_startup_disk_debian.png) Installing Debian ----------------- This section will explain how to install Debian on the newly created VM. - Choose the non-graphical installer. We do not need the graphical environment; it will only increase installation time and disk usage. ![](figs/debian_install_1_boot_menu.png) **Note**: Navigating in the Debian installer: To keep a setting at the default and proceed, just press `Enter`. To select a different button, press `Tab`. - Choose locale and keyboard settings (doesn't matter, you can just go with the defaults or select your own information) ![](figs/debian_install_2_select_a_language.png) ![](figs/debian_install_3_select_location.png) ![](figs/debian_install_4_configure_keyboard.png) - The VM will detect network settings using DHCP, this should all proceed automatically - Configure the network: - Hostname `debian`. - Leave domain name empty. ![](figs/debian_install_5_configure_the_network.png) ![](figs/debian_install_6_domain_name.png) - You can leave the root password empty. Otherwise, enter it twice and remember it for later. ![](figs/debian_install_6a_set_up_root_password.png) - Name the new user `gitianuser` (the full name doesn't matter, you can leave it empty) - Set the account username as `gitianuser` ![](figs/debian_install_7_set_up_user_fullname.png) ![](figs/debian_install_8_set_up_username.png) - Choose a user password and enter it twice (remember it for later) ![](figs/debian_install_9_user_password.png) - The installer will set up the clock using a time server; this process should be automatic - Set up the clock: choose a time zone (depends on the locale settings that you picked earlier; specifics don't matter) ![](figs/debian_install_10_configure_clock.png) - Disk setup - Partitioning method: Guided - Use the entire disk ![](figs/debian_install_11_partition_disks.png) - Select disk to partition: SCSI1 (0,0,0) ![](figs/debian_install_12_choose_disk.png) - Partition Disks -> *All files in one partition* ![](figs/all_files_in_one_partition.png) - Finish partitioning and write changes to disk -> *Yes* (`Tab`, `Enter` to select the `Yes` button) ![](figs/debian_install_14_finish.png) ![](figs/debian_install_15_write_changes.png) - The base system will be installed, this will take a minute or so - Scan another CD or DVD? -> *No* - Choose a mirror (any will do) ![](figs/debian_install_16_choose_a_mirror.png) - Enter proxy information (unless you are on an intranet, leave this empty) ![](figs/debian_install_18_proxy_settings.png) - Wait a bit while 'Select and install software' runs - Participate in popularity contest -> *No* - Choose software to install. We need just the base system. (`Tab` to highlight options, `Space` to select them) - Make sure only 'SSH server' and 'Standard System Utilities' are checked - Uncheck 'Debian Desktop Environment' and 'Print Server' ![](figs/debian_install_19_software_selection.png) - Install the GRUB boot loader to the master boot record? -> Yes ![](figs/debian_install_20_install_grub.png) - Device for boot loader installation -> ata-VBOX_HARDDISK ![](figs/debian_install_21_install_grub_bootloader.png) - Installation Complete -> *Continue* - After installation, the VM will reboot and you will have a working Debian VM. Congratulations! ![](figs/debian_install_22_finish_installation.png) Connecting to the VM -------------------- After the VM has booted you can connect to it using SSH, and files can be copied from and to the VM using a SFTP utility. Connect to `localhost`, port `22222` (or the port configured when installing the VM). On Windows you can use [putty](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) and [WinSCP](http://winscp.net/eng/index.php). For example, to connect as `gitianuser` from a Linux command prompt use $ ssh gitianuser@localhost -p 22222 The authenticity of host '[localhost]:22222 ([127.0.0.1]:22222)' can't be established. RSA key fingerprint is ae:f5:c8:9f:17:c6:c7:1b:c2:1b:12:31:1d:bb:d0:c7. