2014-04-02 11:59:49 +02:00
Gitian building
================
2016-07-29 07:30:19 +02:00
*Setup instructions for a Gitian build of Dash Core using a Debian VM or physical system.*
2014-04-02 11:59:49 +02:00
2015-05-30 05:02:21 +02:00
Gitian is the deterministic build process that is used to build the Dash
2014-07-02 11:16:49 +02:00
Core executables. It provides a way to be reasonably sure that the
2015-09-02 17:49:26 +02:00
executables are really built from the source on GitHub. It also makes sure that
2014-04-02 11:59:49 +02:00
the same, tested dependencies are used and statically built into the executable.
Multiple developers build the source code by following a specific descriptor
("recipe"), cryptographically sign the result, and upload the resulting signature.
These results are compared and only if they match, the build is accepted and uploaded
2016-01-31 14:11:16 +01:00
to dash.org.
2014-04-02 11:59:49 +02:00
2015-10-17 12:10:45 +02:00
More independent Gitian builders are needed, which is why this guide exists.
2015-09-02 17:49:26 +02:00
It is preferred you follow these steps yourself instead of using someone else's
2014-04-02 11:59:49 +02:00
VM image to avoid 'contaminating' the build.
Table of Contents
------------------
- [Create a new VirtualBox VM ](#create-a-new-virtualbox-vm )
- [Connecting to the VM ](#connecting-to-the-vm )
2015-10-17 12:10:45 +02:00
- [Setting up Debian for Gitian building ](#setting-up-debian-for-gitian-building )
- [Installing Gitian ](#installing-gitian )
- [Setting up the Gitian image ](#setting-up-the-gitian-image )
2014-04-02 11:59:49 +02:00
- [Getting and building the inputs ](#getting-and-building-the-inputs )
2016-07-29 07:30:19 +02:00
- [Building Dash Core ](#building-dash-core )
2014-04-02 11:59:49 +02:00
- [Building an alternative repository ](#building-an-alternative-repository )
- [Signing externally ](#signing-externally )
- [Uploading signatures ](#uploading-signatures )
2014-06-03 11:40:24 +02:00
Preparing the Gitian builder host
---------------------------------
2014-04-02 11:59:49 +02:00
2014-06-03 11:40:24 +02:00
The first step is to prepare the host environment that will be used to perform the Gitian builds.
2014-07-02 11:16:49 +02:00
This guide explains how to set up the environment, and how to start the builds.
2014-04-02 11:59:49 +02:00
2014-06-03 11:40:24 +02:00
Debian Linux was chosen as the host distribution because it has a lightweight install (in contrast to Ubuntu) and is readily available.
Any kind of virtualization can be used, for example:
2015-09-02 17:49:26 +02:00
- [VirtualBox ](https://www.virtualbox.org/ ) (covered by this guide)
2014-06-03 11:40:24 +02:00
- [KVM ](http://www.linux-kvm.org/page/Main_Page )
- [LXC ](https://linuxcontainers.org/ ), see also [Gitian host docker container ](https://github.com/gdm85/tenku/tree/master/docker/gitian-bitcoin-host/README.md ).
2014-04-02 11:59:49 +02:00
2015-10-17 12:10:45 +02:00
You can also install Gitian on actual hardware instead of using virtualization.
2014-06-03 11:40:24 +02:00
Create a new VirtualBox VM
---------------------------
2016-04-14 09:14:46 +02:00
In the VirtualBox GUI click "New" and choose the following parameters in the wizard:
2014-04-02 11:59:49 +02:00
2015-09-02 17:49:26 +02:00
![](gitian-building/create_new_vm.png)
2014-04-02 11:59:49 +02:00
2015-09-02 17:49:26 +02:00
- Type: Linux, Debian (64-bit)
2014-04-02 11:59:49 +02:00
![](gitian-building/create_vm_memsize.png)
2016-08-03 12:49:28 +02:00
- Memory Size: at least 3000MB, anything less and the build might not complete.
