Skip to content

Instantly share code, notes, and snippets.

@m3dwards

m3dwards/guix-sigs-mac-docker.md

Forked from hebasto/guix-sigs.md
Last active April 17, 2024 18:04
Show Gist options
  • Save m3dwards/efde918f571a2bd759349e9494b116f8 to your computer and use it in GitHub Desktop.
Save m3dwards/efde918f571a2bd759349e9494b116f8 to your computer and use it in GitHub Desktop.
Download ZIP
The `bitcoin-core/guix.sigs` Repository Workflow on Mac with docker
Raw
guix-sigs-mac-docker.md

The bitcoin-core/guix.sigs Repository Workflow

Fork and clone the following repos on host:

Clone the following repo:

https://github.com/bitcoin-core/bitcoin-detached-sigs

Checkout the branch you wish to build in bitcoin repo and detached-sigs repo

Build and run Guix docker image

Full description on guix docker image: https://github.com/fanquake/core-review/tree/master/guix

Clone https://github.com/fanquake/core-review

cd guix
DOCKER_BUILDKIT=1 docker build --pull --no-cache -t alpine_guix - < Dockerfile

Run guix container

docker run --name alpine_guix --privileged alpine_guix

Copy in Mac SDK

Looking at the version of the document for your current build download xcode and extract the SDK as per: https://github.com/bitcoin/bitcoin/tree/master/contrib/macdeploy#sdk-extraction

Copy sdk onto container:

docker cp /tmp/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz alpine_guix:/SDKs

Jump into container

docker exec -it alpine_guix /bin/bash

Extract SDK

# In container
cd /SDKs
tar -xzf Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz

Clone guix.sigs and bitcoin-detached-sigs inside container

# In container
cd /
git clone https://github.com/bitcoin-core/guix.sigs
git clone https://github.com/bitcoin-core/bitcoin-detached-sigs

Checkout the correct version of bitcoin and bitcoin-detached-sigs repos inside container

# In container
cd /bitcoin && git checkout v26.0
cd /bitcoin-detached-sigs && git checkout v26.x

Set environment variables

# In container
export SIGNER="m3dwards"
export GUIX_SIGS_REPO="/guix.sigs"
export DETACHED_SIGS_REPO="/bitcoin-detached-sigs"

Run Guix build

# In container
cd /bitcoin
time BASE_CACHE="/base_cache" SOURCE_PATH="/sources" SDK_PATH="/SDKs" ./contrib/guix/guix-build

Run code signing

# In container
./contrib/guix/guix-codesign

Run attestation without signing

# In container
NO_SIGN=1 ./contrib/guix/guix-attest

Copy out build output (probably only need .part files)

# On host
cd [bitcoin dir]
mkdir guix-build-26.0
docker cp alpine_guix:/bitcoin/guix-build-26.0/output ./guix-build-26.0/output

Copy unsigned guix sigs

# On host
cd [guix-sigs dir]
docker cp alpine_guix:/guix.sigs/26.0/m3dwards ./26.0/

Set host environment variables

export SIGNER="m3dwards"
export GUIX_SIGS_REPO="/Users/max/guix.sigs"
export DETACHED_SIGS_REPO="/Users/max/bitcoin-detached-sigs"

Add attestation using local GPG Key

#On host
./contrib/guix/guix-attest

Finally

Add commit in guix.sigs repo and create a PR to add your attestations

Verifying

./contrib/guix/guix-verify
@pinheadmz
Copy link

pinheadmz commented Apr 8, 2024
edited
Loading

nits:

in #set-environment-variables s/esport/export

in #extract-sdk the version number in the tar filename is out of date (no biggie)

in #clone-guixsigs-and-bitcoin-detached-sigs-inside-container one repo URL is wrong, should be https://github.com/bitcoin-core/guix.sigs

Otherwise working, building guix now ...

@pinheadmz
Copy link

hit this during build:

note: keeping build directory `/tmp/guix-build-config.scm.drv-0'
guix time-machine: error: cloning builder process: Operation not permitted

trying again running image with --privileged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment