Skip to content

Instantly share code, notes, and snippets.

@midnightmagic

midnightmagic/build_btc_pub.sh

Created August 18, 2016 01:48
Show Gist options
  • Save midnightmagic/143525b14877d73edc4cd1e213267d39 to your computer and use it in GitHub Desktop.
Save midnightmagic/143525b14877d73edc4cd1e213267d39 to your computer and use it in GitHub Desktop.
Download ZIP
simple, messy build script to demonstrate gitian build actions
Raw
build_btc_pub.sh
#!/bin/bash
export USE_LXC=1
export NUM_PROCS=30
export MEMORY_USE=45000
export SIGNER=0x28DF2724F241D8EE
export SIGNERNAME=midnightmagic
export ROOTBUILD=/path/to/root/build/dir
export DOSIGS=${DOSIGS:-yes}
export DOLINUX=${DOLINUX:-yes}
export DOWIN=${DOWIN:-yes}
export DOMAC=${DOMAC:-yes}
export DOWINSIGNED=${DOWINSIGNED:-yes}
export DOMACSIGNED=${DOMACSIGNED:-yes}
# This script has not been tested.. basically at all.
# You've been warned.
#
# Setup prior to use:
# 1. You must find and insert all the developers' keys into your
# GnuPG pubkey ring. Please consider doing this extra-carefully
# as this is the exact moment at which your process is
# cryptographically most-vulnerable. Check websites, emails,
# triangulate as much as possible, and in the case of Peter
# Todd, there's actually a nice video he did where he reads
# off his fingerprint.
#
# 2. You need to configure your $ROOTBUILD tree above, as follows:
#
# cd /v/path/to/root/build/dir
# git checkout https://github.com/devrandom/gitian-builder.git
# git checkout https://github.com/bitcoin/bitcoin.git
# git checkout https://github.com/bitcoin/gitian.sigs.git
# cd gitian-builder
# {perform gitian base image config as per doc/release-process.md}
# {Apple SDK needs special handling as well and an Apple developer ID}
#
# 3. Alter all the config variables, above, to suit
#
# 4. Initiate build script with:
#
# build_btc.sh v0.13.0rc2
#
#
# Instructions for helping submit gitian build results are beyond
# the scope of this script. ;-)
function buildlinux () {
echo XXX Attempting to build v${VERSION} ...
./bin/gbuild --memory ${MEMORY_USE} -j ${NUM_PROCS} --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
[[ "$DOSIGS" = "yes" ]] && {
if [ -e ../gitian.sigs/bitcoin/${VERSION}-linux/0x* ]
then
rm -rf ../gitian.sigs/bitcoin/${VERSION}-linux/0x*
fi
./bin/gsign --signer $SIGNER --release ${VERSION}-linux --destination ../gitian.sigs/bitcoin ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
if [ -e ../gitian.sigs/bitcoin/${VERSION}-linux/"${SIGNERNAME}" ]
then
rm -rf ../gitian.sigs/bitcoin/${VERSION}-linux/"${SIGNERNAME}"
fi
mv ../gitian.sigs/bitcoin/${VERSION}-linux/0x* ../gitian.sigs/bitcoin/${VERSION}-linux/"${SIGNERNAME}"
"${ROOTBUILD}"/gitian-builder/bin/gverify -v -d ../gitian.sigs/bitcoin -r ${VERSION}-linux "${ROOTBUILD}"/bitcoin/contrib/gitian-descriptors/gitian-linux.yml
}
}
function buildwin () {
./bin/gbuild --memory ${MEMORY_USE} -j ${NUM_PROCS} --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
if ( dpkg --compare-versions ${VERSION} gt 0.11.0rc2 || [[ "${VERSION}" = 0.11.0 ]] )
then
WINSIGNED=yes
WINUNSIGNEDTARGET=${VERSION}-win-unsigned
WINSIGNEDTARGET=${VERSION}-win-signed
else
WINSIGNED=no
WINUNSIGNEDTARGET=${VERSION}-win
fi
[[ ${WINSIGNED} = yes ]] && {
mv build/out/bitcoin-*-win-unsigned.tar.gz inputs/bitcoin-win-unsigned.tar.gz
}
mv build/out/bitcoin-*.zip build/out/bitcoin-*.exe ../
[[ "$DOSIGS" = "yes" ]] && {
if [ -e ../gitian.sigs/bitcoin/${WINUNSIGNEDTARGET}/0x* ]
then
rm -rf ../gitian.sigs/bitcoin/${WINUNSIGNEDTARGET}/0x*
fi
./bin/gsign --signer $SIGNER --release ${WINUNSIGNEDTARGET} --destination ../gitian.sigs/bitcoin ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