2014-04-02 11:59:49 +02:00
2015-09-02 17:49:26 +02:00
![](gitian-building/create_vm_hard_disk.png)
2014-04-02 11:59:49 +02:00
2015-09-02 17:49:26 +02:00
- Hard Disk: Create a virtual hard disk now
2014-04-02 11:59:49 +02:00
2015-09-02 17:49:26 +02:00
![](gitian-building/create_vm_hard_disk_file_type.png)
2014-04-02 11:59:49 +02:00
2015-10-17 12:10:45 +02:00
- Hard Disk file type: Use the default, VDI (VirtualBox Disk Image)
2014-04-02 11:59:49 +02:00
2015-09-02 17:49:26 +02:00
![](gitian-building/create_vm_storage_physical_hard_disk.png)
2015-10-17 12:10:45 +02:00
- Storage on physical hard disk: Dynamically Allocated
2014-04-02 11:59:49 +02:00
![](gitian-building/create_vm_file_location_size.png)
2015-10-17 12:10:45 +02:00
- File location and size: at least 40GB; as low as 20GB *may* be possible, but better to err on the safe side
2015-09-02 17:49:26 +02:00
- Click `Create`
2014-04-02 11:59:49 +02:00
2015-10-17 12:10:45 +02:00
After creating the VM, we need to configure it.
2014-04-02 11:59:49 +02:00
2014-12-28 11:22:44 +01:00
- Click the `Settings` button, then go to the `Network` tab. Adapter 1 should be attached to `NAT` .
2014-04-02 11:59:49 +02:00
![](gitian-building/network_settings.png)
2015-04-28 16:48:28 +02:00
- Click `Advanced` , then `Port Forwarding` . We want to set up a port through which we can reach the VM to get files in and out.
2014-04-02 11:59:49 +02:00
- Create a new rule by clicking the plus icon.
![](gitian-building/port_forwarding_rules.png)
- Set up the new rule the following way:
- Name: `SSH`
- Protocol: `TCP`
- Leave Host IP empty
- Host Port: `22222`
- Leave Guest IP empty
- Guest Port: `22`
- Click `Ok` twice to save.
2016-09-21 11:28:19 +02:00
Get the [Debian 8.x net installer ](http://cdimage.debian.org/mirror/cdimage/archive/8.5.0/amd64/iso-cd/debian-8.5.0-amd64-netinst.iso ) (a more recent minor version should also work, see also [Debian Network installation ](https://www.debian.org/CD/netinst/ )).
This DVD image can be [validated ](https://www.debian.org/CD/verify ) using a SHA256 hashing tool, for example on
2016-04-14 09:14:46 +02:00
Unixy OSes by entering the following in a terminal:
2016-06-13 11:18:13 +02:00
echo "ad4e8c27c561ad8248d5ebc1d36eb172f884057bfeb2c22ead823f59fa8c3dff debian-8.5.0-amd64-netinst.iso" | sha256sum -c
2016-04-14 09:14:46 +02:00
# (must return OK)
2016-09-21 11:28:19 +02:00
Then start the VM. On the first launch you will be asked for a CD or DVD image. Choose the downloaded ISO.
2014-04-02 11:59:49 +02:00
![](gitian-building/select_startup_disk.png)
Installing Debian
------------------
2014-12-26 11:03:44 +01:00
This section will explain how to install Debian on the newly created VM.
2014-04-02 11:59:49 +02:00
2015-04-28 16:48:28 +02:00
- Choose the non-graphical installer. We do not need the graphical environment; it will only increase installation time and disk usage.
2014-04-02 11:59:49 +02:00
![](gitian-building/debian_install_1_boot_menu.png)
2015-10-17 12:10:45 +02:00
**Note**: Navigating in the Debian installer:
To keep a setting at the default and proceed, just press `Enter` .
2015-09-02 17:49:26 +02:00
To select a different button, press `Tab` .
