166266a372fed2b1f73053084a923fab7edc77f4 script: Make LXC container size suitable for gitian builds (Hennadii Stepanov)
Pull request description:
This change prevents "No space left on device" error.
See:
- https://github.com/bitcoin/bitcoin/pull/21036#issuecomment-774771873
- https://github.com/bitcoin/bitcoin/pull/21036#issuecomment-775031315
ACKs for top commit:
jonasschnelli:
ACK 166266a372fed2b1f73053084a923fab7edc77f4 - I had to add this manually to my nighly build base image
Tree-SHA512: 47d84c3a65f0a17013b2cb970c34bfa4e600e83066be302ff10280aefefa0a7c6cb6c21a191b3e8e6fcd1c292d1c434cc4769e04626c4536050aced29b34d573
624091b7b97ed371900ca7c68f3e2929954e3464 Fix docker args conditional (setpill)
Pull request description:
The conditional that checks if docker needs to be installed has the side effect of triggering the default `lxc` branch in case docker comes preinstalled. This is clearly not intentional.
ACKs for top commit:
laanwj:
Code review ACK 624091b7b97ed371900ca7c68f3e2929954e3464
theStack:
Code review ACK 624091b7b97ed371900ca7c68f3e2929954e3464
Tree-SHA512: e37e2c35aaed813762223e5963e5416d5865b3fb53efb2aac86daaa03b95ccf07db9c3a779446029d055ab89491147c4d900117273e22caed201b21bdf287c58
97dce72261 contrib: add curl as a required program in gitian-build.py (fanquake)
Pull request description:
Fixes: #16109
Adds `curl` to the list of base programs required by the `gitian-build.py` script.
ACKs for commit 97dce7:
hebasto:
tACK 97dce7226194d5d8a06787afef7df08cebb66bd6 on Debian Buster RC1.
Tree-SHA512: 68847a527aa6b5d883bffd6a6fe6bbbe4b96ceddb30f55ed5ffbfa690a10c2e9c1bc7ba4520319531ab3baa7a7f64c3c8ce89a791f7c746abe73a84c2942b94d
0f22a0cf2f Fix gitian-build.py --verify option (Hennadii Stepanov)
4c56a798c0 Set/unset USE_LXC, USE_VBOX, USE_DOCKER explicitly (Hennadii Stepanov)
cbbd98863b Fix Docker related issues for gitian-build.py (Hennadii Stepanov)
Pull request description:
1. The Docker does not depend on `apt-cacher-ng` package. Ref: #14002.
2. Do not try to install the Docker if `docker.service` is detected on the system (e.g., the Docker was installed manually). Fix https://github.com/bitcoin/bitcoin/pull/13623#issuecomment-405684241 by **Sjors**.
3. Prevent the setting of more than one environment variable for the `gitian-builder` (an alternative to #13999). E.g., USE_LXC being set shadows USE_DOCKER; for details see [`gitian-builder/libexec/make-clean-vm`](93a62c7d7d/libexec/make-clean-vm (L7)):
```sh
VMSW=KVM
if [ -n "$USE_LXC" ]; then
VMSW=LXC
elif [ -n "$USE_VBOX" ]; then
VMSW=VBOX
elif [ -n "$USE_DOCKER" ]; then
VMSW=DOCKER
fi
```
4. The [`gitian-builder/bin/gverify`](https://github.com/devrandom/gitian-builder/blob/master/bin/gverify) script returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design. This PR allows to see the verification results for all signatures without a premature fail of the `gitian-build.py` script. Ref: #14014.
ACKs for commit 0f22a0:
Tree-SHA512: 55f8a5cffa20d0c745f51a687f3199cea015fa616e56a0aee4c25b5ca0985036c61e8cf1922515338d8c6a85f873674ebe7a9a56a5069d65a187e383150f1a83
fa193dc8e6f3b96fa2dba2f1c1668f7720fed320 doc: Remove win32 from the release process (MarcoFalke)
faf666f8148eeb305a9c4f78459aff2c7268016b Remove Windows 32 bit build (MarcoFalke)
Pull request description:
The Windows 32 bit build has been removed from https://bitcoincore.org/en/download/, so unless there are complaints, we don't need to build it even
ACKs for commit fa193d:
fanquake:
utACK fa193dc8e6
Tree-SHA512: d6f2976a2e0c407698f720b00ac23ec4056626de4eff8621f4c5581120af0460afd1bdef72329cc0e7d92afca48d94ae5fce6777cb36bfabb60b8034ff08fd88
beda0dae953aa125e08302713d2c7b214eddbe5a Upgrade gitian image before signing (Hennadii Stepanov)
Pull request description:
The package upgrade in the Ubuntu repositories in the period between the building and the signing causes (particularly, using LXC) an error:
```
Creating package manifest
Could not download some packages, please run gbuild --upgrade
```
For example, the [`busybox-initramfs`](https://packages.ubuntu.com/bionic/busybox-initramfs) package was [upgraded](http://changelogs.ubuntu.com/changelogs/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2/changelog) from `1:1.27.2-2ubuntu3.1` to `1:1.27.2-2ubuntu3.2` on 2019-03-06.