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:22222' (RSA) to the list of known hosts. gitianuser@localhost's password: (enter gitianuser password configured during install) The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. gitianuser@debian:~$ Use `sudo` to execute commands as root. Optional - Easier login to the VM --------------------------------- You'll need to generate an SSH key, e.g. by following the instructions under "Generating a new SSH key" [here](https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). After that, login to the VM and enter: ```bash mkdir .ssh ``` On your machine edit or create `~/.ssh/config` and add: ```bash Host gitian HostName localhost Port 22222 User gitianuser ``` Open a new terminal tab and enter: ```bash scp ~/.ssh/id_rsa.pub gitian:.ssh/authorized_keys ``` Next time you need to login to the VM, just use: `ssh gitian` diff --git a/doc/gitian-building/gitian-building-manual.md b/doc/gitian-building/gitian-building-manual.md index af501434a..b683f5d0f 100644 --- a/doc/gitian-building/gitian-building-manual.md +++ b/doc/gitian-building/gitian-building-manual.md @@ -1,116 +1,116 @@ Getting and building the inputs ------------------------------- At this point you have two options, you can either use the automated script (found in [https://github.com/Bitcoin-ABC/bitcoin-abc/blob/master/contrib/gitian-build.py](https://github.com/Bitcoin-ABC/bitcoin-abc/blob/master/contrib/gitian-build.py), only works in Debian/Ubuntu) or you could manually do everything by following this guide. If you are using the automated script, then run it with the `--setup` command. Afterwards, run it with the `--build` command (example: `contrib/gitian-build.py -b signer 0.15.0`). Otherwise ignore this. Follow the instructions in [https://github.com/bitcoin/bitcoin/blob/master/doc/release-process.md](https://github.com/bitcoin/bitcoin/blob/master/doc/release-process.md#fetch-and-create-inputs-first-time-or-when-dependency-versions-change) in the bitcoin repository under 'Fetch and create inputs' to install sources which require manual intervention. Also optionally follow the next step: 'Seed the Gitian sources cache and offline git repositories' which will fetch the remaining files required for building offline. Building Bitcoin ABC -------------------- To build Bitcoin ABC (for Linux, OS X and Windows) just follow the steps under 'perform Gitian builds' in [https://github.com/bitcoin/bitcoin/blob/master/doc/release-process.md](https://github.com/bitcoin/bitcoin/blob/master/doc/release-process.md#setup-and-perform-gitian-builds) in the bitcoin repository. This may take some time as it will build all the dependencies needed for each descriptor. These dependencies will be cached after a successful build to avoid rebuilding them when possible. At any time you can check the package installation and build progress with ```bash tail -f var/install.log tail -f var/build.log ``` Output from `gbuild` will look something like Initialized empty Git repository in /home/gitianuser/gitian-builder/inputs/bitcoin/.git/ remote: Counting objects: 57959, done. remote: Total 57959 (delta 0), reused 0 (delta 0), pack-reused 57958 Receiving objects: 100% (57959/57959), 53.76 MiB | 484.00 KiB/s, done. Resolving deltas: 100% (41590/41590), done. From https://github.com/Bitcoin-ABC/bitcoin-abc.git ... (new tags, new branch etc) --- Building for trusty amd64 --- Stopping target if it is up Making a new image copy stdin: is not a tty Starting target Checking if target is up Preparing build environment Updating apt-get repository (log in var/install.log) Installing additional packages (log in var/install.log) Grabbing package manifest stdin: is not a tty Creating build script (var/build-script) lxc-start: Connection refused - inotify event with no name (mask 32768) Running build script (log in var/build.log) Building an alternative repository ---------------------------------- If you want to do a test build of a pull on GitHub it can be useful to point the Gitian builder at an alternative repository, using the same descriptors and inputs. For example: ```bash URL=https://github.com/Bitcoin-ABC/bitcoin-abc.git COMMIT=v0.18.5 ./bin/gbuild --commit bitcoin=${COMMIT} --url bitcoin=${URL} ../bitcoin-abc/contrib/gitian-descriptors/gitian-linux.yml ./bin/gbuild --commit bitcoin=${COMMIT} --url bitcoin=${URL} ../bitcoin-abc/contrib/gitian-descriptors/gitian-win.yml ./bin/gbuild --commit bitcoin=${COMMIT} --url bitcoin=${URL} ../bitcoin-abc/contrib/gitian-descriptors/gitian-osx.yml ``` Building fully