2014-04-02 11:59:49 +02:00
- Choose locale and keyboard settings (doesn't matter, you can just go with the defaults or select your own information)
![](gitian-building/debian_install_2_select_a_language.png)
![](gitian-building/debian_install_3_select_location.png)
![](gitian-building/debian_install_4_configure_keyboard.png)
- The VM will detect network settings using DHCP, this should all proceed automatically
2015-10-17 12:10:45 +02:00
- Configure the network:
2015-09-02 17:49:26 +02:00
- Hostname `debian` .
2014-04-02 11:59:49 +02:00
- Leave domain name empty.
![](gitian-building/debian_install_5_configure_the_network.png)
2015-10-17 12:10:45 +02:00
- Choose a root password and enter it twice (remember it for later)
2014-04-02 11:59:49 +02:00
![](gitian-building/debian_install_6a_set_up_root_password.png)
2015-10-17 12:10:45 +02:00
- Name the new user `debian` (the full name doesn't matter, you can leave it empty)
2015-09-02 17:49:26 +02:00
- Set the account username as `debian`
2014-04-02 11:59:49 +02:00
![](gitian-building/debian_install_7_set_up_user_fullname.png)
![](gitian-building/debian_install_8_set_up_username.png)
2015-10-17 12:10:45 +02:00
- Choose a user password and enter it twice (remember it for later)
2014-04-02 11:59:49 +02:00
![](gitian-building/debian_install_9_user_password.png)
2015-04-28 16:48:28 +02:00
- The installer will set up the clock using a time server; this process should be automatic
2014-04-02 11:59:49 +02:00
- Set up the clock: choose a time zone (depends on the locale settings that you picked earlier; specifics don't matter)
![](gitian-building/debian_install_10_configure_clock.png)
- Disk setup
2015-10-17 12:10:45 +02:00
- Partitioning method: Guided - Use the entire disk
2014-04-02 11:59:49 +02:00
![](gitian-building/debian_install_11_partition_disks.png)
2015-10-17 12:10:45 +02:00
- Select disk to partition: SCSI1 (0,0,0)
2014-04-02 11:59:49 +02:00
![](gitian-building/debian_install_12_choose_disk.png)
2016-04-14 09:14:46 +02:00
- Partition Disks -> *All files in one partition*
![](gitian-building/all_files_in_one_partition.png)
2014-04-02 11:59:49 +02:00
- Finish partitioning and write changes to disk -> *Yes* (`Tab`, `Enter` to select the `Yes` button)
2015-09-02 17:49:26 +02:00
![](gitian-building/debian_install_14_finish.png)
2014-04-02 11:59:49 +02:00
![](gitian-building/debian_install_15_write_changes.png)
- The base system will be installed, this will take a minute or so
2015-10-17 12:10:45 +02:00
- Choose a mirror (any will do)
2014-04-02 11:59:49 +02:00
![](gitian-building/debian_install_16_choose_a_mirror.png)
2015-09-02 17:49:26 +02:00
- Enter proxy information (unless you are on an intranet, leave this empty)
2014-04-02 11:59:49 +02:00
![](gitian-building/debian_install_18_proxy_settings.png)
- Wait a bit while 'Select and install software' runs
- Participate in popularity contest -> *No*
2015-09-02 17:49:26 +02:00
- Choose software to install. We need just the base system.
- Make sure only 'SSH server' and 'Standard System Utilities' are checked
- Uncheck 'Debian Desktop Environment' and 'Print Server'
2014-04-02 11:59:49 +02:00
![](gitian-building/debian_install_19_software_selection.png)
2015-09-02 17:49:26 +02:00
- Install the GRUB boot loader to the master boot record? -> Yes
2014-04-02 11:59:49 +02:00
![](gitian-building/debian_install_20_install_grub.png)
2015-09-02 17:49:26 +02:00
- Device for boot loader installation -> ata-VBOX_HARDDISK
2014-04-02 11:59:49 +02:00
2015-09-02 17:49:26 +02:00
![](gitian-building/debian_install_21_install_grub_bootloader.png)
2014-04-02 11:59:49 +02:00
- Installation Complete -> *Continue*
- After installation, the VM will reboot and you will have a working Debian VM. Congratulations!
