From 7cef321e65c87b2d1ea49e9b471f43b36eab6a16 Mon Sep 17 00:00:00 2001 From: Jonas Schnelli Date: Thu, 7 May 2015 10:12:27 +0200 Subject: [PATCH 1/2] [Mac only] rename Bitcoin-Qt.app to "Bitcoin Core.app" --- Makefile.am | 6 +++--- .../gitian-descriptors/gitian-osx-signer.yml | 2 +- contrib/gitian-descriptors/gitian-osx.yml | 2 +- contrib/macdeploy/DS_Store | Bin 10244 -> 10244 bytes contrib/macdeploy/README.md | 2 +- contrib/macdeploy/detached-sig-apply.sh | 2 +- contrib/macdeploy/detached-sig-create.sh | 2 +- contrib/macdeploy/fancy.plist | 2 +- contrib/macdeploy/macdeployqtplus | 6 +++--- doc/build-osx.md | 4 ++-- share/certs/PrivateKeyNotes.md | 4 ++-- 11 files changed, 16 insertions(+), 16 deletions(-) diff --git a/Makefile.am b/Makefile.am index 2cb933d5b..56c8c0922 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,8 +14,8 @@ BITCOIN_QT_BIN=$(top_builddir)/src/qt/bitcoin-qt$(EXEEXT) BITCOIN_CLI_BIN=$(top_builddir)/src/bitcoin-cli$(EXEEXT) BITCOIN_WIN_INSTALLER=$(PACKAGE)-$(PACKAGE_VERSION)-win$(WINDOWS_BITS)-setup$(EXEEXT) -OSX_APP=Bitcoin-Qt.app -OSX_DMG=Bitcoin-Qt.dmg +OSX_APP=Bitcoin-Core.app +OSX_DMG=Bitcoin-Core.dmg OSX_BACKGROUND_IMAGE=background.tiff OSX_DEPLOY_SCRIPT=$(top_srcdir)/contrib/macdeploy/macdeployqtplus OSX_FANCY_PLIST=$(top_srcdir)/contrib/macdeploy/fancy.plist @@ -106,7 +106,7 @@ $(APP_DIST_DIR)/Applications: $(APP_DIST_EXTRAS): $(APP_DIST_DIR)/$(OSX_APP)/Contents/MacOS/Bitcoin-Qt $(OSX_DMG): $(APP_DIST_EXTRAS) - $(GENISOIMAGE) -no-cache-inodes -D -l -probe -V "Bitcoin-Qt" -no-pad -r -apple -o $@ dist + $(GENISOIMAGE) -no-cache-inodes -D -l -probe -V "Bitcoin-Core" -no-pad -r -apple -o $@ dist $(APP_DIST_DIR)/.background/$(OSX_BACKGROUND_IMAGE): contrib/macdeploy/$(OSX_BACKGROUND_IMAGE) $(MKDIR_P) $(@D) diff --git a/contrib/gitian-descriptors/gitian-osx-signer.yml b/contrib/gitian-descriptors/gitian-osx-signer.yml index 1792f9de3..afe03c7a2 100644 --- a/contrib/gitian-descriptors/gitian-osx-signer.yml +++ b/contrib/gitian-descriptors/gitian-osx-signer.yml @@ -33,5 +33,5 @@ script: | tar -xf ${UNSIGNED} ./detached-sig-apply.sh ${UNSIGNED} signature.tar.gz - ${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "Bitcoin-Qt" -no-pad -r -apple -o uncompressed.dmg signed-app + ${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "Bitcoin-Core" -no-pad -r -apple -o uncompressed.dmg signed-app ${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED} diff --git a/contrib/gitian-descriptors/gitian-osx.yml b/contrib/gitian-descriptors/gitian-osx.yml index b401482c7..61eb5b100 100644 --- a/contrib/gitian-descriptors/gitian-osx.yml +++ b/contrib/gitian-descriptors/gitian-osx.yml @@ -120,7 +120,7 @@ script: | popd make deploy - ${WRAP_DIR}/dmg dmg Bitcoin-Qt.dmg ${OUTDIR}/${DISTNAME}-osx-unsigned.dmg + ${WRAP_DIR}/dmg dmg Bitcoin-Core.dmg ${OUTDIR}/${DISTNAME}-osx-unsigned.dmg cd installed find . -name "lib*.la" -delete diff --git a/contrib/macdeploy/DS_Store b/contrib/macdeploy/DS_Store index 099960712af26791175d9f0cdd3d52c251ea9ee4..ca19b207c06c31ab722f3a9eb4f9d5f3a4a8f6de 100644 GIT binary patch literal 10244 zcmeHMO>7)V6@E3bH)F?%+ke@xKhUf>Y_yq~_WXKmtuh{u7aJu?VtcbmoUGF`(_=Rt zcaLV;c0x9iS#gLstb~LT4tqfSZC31oLy!U-ut?wptArnEk&sv+4tpbqAi*Ah?{!y? z+v9{qAfXk^b6&r%s_VU~dawFb)r5#deyu!0q!LjW%u?yW;}OK~nRii0)^tM(=#yOp z`fIUPH5<;Z*6oV62ihKJd!X%swg=iC_&9g~dp1*epC{YTwg=iCXnUaP0nQI9m}O4N zO;5V10}uBK0NH_Rmw*)pkgAk9DK|ZdHz47uLVBt~UNMBHj(SzL%SpNENl%@GynG1R zvye9w;r0&us@t4I&XetD+XHP6?Dl|ncaIh~8nt3Icz@Tl--^(lj?O3chP%4Ed%C;3 zmA>u^bIbO|oTEEyjl5o8a7$*{C`x=%cb0uTZ`;)-){Cc2V`EVnoU|=RH!Y(cP(A;O zX_f7byuD_X8|UXdd#{*fXL(T>I$1Z?p?XrcjMHYrESgo*xf~96g~Q=R<Q#lp;inI$CXS!2UH$SmzWJ?hf9I{6cYf;4UdRkW11;Y88Onm9 zW@%lzqI1CeDMQnKuk>y^V_(ny1HDRL|G?nT!6y%W;;E-p-MaaOO_b!*AUUtUyt8*trB$+qN-&X~Y+<`;}Jj&aFhu&DI6*qAlSuWnb(U#_9e z;C6-E&u8m~VJ$4x&GLy#rC~T{0{HBCw^PShov|u5?6WIR)Ev{c8mEnV1M)&uFB;Vo zR^E0Tdv%BTnN@wsn5de1!!UEt~fy?f&azk<(6TwAy{6toe= zda6ast4o2#9|1$N=ZK?~2{p6><5kMYpK zx4S6(;Vk$Rh01SWE-weCGWK!<%X^GIZ(Dk!QChZ)YSkR0f?a|~EC+97PXX|lDITCB zH1yawaJ&p!r5YkvhFp?yJMPAoW9A@Y4O<r>TIrO}ayi?HF0CIk1==Ep8A-C1&uiX(AwJ0M@!If7Y!723h$cqS$82&C zES?~`g->}4{BtQ8|AgORQC3D%qnTtTRWdX!X=o#vL^f^|wREbKC>lnhJet(BQX+1Q zYm#;Y??qf2FWIY6y;iFl{EReot6a1%MeBxMj%?ITr)gtkTpMwf(oJKYjcjH-wk|&; z8JkE63F@DIeV7;K@;9tIA;+K~jLMUUMSjJL zeCO|qw!Lz9FSqMZG!`F0TZp{B8aVy1DsRU!Qz74Z<=~>{A1Am?Alu;^^Xgi&p2GF$ zgQW^if~Ucp>pQSAUrzym{4$2%l3%{wQobR}zTHbGUju&)d=t!iJfVpn-p%lCa0tvR zSUS=jCpQU_fH$8-h3LXcH><{2EcVDujnBI|PEuoTK$`viC=}(L=re2wolR=V2`!zT zh)hn7PDB#^^WjiikhjTgLY}ZXy z!24x+N76zarr@?~rZ1HJn97d@Im&AjjA?KOamR(2-9&%4!S}#_l>88qN64{zqwGb? zFQ59*8@pegZ7FxXeGr=4`q(vKZM%Hz+^lQR?>~uB0Xz@pt{m`}z`lJq0MKX2S?o>R+`T9h~cRrB)yKCn5bMZSU`!USsr_!lJDievP6NyOTrO~NKR?Fujg=A`C zB%3ItH~9z9mJfOIKzHb;?@kCV@H8PDl#%+$<(Q0?fLD2-Fe>xwS+lNEVBMzxERl6kbiV9kt2fxS%IzEJex}a5{Ia&ns;Rnan-5R12 z(CCIn1&1Vq*1>#aYEXHnjyTZLOBg!yu&uj?D}x$4+qVWcN>O=>ox-lk>8nj`541h-|K$PE zQJ5>_F=x3w?V3GrRVw%*n2FnMdeT+F!`;mwu@kukKK4A%7GTR!(v z2Oi!h0C+c=Jpxu3fX5^+NWSHB^nipv72KaHs^0_~qg#7prQnQd> zD8kbY`7v)eiGt6=XXt^@1Dzi5zugn14X0kJwST{>>K{bczV4pK_D6dAJW>YxuFfyp z8}qK_t~o`m@q$+~b)zKl1(>zH~$vy27PF-vC6bZ%vbbA)jw zo4IvMp-AM|Gb5Ad7VEcu_~W0v_0zY1_Rihk_|^-VK`6S*8^1+eP{J&)OILJ%;Qy4N zs((}lTFyAo|Mn-eRfr= z8k03sb3AeLb**e#)!