offline ---------------------- For building fully offline including attaching signatures to unsigned builds, the detached-sigs repository and the bitcoin git repository with the desired tag must both be available locally, and then gbuild must be told where to find them. It also requires an apt-cacher-ng which is fully-populated but set to offline mode, or manually disabling gitian-builder's use of apt-get to update the VM build environment. To configure apt-cacher-ng as an offline cacher, you will need to first populate its cache with the relevant files. You must additionally patch target-bin/bootstrap-fixup to set its apt sources to something other than plain archive.ubuntu.com: us.archive.ubuntu.com works. So, if you use LXC: ```bash export PATH="$PATH":${HOME}/gitian-builder/libexec export USE_LXC=1 cd ~/gitian-builder -./libexec/make-clean-vm --suite stretch --arch amd64 +./libexec/make-clean-vm --suite buster --arch amd64 -LXC_ARCH=amd64 LXC_SUITE=stretch on-target -u root dpkg --add-architecture i386 -LXC_ARCH=amd64 LXC_SUITE=stretch on-target -u root apt-get update -LXC_ARCH=amd64 LXC_SUITE=stretch on-target -u root \ +LXC_ARCH=amd64 LXC_SUITE=buster on-target -u root dpkg --add-architecture i386 +LXC_ARCH=amd64 LXC_SUITE=buster on-target -u root apt-get update +LXC_ARCH=amd64 LXC_SUITE=buster on-target -u root \ -e DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -y install \ $( sed -ne '/^packages:/,/^[^-]/ {/^- .*/{s/"//g;s/- //;p}}' ../bitcoin-abc/contrib/gitian-descriptors/*|sort|uniq ) -LXC_ARCH=amd64 LXC_SUITE=stretch on-target -u root apt-get -q -y purge grub -LXC_ARCH=amd64 LXC_SUITE=stretch on-target -u root -e DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade +LXC_ARCH=amd64 LXC_SUITE=buster on-target -u root apt-get -q -y purge grub +LXC_ARCH=amd64 LXC_SUITE=buster on-target -u root -e DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade ``` And then set offline mode for apt-cacher-ng: ``` /etc/apt-cacher-ng/acng.conf [...] Offlinemode: 1 [...] sudo service apt-cacher-ng restart ``` Then when building, override the remote URLs that gbuild would otherwise pull from the Gitian descriptors:: ```bash cd ~ -BTCPATH=${HOME}/bitcoin-abc -COMMIT= +export URL=${HOME}/bitcoin-abc +export COMMIT= -./bin/gbuild --commit bitcoin=${COMMIT} --url bitcoin=${BTCPATH} ${BTCPATH}/contrib/gitian-descriptors/gitian-win-signer.yml +./bin/gbuild --commit bitcoin=${COMMIT} --url bitcoin=${URL} ${URL}/contrib/gitian-descriptors/gitian-win.yml ``` diff --git a/doc/gitian-building/gitian-building-setup-gitian-debian.md b/doc/gitian-building/gitian-building-setup-gitian-debian.md index f5e112cd9..54cc34982 100644 --- a/doc/gitian-building/gitian-building-setup-gitian-debian.md +++ b/doc/gitian-building/gitian-building-setup-gitian-debian.md @@ -1,122 +1,121 @@ Table of Contents ----------------- - [Setting up Debian for Gitian building](#setting-up-debian-for-gitian-building) - [Installing Gitian](#installing-gitian) - [Setting up the Gitian image](#setting-up-the-gitian-image) Setting up Debian for Gitian building ------------------------------------- In this section we will be setting up the Debian installation for Gitian building. We assume that a user `gitianuser` was previously added. First we need to set up dependencies. Type/paste the following in the terminal: ```bash sudo apt-get install git ruby apt-cacher-ng qemu-utils debootstrap lxc python-cheetah parted kpartx bridge-utils make ubuntu-archive-keyring curl firewalld apparmor iptables ``` Find the device name of your network card. You can list your connections with ```bash ip address ``` Examples: `eth0`, `eno1`, ... Save it to the NET_DEV variable: ```bash sudo -s NET_DEV= ``` Then set up LXC and the rest with the following, which is a complex jumble of settings and workarounds: ```bash # the version of lxc-start in Debian needs to run as root, so make sure # that the build script can execute it without providing a password echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-execute" >> /etc/sudoers.d/gitian-lxc # make /etc/rc.local script that sets up bridge between guest and host echo '#!/bin/sh -e' > /etc/rc.local echo 'brctl addbr br0' >> /etc/rc.local echo 'ip addr add 10.0.3.1/24 broadcast 10.0.3.255 dev br0' >> /etc/rc.local echo 'ip link set br0 up' >> /etc/rc.local echo 'firewall-cmd --zone=trusted --add-interface=br0' >> /etc/rc.local echo "iptables -t nat -A POSTROUTING -o ${NET_DEV} -j MASQUERADE" >> /etc/rc.local echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >> /etc/rc.local echo 'exit 0' >> /etc/rc.local chmod +x /etc/rc.local # make sure that USE_LXC is always set when logging in as gitianuser, # and configure LXC IP addresses echo 'export USE_LXC=1' >> /home/gitianuser/.profile echo 'export GITIAN_HOST_IP=10.0.3.1' >> /home/gitianuser/.profile echo 'export LXC_GUEST_IP=10.0.3.5' >> /home/gitianuser/.profile reboot ``` At the end Debian is rebooted to make sure that the changes take effect. The steps in this section only need to be performed once. **Note**: When sudo asks for a password, enter the password for the user `gitianuser` not for `root`. Installing Gitian ----------------- Re-login as the user `gitianuser` that was created during installation. The rest of the steps in this guide will be performed as that user. There is no `python-vm-builder` package in Debian, so we need to install it from source ourselves, ```bash wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr494.orig.tar.gz echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c # (verification -- must return OK) tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz cd vm-builder-0.12.4+bzr494 sudo python setup.py install cd .. ``` **Note**: When sudo asks for a password, enter the password for the user `gitianuser` not for `root`. Clone the git repositories for bitcoin and Gitian. ```bash git clone https://github.com/devrandom/gitian-builder.git git clone https://github.com/Bitcoin-ABC/bitcoin-abc.git ``` Setting up the Gitian image --------------------------- Gitian needs a virtual image of the operating system to build in. -Currently this is Ubuntu Bionic x86_64, however previous releases were built -with Ubuntu Trusty x86_64. +Currently this is Debian 10 Buster x86_64. This image will be copied and used every time that a build is started to make sure that the build is deterministic. Creating the image will take a while, but only has to be done once. Execute the following as user `gitianuser`: ```bash cd gitian-builder -bin/make-base-vm --lxc --arch amd64 --distro debian --suite stretch +bin/make-base-vm --lxc --arch amd64 --distro debian --suite buster ``` There will be a lot of warnings printed during the build of the image. These can be ignored. **Note**: When sudo asks for a password, enter the password for the user `gitianuser` not for `root`. Downloading dependencies ------------------------ Gitian may have problems connecting to the internet, which can make the build flacky. In order to avoid this, it is possible to download dependencies ahead of time. Execute the following as user `gitianuser`: ```bash cd gitian-builder make -C ../bitcoin-abc/depends download SOURCES_PATH=`pwd`/cache/common ``` diff --git a/doc/gitian-building/gitian-building-setup-gitian-fedora.md b/doc/gitian-building/gitian-building-setup-gitian-fedora.md index 34210925f..e7311b6e5 100644 --- a/doc/gitian-building/gitian-building-setup-gitian-fedora.md +++ b/doc/gitian-building/gitian-building-setup-gitian-fedora.md @@ -1,73 +1,71 @@ Table of Contents ------------------ - [Setting up Fedora for Gitian building](#setting-up-fedora-for-gitian-building) - [Installing Gitian](#installing-gitian) - [Setting up the Gitian image](#setting-up-the-gitian-image) Setting up Fedora for Gitian building -------------------------------------- In this section we will be setting up the Fedora installation for Gitian building. We assume that a user `gitianuser` was previously created and added to the `wheel` group. First we need to set up dependencies. Type/paste the following in the terminal: ```bash sudo dnf install git ruby gnupg docker tar rsync wget curl ``` Then set up docker and the rest with the following, which is a complex jumble of settings and workarounds: ```bash sudo -s systemctl enable docker.service # the version of docker in Fedora needs to run as root, so make sure # that the build script can execute it without providing a password # https://docs.docker.com/install/linux/linux-postinstall/ groupadd docker usermod -aG docker