2015-09-02 17:49:26 +02:00
![](gitian-building/debian_install_22_finish_installation.png)
After Installation
-------------------
The next step in the guide involves logging in as root via SSH.
SSH login for root users is disabled by default, so we'll enable that now.
2015-10-17 12:10:45 +02:00
Login to the VM using username `root` and the root password you chose earlier.
2015-09-02 17:49:26 +02:00
You'll be presented with a screen similar to this.
![](gitian-building/debian_root_login.png)
Type:
```
sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
```
and press enter. Then,
```
/etc/init.d/ssh restart
```
and enter to restart SSH. Logout by typing 'logout' and pressing 'enter'.
2014-04-02 11:59:49 +02:00
Connecting to the VM
----------------------
After the VM has booted you can connect to it using SSH, and files can be copied from and to the VM using a SFTP utility.
Connect to `localhost` , port `22222` (or the port configured when installing the VM).
2015-09-02 17:49:26 +02:00
On Windows you can use [putty ](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html ) and [WinSCP ](http://winscp.net/eng/index.php ).
2014-04-02 11:59:49 +02:00
2015-09-02 17:49:26 +02:00
For example, to connect as `root` from a Linux command prompt use
2014-04-02 11:59:49 +02:00
$ ssh root@localhost -p 22222
The authenticity of host '[localhost]:22222 ([127.0.0.1]:22222)' can't be established.
2015-09-02 17:49:26 +02:00
RSA key fingerprint is ae:f5:c8:9f:17:c6:c7:1b:c2:1b:12:31:1d:bb:d0:c7.
2014-04-02 11:59:49 +02:00
Are you sure you want to continue connecting (yes/no)? yes
2015-09-02 17:49:26 +02:00
Warning: Permanently added '[localhost]:22222' (RSA) to the list of known hosts.
2014-04-02 11:59:49 +02:00
root@localhost's password: (enter root password configured during install)
2015-09-02 17:49:26 +02:00
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
2014-04-02 11:59:49 +02:00
root@debian:~#
Replace `root` with `debian` to log in as user.
2015-10-17 12:10:45 +02:00
Setting up Debian for Gitian building
2014-04-02 11:59:49 +02:00
--------------------------------------
In this section we will be setting up the Debian installation for Gitian building.
First we need to log in as `root` to set up dependencies and make sure that our
user can use the sudo command. Type/paste the following in the terminal:
```bash
2016-04-22 23:52:34 +02:00
apt-get install git ruby sudo apt-cacher-ng qemu-utils debootstrap lxc python-cheetah parted kpartx bridge-utils make ubuntu-archive-keyring curl
2014-04-02 11:59:49 +02:00
adduser debian sudo
```
2014-07-02 11:16:49 +02:00
Then set up LXC and the rest with the following, which is a complex jumble of settings and workarounds:
2014-04-02 11:59:49 +02:00
```bash
2015-11-19 13:11:50 +01:00
# the version of lxc-start in Debian needs to run as root, so make sure
2015-10-17 12:10:45 +02:00
# that the build script can execute it without providing a password
2014-04-02 11:59:49 +02:00
echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc
2016-02-29 08:57:42 +01:00
echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-execute" >> /etc/sudoers.d/gitian-lxc
2014-04-02 11:59:49 +02:00
# make /etc/rc.local script that sets up bridge between guest and host
echo '#!/bin/sh -e' > /etc/rc.local
echo 'brctl addbr br0' >> /etc/rc.local
echo 'ifconfig br0 10.0.3.2/24 up' >> /etc/rc.local
2015-11-19 13:11:50 +01:00
echo 'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' >> /etc/rc.local
echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >> /etc/rc.local
2014-04-02 11:59:49 +02:00
echo 'exit 0' >> /etc/rc.local
2014-04-16 16:53:28 +02:00
# make sure that USE_LXC is always set when logging in as debian,
# and configure LXC IP addresses
2014-04-02 11:59:49 +02:00
echo 'export USE_LXC=1' >> /home/debian/.profile
2014-04-16 16:53:28 +02:00
echo 'export GITIAN_HOST_IP=10.0.3.2' >> /home/debian/.profile
echo 'export LXC_GUEST_IP=10.0.3.5' >> /home/debian/.profile
2014-04-02 11:59:49 +02:00
reboot
```
2014-04-16 16:53:28 +02:00
At the end the VM is rebooted to make sure that the changes take effect. The steps in this
2015-09-02 17:49:26 +02:00
section only need to be performed once.