}C!_NvH;$mJfy(KbLO(x^-;RHX*l zv_=-`lpvQ(s^H%MJwbg`M9sx08{DEeJ%`#MI-YEkpWH1zO3~zkU0Yi5z^0|&-q$_^-$j{MT&fKg1YpVV8=we8RO48*v{ir zwi`Fb2^!&gU+g&TX~sc1jU2F-k2wwotx_Ek(ZQ>T$5HC1b6(6i7A|7q&@v)9N7IPO zmptW3)}4gvq}1FNftLTGB$7mjvHka+;AX8`*4LPv)rqpbn$YU?n!(Swqgi^% z-b^$MO^njTj{*`b@yNH^!H%S-?5|E+>db$0sGKYfvNZru+oe=;~ zP!IBIP&fSUW`B^s1G$^%{{hPDDDR-~JT_?Z7pos|#yx_TrL zidi$plgT}DVzRjgQoiafvrX4M&h#f)1{9@IGcz-}d^$c|Oi#r#vuY}ypG{50XQql{ zqobp#d^TGQ)}?uCi_o8+8Wb)3_>AR?( zlyh>U>0CCIEygEPv!n4$DxZ&!G|m*OqNG+hw*$Y$55`J zF!8u8pL370 156 - Bitcoin-Qt.app + Bitcoin Core.app 128 156 diff --git a/contrib/macdeploy/macdeployqtplus b/contrib/macdeploy/macdeployqtplus index 0eb6b2c84..a625987ca 100755 --- a/contrib/macdeploy/macdeployqtplus +++ b/contrib/macdeploy/macdeployqtplus @@ -155,7 +155,7 @@ class FrameworkInfo(object): class ApplicationBundleInfo(object): def __init__(self, path): self.path = path - appName = os.path.splitext(os.path.basename(path))[0] + appName = "Bitcoin-Qt" self.binaryPath = os.path.join(path, "Contents", "MacOS", appName) if not os.path.exists(self.binaryPath): raise RuntimeError("Could not find bundle binary for " + path) @@ -596,7 +596,7 @@ if os.path.exists("dist"): # ------------------------------------------------ -target = os.path.join("dist", app_bundle) +target = os.path.join("dist", "Bitcoin Core.app") if verbose >= 2: print "+ Copying source bundle +" @@ -837,7 +837,7 @@ if config.dmg is not None: items_positions.append(itemscript.substitute(params)) params = { - "disk" : "Bitcoin-Qt", + "disk" : "Bitcoin-Core", "window_bounds" : "300,300,800,620", "icon_size" : "96", "background_commands" : "", diff --git a/doc/build-osx.md b/doc/build-osx.md index 913e72519..02adff061 100644 --- a/doc/build-osx.md +++ b/doc/build-osx.md @@ -100,7 +100,7 @@ Creating a release build ------------------------ You can ignore this section if you are building `bitcoind` for your own use. -bitcoind/bitcoin-cli binaries are not included in the Bitcoin-Qt.app bundle. +bitcoind/bitcoin-cli binaries are not included in the Bitcoin-Core.app bundle. If you are building `bitcoind` or `Bitcoin-Qt` for others, your build machine should be set up as follows for maximum compatibility: @@ -111,7 +111,7 @@ All dependencies should be compiled with these flags: -arch x86_64 -isysroot $(xcode-select --print-path)/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.7.sdk -Once dependencies are compiled, see [doc/release-process.md](release-process.md) for how the Bitcoin-Qt.app +Once dependencies are compiled, see [doc/release-process.md](release-process.md) for how the Bitcoin-Core.app bundle is packaged and signed to create the .dmg disk image that is distributed. Running diff --git a/share/certs/PrivateKeyNotes.md b/share/certs/PrivateKeyNotes.md index da299d168..cbd060c26 100644 --- a/share/certs/PrivateKeyNotes.md +++ b/share/certs/PrivateKeyNotes.md @@ -7,7 +7,7 @@ signing requests. For OSX, the private key was generated by Keychain.app on Gavin's main work machine. The key and certificate is in a separate, passphrase-protected keychain file that is -unlocked to sign the Bitcoin-Qt.app bundle. +unlocked to sign the Bitcoin-Core.app bundle. For Windows, the private key was generated by Firefox running on Gavin's main work machine. The key and certificate were exported into a separate, passphrase-protected PKCS#12 file, and @@ -17,7 +17,7 @@ Threat analysis -- Gavin is a single point of failure. He could be coerced to divulge the secret signing keys, -allowing somebody to distribute a Bitcoin-Qt.app or bitcoin-qt-setup.exe with a valid +allowing somebody to distribute a Bitcoin-Core.app or bitcoin-qt-setup.exe with a valid signature but containing a malicious binary. Or the machine Gavin uses to sign the binaries could be compromised, either remotely or From d1a3866e0b31711b4ba093ae75d0e99a34007b15 Mon Sep 17 00:00:00 2001 From: Cory Fields Date: Fri, 15 May 2015 17:54:20 -0400 Subject: [PATCH 2/2] build: Cope with spaces in filenames when creating/applying OSX sigs --- contrib/macdeploy/detached-sig-apply.sh | 21 ++++++++++----------- contrib/macdeploy/detached-sig-create.sh | 22 +++++++++++----------- 2 files changed, 21 insertions(+), 22 deletions(-) diff --git a/contrib/macdeploy/detached-sig-apply.sh b/contrib/macdeploy/detached-sig-apply.sh index c68d85708..169f69043 100755 --- a/contrib/macdeploy/detached-sig-apply.sh +++ b/contrib/macdeploy/detached-sig-apply.sh @@ -1,11 +1,10 @@ #!/bin/sh set -e -UNSIGNED=$1 -SIGNATURE=$2 +UNSIGNED="$1" +SIGNATURE="$2" ARCH=x86_64 ROOTDIR=dist -BUNDLE=${ROOTDIR}/Bitcoin-Core.app TEMPDIR=signed.temp OUTDIR=signed-app @@ -31,21 +30,21 @@ if [ -z "${CODESIGN_ALLOCATE}" ]; then CODESIGN_ALLOCATE=${TEMPDIR}/codesign_allocate fi -for i in `find ${TEMPDIR} -name "*.sign"`; do - SIZE=`stat -c %s ${i}` - TARGET_FILE=`echo ${i} | sed 's/\.sign$//'` +find ${TEMPDIR} -name "*.sign" | while read i; do + SIZE=`stat -c %s "${i}"` + TARGET_FILE="`echo "${i}" | sed 's/\.sign$//'`" echo "Allocating space for the signature of size ${SIZE} in ${TARGET_FILE}" - ${CODESIGN_ALLOCATE} -i ${TARGET_FILE} -a ${ARCH} ${SIZE} -o ${i}.tmp + ${CODESIGN_ALLOCATE} -i "${TARGET_FILE}" -a ${ARCH} ${SIZE} -o "${i}.tmp" - OFFSET=`${PAGESTUFF} ${i}.tmp -p | tail -2 | grep offset | sed 's/[^0-9]*//g'` + OFFSET=`${PAGESTUFF} "${i}.tmp" -p | tail -2 | grep offset | sed 's/[^0-9]*//g'` if [ -z ${QUIET} ]; then echo "Attaching signature at offset ${OFFSET}" fi - dd if=$i of=${i}.tmp bs=1 seek=${OFFSET} count=${SIZE} 2>/dev/null - mv ${i}.tmp ${TARGET_FILE} - rm ${i} + dd if="$i" of="${i}.tmp" bs=1 seek=${OFFSET} count=${SIZE} 2>/dev/null + mv "${i}.tmp" "${TARGET_FILE}" + rm "${i}" echo "Success." done mv ${TEMPDIR}/${ROOTDIR} ${OUTDIR} diff --git a/contrib/macdeploy/detached-sig-create.sh b/contrib/macdeploy/detached-sig-create.sh index ba9932bcf..fd7314bd7 100755 --- a/contrib/macdeploy/detached-sig-create.sh +++ b/contrib/macdeploy/detached-sig-create.sh @@ -2,7 +2,7 @@ set -e ROOTDIR=dist -BUNDLE=${ROOTDIR}/Bitcoin-Core.app +BUNDLE="${ROOTDIR}/Bitcoin Core.app" CODESIGN=codesign TEMPDIR=sign.temp TEMPLIST=${TEMPDIR}/signatures.txt @@ -19,19 +19,19 @@ mkdir -p ${TEMPDIR} ${CODESIGN} -f --file-list ${TEMPLIST} "$@" "${BUNDLE}" -for i in `grep -v CodeResources ${TEMPLIST}`; do - TARGETFILE="${BUNDLE}/`echo ${i} | sed "s|.*${BUNDLE}/||"`" - SIZE=`pagestuff $i -p | tail -2 | grep size | sed 's/[^0-9]*//g'` - OFFSET=`pagestuff $i -p | tail -2 | grep offset | sed 's/[^0-9]*//g'` +grep -v CodeResources < "${TEMPLIST}" | while read i; do + TARGETFILE="${BUNDLE}/`echo "${i}" | sed "s|.*${BUNDLE}/||"`" + SIZE=`pagestuff "$i" -p | tail -2 | grep size | sed 's/[^0-9]*//g'` + OFFSET=`pagestuff "$i" -p | tail -2 | grep offset | sed 's/[^0-9]*//g'` SIGNFILE="${TEMPDIR}/${TARGETFILE}.sign" - DIRNAME="`dirname ${SIGNFILE}`" + DIRNAME="`dirname "${SIGNFILE}"`" mkdir -p "${DIRNAME}" echo "Adding detached signature for: ${TARGETFILE}. Size: ${SIZE}. Offset: ${OFFSET}" - dd if=$i of=${SIGNFILE} bs=1 skip=${OFFSET} count=${SIZE} 2>/dev/null + dd if="$i" of="${SIGNFILE}" bs=1 skip=${OFFSET} count=${SIZE} 2>/dev/null done -for i in `grep CodeResources ${TEMPLIST}`; do - TARGETFILE="${BUNDLE}/`echo ${i} | sed "s|.*${BUNDLE}/||"`" +grep CodeResources < "${TEMPLIST}" | while read i; do + TARGETFILE="${BUNDLE}/`echo "${i}" | sed "s|.*${BUNDLE}/||"`" RESOURCE="${TEMPDIR}/${TARGETFILE}" DIRNAME="`dirname "${RESOURCE}"`" mkdir -p "${DIRNAME}" @@ -41,6 +41,6 @@ done rm ${TEMPLIST} -tar -C ${TEMPDIR} -czf ${OUT} . -rm -rf ${TEMPDIR} +tar -C "${TEMPDIR}" -czf "${OUT}" . +rm -rf "${TEMPDIR}" echo "Created ${OUT}"