for i in ../gitian.sigs/bitcoin/${VERSION}-win*/"${SIGNERNAME}"
do
if [ -e "$i" ]
then
rm -rf ../gitian.sigs/bitcoin/${WINUNSIGNEDTARGET}/"${SIGNERNAME}"
fi
done
mv ../gitian.sigs/bitcoin/${WINUNSIGNEDTARGET}/0x* ../gitian.sigs/bitcoin/${WINUNSIGNEDTARGET}/"${SIGNERNAME}"
"${ROOTBUILD}"/gitian-builder/bin/gverify -v -d ../gitian.sigs/bitcoin -r ${WINUNSIGNEDTARGET} "${ROOTBUILD}"/bitcoin/contrib/gitian-descriptors/gitian-win.yml
[[ ${WINSIGNED} = yes ]] && [[ ${DOWINSIGNED} == yes ]] && {
./bin/gbuild -i --commit signature=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
if [ -e ../gitian.sigs/bitcoin/${WINSIGNEDTARGET}/0x* ]
then
rm -rf ../gitian.sigs/bitcoin/${WINSIGNEDTARGET}/0x*
fi
./bin/gsign --signer $SIGNER --release ${WINSIGNEDTARGET} --destination ../gitian.sigs/bitcoin ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
if [ -e ../gitian.sigs/bitcoin/${VERSION}-win/"${SIGNERNAME}" ]
then
rm -rf ../gitian.sigs/bitcoin/${WINSIGNEDTARGET}/"${SIGNERNAME}"
fi
mv ../gitian.sigs/bitcoin/${WINSIGNEDTARGET}/0x* ../gitian.sigs/bitcoin/${WINSIGNEDTARGET}/"${SIGNERNAME}"
"${ROOTBUILD}"/gitian-builder/bin/gverify -v -d ../gitian.sigs/bitcoin -r ${WINSIGNEDTARGET} "${ROOTBUILD}"/bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
}
}
}
function buildmac () {
# For a long time, I had quite a difficulty in building deterministically
# on a Linux machine targetting OSX. You can see this in the gitian.sigs
# repository where a huge number of my OSX gitian signatures don't match
# with anyone else's. This issue seems to be fixed now, and may have been
# because I re-use base build images forever.
#
# unset USE_LXC
./bin/gbuild --memory ${MEMORY_USE} -j ${NUM_PROCS} --commit bitcoin=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml
[[ "$DOSIGS" = "yes" ]] && {
if [ -e ../gitian.sigs/bitcoin/${VERSION}-osx-unsigned/0x* ]
then
rm -rf ../gitian.sigs/bitcoin/${VERSION}-osx-unsigned/0x*
fi
./bin/gsign --signer $SIGNER --release ${VERSION}-osx-unsigned --destination ../gitian.sigs/bitcoin ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml
if [ -e ../gitian.sigs/bitcoin/${VERSION}-osx-unsigned/"${SIGNERNAME}" ]
then
rm -rf ../gitian.sigs/bitcoin/${VERSION}-osx-unsigned/"${SIGNERNAME}"
fi
mv ../gitian.sigs/bitcoin/${VERSION}-osx-unsigned/0x* ../gitian.sigs/bitcoin/${VERSION}-osx-unsigned/"${SIGNERNAME}"
"${ROOTBUILD}"/gitian-builder/bin/gverify -v -d ../gitian.sigs/bitcoin -r ${VERSION}-osx-unsigned "${ROOTBUILD}"/bitcoin/contrib/gitian-descriptors/gitian-osx.yml
}
mv build/out/bitcoin-*-unsigned.tar.gz inputs/bitcoin-osx-unsigned.tar.gz
mv build/out/bitcoin-*.tar.gz build/out/bitcoin-*.dmg ../
if [ -f ../osx-signatures/${VERSION}/signature.tar.gz ]
then
cp -v ../osx-signatures/${VERSION}/signature.tar.gz inputs/
fi
[[ "$DOSIGS" = "yes" ]] && [[ ${DOMACSIGNED} == "yes" ]] && {
./bin/gbuild --memory ${MEMORY_USE} -i --commit signature=v${VERSION} ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml
if [ -e ../gitian.sigs/bitcoin/${VERSION}-osx-signed/0x* ]
then
rm -rf ../gitian.sigs/bitcoin/${VERSION}-osx-signed/0x*
fi
./bin/gsign --signer $SIGNER --release ${VERSION}-osx-signed --destination ../gitian.sigs/bitcoin/ ../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml
if [ -e ../gitian.sigs/bitcoin/${VERSION}-osx-signed/"${SIGNERNAME}" ]
then
rm -rf ../gitian.sigs/bitcoin/${VERSION}-osx-signed/"${SIGNERNAME}"
fi
mv ../gitian.sigs/bitcoin/${VERSION}-osx-signed/0x* ../gitian.sigs/bitcoin/${VERSION}-osx-signed/"${SIGNERNAME}"
"${ROOTBUILD}"/gitian-builder/bin/gverify -v -d ../gitian.sigs/bitcoin -r ${VERSION}-osx-signed "${ROOTBUILD}"/bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml
}
}
function prepsigs() {
echo heading in to update gitian.sigs..