2014-04-02 11:59:49 +02:00
2015-10-17 12:10:45 +02:00
Installing Gitian
2014-04-02 11:59:49 +02:00
------------------
Re-login as the user `debian` that was created during installation.
The rest of the steps in this guide will be performed as that user.
There is no `python-vm-builder` package in Debian, so we need to install it from source ourselves,
```bash
2015-11-11 11:45:57 +01:00
wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr494.orig.tar.gz
echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c
2014-04-02 11:59:49 +02:00
# (verification -- must return OK)
2015-11-11 11:45:57 +01:00
tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz
cd vm-builder-0.12.4+bzr494
2014-04-02 11:59:49 +02:00
sudo python setup.py install
cd ..
```
**Note**: When sudo asks for a password, enter the password for the user *debian* not for *root* .
2016-08-19 13:46:30 +02:00
Clone the git repositories for Dash Core and Gitian.
2014-04-02 11:59:49 +02:00
```bash
git clone https://github.com/devrandom/gitian-builder.git
2016-02-02 16:28:56 +01:00
git clone https://github.com/dashpay/dash
2016-01-30 11:45:21 +01:00
git clone https://github.com/dashpay/gitian.sigs.git
2014-04-02 11:59:49 +02:00
```
2015-10-17 12:10:45 +02:00
Setting up the Gitian image
2014-04-02 11:59:49 +02:00
-------------------------
2014-12-26 11:03:44 +01:00
Gitian needs a virtual image of the operating system to build in.
2016-04-05 16:21:14 +02:00
Currently this is Ubuntu Trusty x86_64.
2014-12-26 11:03:44 +01:00
This image will be copied and used every time that a build is started to
2014-04-02 11:59:49 +02:00
make sure that the build is deterministic.
2014-12-26 11:03:44 +01:00
Creating the image will take a while, but only has to be done once.
2014-04-02 11:59:49 +02:00
Execute the following as user `debian` :
```bash
cd gitian-builder
2015-11-17 10:24:05 +01:00
bin/make-base-vm --lxc --arch amd64 --suite trusty
2014-04-02 11:59:49 +02:00
```
2015-09-02 17:49:26 +02:00
There will be a lot of warnings printed during the build of the image. These can be ignored.
2014-04-02 11:59:49 +02:00
**Note**: When sudo asks for a password, enter the password for the user *debian* not for *root* .
2015-05-30 05:02:21 +02:00
**Note**: Repeat this step when you have upgraded to a newer version of Gitian.
2015-05-30 12:05:06 +02:00
**Note**: if you get the error message *"bin/make-base-vm: mkfs.ext4: not found"* during this process you have to make the following change in file *"gitian-builder/bin/make-base-vm"* at line 117:
```bash
# mkfs.ext4 -F $OUT-lxc
/sbin/mkfs.ext4 -F $OUT-lxc # (some Gitian environents do NOT find mkfs.ext4. Some do...)
```
2014-04-02 11:59:49 +02:00
Getting and building the inputs
--------------------------------
2016-09-21 12:31:02 +02:00
Follow the instructions in [doc/release-process.md ](release-process.md#fetch-and-create-inputs-first-time-or-when-dependency-versions-change )
2016-09-19 15:37:21 +02:00
in the Dash Core repository under 'Fetch and create inputs' to install sources which require
2015-09-17 23:17:26 +02:00
manual intervention. Also optionally follow the next step: 'Seed the Gitian sources cache
2015-10-17 12:10:45 +02:00
and offline git repositories' which will fetch the remaining files required for building
2015-09-17 23:17:26 +02:00
offline.