This PR forces gitian image upgrade for the `--sign` command.
Ref:
[devrandom/gitian-builder/target-bin/grab-packages.sh](04ab7c1218/target-bin/grab-packages.sh)
```
#!/bin/sh
# Get an installed package manifest
set -e
cd /var/cache/apt/archives
# make sure all packages with installed versions are downloaded
# (except for held packages, which may not be available for download)
dpkg-query -W -f '${Status}\t${Package}=${Version}\n' | grep -v ^hold | cut -f2- | xargs -n 50 apt-get install -q --reinstall -y -d > /tmp/download.log
grep "cannot be downloaded" /tmp/download.log && { echo Could not download some packages, please run gbuild --upgrade 1>&2 ; exit 1 ; }
sha256sum *.deb | sort --key 2
```
ACKs for commit beda0d:
laanwj:
utACK beda0dae953aa125e08302713d2c7b214eddbe5a
fanquake:
utACK beda0da
Tree-SHA512: e2e3b3e3719e098d266ceec39bd69b950344a4eb2f43ae6ad3e696add70f743b363cc83676e339f7caa207d6478029869a8af01fe1f6d5690d2857003f7d8ce8
5c04814b2d Move non-linux source tarball to bitcoin-binaries (Hennadii Stepanov)
Pull request description:
Currently, if a user makes a non-linux (`--os=w`, `--os=m` or `--os=wm`) gitian building with the `gitian-build.py` script, source tarballs are not moved to the `bitcoin-binaries/${VERSION}` directory.
This PR fixes this bug.
~~In addition, the `src` subdirectory in the `gitian-builder/build/out` directory is no longer used as unnecessary.~~
ACKs for commit 5c0481:
fanquake:
utACK 5c04814
ken2812221:
utACK 5c04814b2de179fd03ca18c19049f035a2454f81
Tree-SHA512: 8648b6cbf502c012b12642783870e37aea385bd5f4cba5cb577fee924c09685e9a117676be502e4d4783c7a8ab31a2bd495970eec42a42d78e86ac5d39323091
d813266db1f23f49465aa2aca3c3c80a95cf63d9 [gitian] use versioned unsigned tarballs instead of generically named ones (Andrew Chow)
Pull request description:
Instead of re-naming the tarballs used for the code signing step to the generically named tarball that is used, keep the versioned naming. Only copy them to the correct filename when they are needed at build time.
This makes it easier to handle situations when multiple different releases are being built simultaneously as the version that the code signatures are applied to will actually be the correct version and not require a rebuild to get the correct tarball.
Tree-SHA512: 434f721485521c6f7487038705a5d2e48ac2eb79cfad5f92a93b7ea9c91e1fb33702ce7aeed4d840c61ec43e808af5cc15a553b6e16e2ed1d7ac697485019204
feed98e189 Ensure repos are up-to-date (Hennadii Stepanov)
Pull request description:
These steps are provided by the [release process](https://github.com/bitcoin/bitcoin/blob/master/doc/release-process.md#setup-and-perform-gitian-builds).
ACKs for commit feed98:
Tree-SHA512: ad6876d211e524cf6b8dbe4f0f026b77792c8ae3b728e1419f17d5679766603d21c057a7866c183794c814b914a9e4584e16fc501bec77af7e3472a34bd4d913
* build: use osslsigncode 2.0 in gitian
The original osslsigncode project (https://sourceforge.net/projects/osslsigncode/) has been marked as abandonware,
"This is now - and has been for a long while - abandonware. Feel free to create your own forks etc.".
However, a fork at https://github.com/mtrojnar/osslsigncode has emerged that has incorporated
theuni's patches, updated the tool to work with OpenSSL 1.1 and made other improvements.
This commit switches the windows signer descriptor to use this new version of osslsigncode.
* Fixed wget call in gitian-build.py
Co-authored-by: Michael <fanquake@gmail.com>
Co-authored-by: willyk <k.o.willy@gmail.com>