gitianuser echo 'export USE_DOCKER=1' >> /home/gitianuser/.bash_profile reboot ``` At the end Fedora is rebooted to make sure that the changes take effect. The steps in this section only need to be performed once. **Note**: When sudo asks for a password, enter the password for the user `gitianuser` not for `root`. Installing Gitian ------------------ Login as the user `gitianuser` that was created during installation. The rest of the steps in this guide will be performed as that user. Clone the git repositories for bitcoin and Gitian. ```bash git clone https://github.com/devrandom/gitian-builder.git git clone https://github.com/bitcoin/bitcoin git clone https://github.com/bitcoin-core/gitian.sigs.git git clone https://github.com/bitcoin-core/bitcoin-detached-sigs.git ``` Setting up the Gitian image ------------------------- Gitian needs a virtual image of the operating system to build in. -Currently this is Ubuntu Bionic x86_64, however previous releases were built -with Ubuntu Trusty x86_64. +Currently this is Debian 10 Buster x86_64. This image will be copied and used every time that a build is started to make sure that the build is deterministic. Creating the image will take a while, but only has to be done once. Execute the following as user `gitianuser`: ```bash cd gitian-builder -bin/make-base-vm --docker --arch amd64 --suite bionic # For releases after and including 0.17.0 -bin/make-base-vm --docker --arch amd64 --suite trusty # For releases before 0.17.0 +bin/make-base-vm --docker --arch amd64 --suite buster ``` **Note**: When sudo asks for a password, enter the password for the user `gitianuser` not for `root`. diff --git a/doc/gitian-building/gitian-building-vargant.md b/doc/gitian-building/gitian-building-vagrant.md similarity index 93% rename from doc/gitian-building/gitian-building-vargant.md rename to doc/gitian-building/gitian-building-vagrant.md index 28baaa18d..279adfb8e 100644 --- a/doc/gitian-building/gitian-building-vargant.md +++ b/doc/gitian-building/gitian-building-vagrant.md @@ -1,68 +1,68 @@ Table of Contents ----------------- - [Preparing the Gitian builder host](#preparing-the-gitian-builder-host) - [Setting up the Gitian image](#setting-up-the-gitian-image) Preparing the Gitian builder host --------------------------------- The first step is to prepare the host environment that will be used to perform the Gitian builds. This guide explains how to set up the environment, and how to start the builds. Requirements: - A machine with at least 64b of disk space - 16GB of RAM - Several installed tools: - [Vagrant](https://www.vagrantup.com) - [Packer](https://www.packer.io) - [Virtualbox](https://www.virtualbox.org) After you have installed each of these tools, you will need to create an ubuntu xenial vagrant "box." This is most easily done using the [box-cutter project](https://github.com/boxcutter/ubuntu). (Note: Canonical provides a vagrant box, however its disk space is insufficient for this guide.) ```bash pushd cd /tmp/ git clone https://github.com/boxcutter/ubuntu.git cd ubuntu git checkout 7d1820c186d76122445c092bc2b872a8a94166ce packer build -var-file=ubuntu1604.json -only=virtualbox-iso ubuntu.json vagrant box add --name abc-xenial box/virtualbox/ubuntu1604-0.1.0.box popd ``` After completion you should be able to run add the box to vagrant as "abc-xenial" using `vagrant box add --name abc-xenial ` The final step for running vagrant is: ```bash cd contrib/gitian/ vagrant up vagrant ssh ``` This should drop you into a Xenial prompt as the user `vagrant`. Setting up the Gitian image --------------------------- Gitian needs a virtual image of the operating system to build in. Currently -this is Debian Stretch x86_64. This image will be copied and used every time +this is Debian Buster x86_64. This image will be copied and used every time that a build is started to make sure that the build is deterministic. Creating the image will take a while, but only has to be done once. Execute the following as user `vagrant`: ```bash cd gitian-builder -./bin/make-base-vm --lxc --distro debian --suite stretch --arch amd64 +./bin/make-base-vm --lxc --distro debian --suite buster --arch amd64 ``` There will be a lot of warnings printed during the build of the image. These can be ignored.