2014-04-02 11:59:49 +02:00
2016-07-29 07:30:19 +02:00
Building Dash Core
2014-12-19 20:39:10 +01:00
----------------
2014-04-02 11:59:49 +02:00
2016-07-29 07:30:19 +02:00
To build Dash Core (for Linux, OS X and Windows) just follow the steps under 'perform
2016-08-19 13:46:30 +02:00
Gitian builds' in [doc/release-process.md ](release-process.md#perform-gitian-builds ) in the Dash Core repository.
2014-04-02 11:59:49 +02:00
2015-09-02 17:49:26 +02:00
This may take some time as it will build all the dependencies needed for each descriptor.
2014-12-19 20:39:10 +01:00
These dependencies will be cached after a successful build to avoid rebuilding them when possible.
2014-04-02 11:59:49 +02:00
At any time you can check the package installation and build progress with
```bash
tail -f var/install.log
tail -f var/build.log
2015-06-07 11:41:09 +02:00
```
2014-04-02 11:59:49 +02:00
Output from `gbuild` will look something like
2015-06-07 11:41:09 +02:00
```bash
2015-05-30 05:02:21 +02:00
Initialized empty Git repository in /home/debian/gitian-builder/inputs/dash/.git/
2015-09-02 17:49:26 +02:00
remote: Counting objects: 57959, done.
remote: Total 57959 (delta 0), reused 0 (delta 0), pack-reused 57958
Receiving objects: 100% (57959/57959), 53.76 MiB | 484.00 KiB/s, done.
Resolving deltas: 100% (41590/41590), done.
2015-05-30 05:02:21 +02:00
From https://github.com/dashpay/dash
2014-04-02 11:59:49 +02:00
... (new tags, new branch etc)
2016-04-14 12:09:53 +02:00
--- Building for trusty amd64 ---
2014-04-02 11:59:49 +02:00
Stopping target if it is up
Making a new image copy
stdin: is not a tty
Starting target
Checking if target is up
Preparing build environment
Updating apt-get repository (log in var/install.log)
Installing additional packages (log in var/install.log)
Grabbing package manifest
stdin: is not a tty
Creating build script (var/build-script)
lxc-start: Connection refused - inotify event with no name (mask 32768)
Running build script (log in var/build.log)
2015-06-07 11:41:09 +02:00
```
2014-04-02 11:59:49 +02:00
Building an alternative repository
-----------------------------------
2014-07-02 11:16:49 +02:00
If you want to do a test build of a pull on GitHub it can be useful to point
2015-10-17 12:10:45 +02:00
the Gitian builder at an alternative repository, using the same descriptors
2014-04-02 11:59:49 +02:00
and inputs.
For example:
```bash
2015-05-30 05:02:21 +02:00
URL=https://github.com/crowning-/dash.git
COMMIT=b616fb8ef0d49a919b72b0388b091aaec5849b96
./bin/gbuild --commit dash=${COMMIT} --url dash=${URL} ../dash/contrib/gitian-descriptors/gitian-linux.yml
./bin/gbuild --commit dash=${COMMIT} --url dash=${URL} ../dash/contrib/gitian-descriptors/gitian-win.yml
./bin/gbuild --commit dash=${COMMIT} --url dash=${URL} ../dash/contrib/gitian-descriptors/gitian-osx.yml
2014-04-02 11:59:49 +02:00
```
2015-09-17 23:17:26 +02:00
Building fully offline
-----------------------
2015-10-17 12:10:45 +02:00
For building fully offline including attaching signatures to unsigned builds, the detached-sigs repository
2016-02-28 10:58:28 +01:00
and the dash git repository with the desired tag must both be available locally, and then gbuild must be
2015-10-17 12:10:45 +02:00
told where to find them. It also requires an apt-cacher-ng which is fully-populated but set to offline mode, or
2015-09-17 23:17:26 +02:00
manually disabling gitian-builder's use of apt-get to update the VM build environment.
To configure apt-cacher-ng as an offline cacher, you will need to first populate its cache with the relevant
files. You must additionally patch target-bin/bootstrap-fixup to set its apt sources to something other than
plain archive.ubuntu.com: us.archive.ubuntu.com works.
So, if you use LXC:
```bash
export PATH="$PATH":/path/to/gitian-builder/libexec
export USE_LXC=1
cd /path/to/gitian-builder
2016-04-14 12:09:53 +02:00
./libexec/make-clean-vm --suite trusty --arch amd64
2015-09-17 23:17:26 +02:00
2016-04-14 12:09:53 +02:00
LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root apt-get update
LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root \
2015-09-17 23:17:26 +02:00
-e DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -y install \
2016-02-28 10:58:28 +01:00
$( sed -ne '/^packages:/,/[^-] .*/ {/^- .*/{s/"//g;s/- //;p}}' ../dash/contrib/gitian-descriptors/*|sort|uniq )
2016-04-14 12:09:53 +02:00
LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root apt-get -q -y purge grub
LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root -e DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade
2015-09-17 23:17:26 +02:00
```
And then set offline mode for apt-cacher-ng:
```
/etc/apt-cacher-ng/acng.conf
[...]
Offlinemode: 1
[...]
service apt-cacher-ng restart
```
2015-10-17 12:10:45 +02:00
Then when building, override the remote URLs that gbuild would otherwise pull from the Gitian descriptors::
2015-09-17 23:17:26 +02:00
```bash
cd /some/root/path/
2016-02-02 16:28:56 +01:00
git clone https://github.com/dashpay/dash-detached-sigs.git
2015-09-17 23:17:26 +02:00
2016-05-06 17:19:56 +02:00
BTCPATH=/some/root/path/dash
SIGPATH=/some/root/path/dash-detached-sigs
2015-09-17 23:17:26 +02:00
2016-02-02 16:28:56 +01:00
./bin/gbuild --url dash=${BTCPATH},signature=${SIGPATH} ../dash/contrib/gitian-descriptors/gitian-win-signer.yml
2015-09-17 23:17:26 +02:00
```
2014-04-02 11:59:49 +02:00
Signing externally
-------------------
2015-04-28 16:48:28 +02:00
If you want to do the PGP signing on another device, that's also possible; just define `SIGNER` as mentioned
2014-07-02 11:16:49 +02:00
and follow the steps in the build process as normal.
2014-04-02 11:59:49 +02:00
2015-05-30 11:07:51 +02:00
gpg: skipped "crowning-": secret key not available
2014-04-02 11:59:49 +02:00
When you execute `gsign` you will get an error from GPG, which can be ignored. Copy the resulting `.assert` files
in `gitian.sigs` to your signing machine and do
```bash
2016-02-02 16:28:56 +01:00
gpg --detach-sign ${VERSION}-linux/${SIGNER}/dash-linux-build.assert
gpg --detach-sign ${VERSION}-win/${SIGNER}/dash-win-build.assert
gpg --detach-sign ${VERSION}-osx-unsigned/${SIGNER}/dash-osx-build.assert
2014-04-02 11:59:49 +02:00
```
This will create the `.sig` files that can be committed together with the `.assert` files to assert your
2015-10-17 12:10:45 +02:00
Gitian build.
2014-04-02 11:59:49 +02:00
2015-05-30 17:54:32 +02:00
Uploading signatures (not yet implemented)
2014-04-02 11:59:49 +02:00
---------------------
2015-05-30 17:54:32 +02:00
In the future it will be possible to push your signatures (both the `.assert` and `.assert.sig` files) to the
[dash/gitian.sigs ](https://github.com/dashpay/gitian.sigs/ ) repository, or if that's not possible to create a pull
request.
There will be an official announcement when this repository is online.