cd "${ROOTBUILD}"/gitian.sigs/bitcoin || {
echo ERROR: Unable to cd to "${ROOTBUILD}"/gitian.sigs/bitcoin
exit 1; }
git fetch --all || {
echo ERROR: Unable to git fetch --all in $( pwd -P )
exit 1; }
git checkout master || {
echo ERROR: Unable to checkout local master in $( pwd -P )
exit 1; }
git clean -xdf || {
echo ERROR: Unable to git clean -xdf in $( pwd -P )
exit 1; }
git pull origin master || {
echo ERROR: Unable to git pull origin master in $( pwd -P )
exit 1; }
echo Trying to ensure we\'re on a branch suitable for pushing to github fork of gitian.sigs..
if git branch -a | grep -iE "^(\* | ) v${VERSION}-mm-sigs\$"
then
git branch -D v${VERSION}-mm-sigs || {
echo ERROR: Unable to destroy the branch v${VERSION}-mm-sigs
exit 1; }
fi
git checkout -b v${VERSION}-mm-sigs || {
echo ERROR: Unable to create a checkout-branch for v${VERSION}-mm-sigs in $( pwd -P )
exit 1; }
}
if [ ! -z "$1" ]
then
export VERSION=${1#v}
else
if [ ! -z "$VERSION" ]
then
export VERSION=${VERSION#v}
else
echo ERROR: Could not find \$VERSION environment variable and argument for version not supplied.
exit 1
fi
fi
echo detected version to build is: $VERSION
[[ "$DOSIGS" = "yes" ]] && {
prepsigs; }
cd "${ROOTBUILD}"/bitcoin
git fetch --all || {
echo ERROR: Unable to git fetch all in $( pwd -P )
exit 1; }
if git tag | grep -qsiE "^"v${VERSION}"\$"
then
echo found git tag matching v${VERSION}
else
echo ERROR: Did not find git tag matching v${VERSION}
exit 1
fi
git checkout v${VERSION} || {
echo ERROR: Unable to git checkout v${VERSION} in $( pwd -P )
exit 1; }
cd "${ROOTBUILD}"/gitian-builder
if [ ! -d inputs ]
then
if [ -e inputs ]
then
rm -f inputs
fi
mkdir inputs
fi
export USE_LXC=1
make -C ../bitcoin/depends download SOURCES_PATH=`pwd`/cache/common || {
echo ERROR: Unable to retrieve dependencies for semi-offline build of v${VERSION}
exit 1; }
# In the event we have an unclean cache, built prior to 0.12's update to trusty, we may need to clear out the win
# cache in gitian, unless cfields' fix for it is available
if [ -d cache/bitcoin-win-0.12 ]
then
if ( dpkg --compare-versions ${VERSION} gt 0.12.0 || [[ "${VERSION}" = 0.12.0 ]] )
then
rm -rf cache/bitcoin-win-0.12
fi
fi
[[ "$DOLINUX" = "yes" ]] && {
buildlinux; }
[[ "$DOWIN" = "yes" ]] && {
buildwin; }
[[ "$DOMAC" = "yes" ]] && {
buildmac; }
echo FINISHED.
[[ "$DOSIGS" = "yes" ]] && {
echo Going over to see what gitian.sigs looks like..
cd "${ROOTBUILD}"/gitian.sigs/bitcoin
git status
echo Reminder to verify the above files are correctly attributed to the v${VERSION} bitcoin tag..
}
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment