Commit Graph

15 Commits

Author SHA1 Message Date
Wladimir J. van der Laan
c57de2596a
Merge #20880: gitian: Use custom MacOS code signing tool
2c403279e2f0f7c8c27c56d4e7b0573c59571f0a gitian: Remove codesign_allocate and pagestuff from MacOS build (Andrew Chow)
f55eed251488d70d5e2e3a2965a4f8ec0c476853 gitian: use signapple to create the MacOS code signature (Andrew Chow)
95b06d21852b28712db6c710e420a58bdc1a0944 gitian: use signapple to apply the MacOS code signature (Andrew Chow)
42bb1ea363286b088257cabccb686ef1887c1d3b gitian: install signapple in gitian-osx-signer.yml (Andrew Chow)

Pull request description:

  The MacOS code signing issues that were encountered during the 0.21.0 release cycle have shown that it is necessary for us to use a code signing tool for which the source code is available and modifiable by us. Given that there appears to not be such a tool available, I have written such a tool, [signapple](https://github.com/achow101/signapple), that we can use. This tool is able to create a valid MacOS code signature, detach it in a way that we were doing previously, and attach it to the unsigned binary. This tool can also verify that the signature is correct.

  This PR implements the usage of that tool in the gitian build for the code signed MacOS binary. The code signer will use this tool to create the detached signature. Gitian builders will use this tool to apply the detached signature. The `gitian-osx-signer.yml` descriptor has been modified to install this tool so that the `detached-sig-apply.sh` script can use it. Additionally, the `codesign_allocate` and `pagestuff` tools are no longer necessary so they are no longer added to the tarball used in code signing. Lastly, both the `detached-sig-create.sh` and `detached-sig-apply.sh` scripts are made to be significantly less complex and to not do unexpected things such as unpacking an already unpacked tarball.

  The detached code signature that signapple creates is almost identical to that which we were previously creating. The only difference is that the cpu architecture name is included in the extension (e.g. we have `bitcoin-qt.x86_64sign` instead of `bitcoin-qt.sign`). This was done in order to support signing universal binaries which we may want to do in the future. However signapple can still apply existing code signatures as it will accept the `.sign` extension. If it is desired, it can be modified to produce signatures with just the `.sign` extension. However I do not think it is necessary to maintain compatibility with the old process.

ACKs for top commit:
  laanwj:
    Code review ACK 2c403279e2f0f7c8c27c56d4e7b0573c59571f0a

Tree-SHA512: 2a0e01e9133f8859b9de26e7e8fe1d2610d2cbdee2845e6008b12c083c7e3622cbb2d9b83c50a269e2c3074ab95914a8225d3cd4108017f58b77a62bf10951e0
2022-08-17 18:30:05 +03:00
fanquake
ffe950bbc7
partial merge #16327: scripts and tools: Update ShellCheck linter
1ac454a3844b9b8389de0f660fa9455c0efa7140 Enable ShellCheck rules (Hennadii Stepanov)

Pull request description:

  Enable some simple ShellCheck rules.

  Note for reviewers: `bash` and `shellcheck` on macOS are different from ones on Ubuntu.
  For local tests the latest `shellcheck` version 0.6.0 should be used (see #15166).

ACKs for top commit:
  practicalswift:
    utACK 1ac454a3844b9b8389de0f660fa9455c0efa7140
  dongcarl:
    utACK 1ac454a
  fanquake:
    ACK 1ac454a3844b9b8389de0f660fa9455c0efa7140

Tree-SHA512: 8d0a3a5c09fe1a0c22120178f5e6b80f81f746f8c3356b7701ff301c117acb2edea8fe08f08fb54ed73f94b1617515fb239fa28e7ab4121f74872e6494b6f20e
2021-12-03 18:13:01 +03:00
UdjinM6
1624c681df
Always harden osx binaries when creating detached sigs (#3752)
This is required for macos app notarization https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution
2020-09-30 15:32:24 +03:00
UdjinM6
f7218d1899 Make shellcheck happy 2020-07-29 11:20:12 -05:00
Wladimir J. van der Laan
cb5d0d8b99 Merge #13454: Make sure LC_ALL=C is set in all shell scripts
47776a958b08382d76d69b5df7beed807af168b3 Add linter: Make sure all shell scripts opt out of locale dependence using "export LC_ALL=C" (practicalswift)
3352da8da1243c03fc83ba678d2f5d193bd5a0c2 Add "export LC_ALL=C" to all shell scripts (practicalswift)

Pull request description:

  ~~Make sure `LC_ALL=C` is set when using `grep` range expressions.~~

  Make sure `LC_ALL=C` is set in all shell scripts.

  From the `grep(1)` documentation:

  > Within a bracket expression, a range expression consists of two characters separated by a hyphen. It matches any single character that sorts between the two characters, inclusive, using the locale's collating sequence and character set. For example, in the default C locale, `[a-d]` is equivalent to `[abcd]`. Many  locales sort characters in dictionary order, and in these locales `[a-d]` is typically not equivalent to `[abcd]`; it might be equivalent to `[aBbCcDd]`, for example. To obtain the traditional interpretation of bracket expressions, you can use the C locale by setting the `LC_ALL` environment variable to the value C.

  Context: [Locale issue found when reviewing #13450](https://github.com/bitcoin/bitcoin/pull/13450/files#r194877736)

Tree-SHA512: fd74d2612998f9b49ef9be24410e505d8c842716f84d085157fc7f9799d40e8a7b4969de783afcf99b7fae4f91bbb4559651f7dd6578a6a081a50bdea29f0909
2020-07-28 21:35:31 -05:00
Pieter Wuille
a7a3ecc354 Merge #10773: Shell script cleanups
13a81b19d Add quotes to variable assignment (as requested by @TheBlueMatt) (practicalswift)
683b9d280 Fix valid path output (practicalswift)
193c2fb4c Use bash instead of POSIX sh. POSIX sh does not support arrays. (practicalswift)
80f5f28d3 Fix incorrect quoting of quotes (the previous quotes had no effect beyond unquoting) (practicalswift)
564a172df Add required space to [[ -n "$1" ]] (previously [[ -n"$1" ]]) (practicalswift)
1e44ae0e1 Add error handling: exit if cd fails (practicalswift)
b9e79ab41 Remove "\n" from echo argument. echo does not support escape sequences. (practicalswift)
f6b3382fa Remove unused variables (practicalswift)

Pull request description:

  Shell script cleanups:
  * Add required space to `[ -n ]`.
  * Avoid quote within quote.
  * Exit if `cd` fails.
  * Remove `\n` which is not handled by `echo`.
  * ~~Remove redundant `$` in arithmetic variable expression.~~
  * ~~Use `$(command)` instead of legacy form `` `command` ``.~~
  * Arrays are not supported in POSIX `sh`. Use `bash` when arrays are used.
  * ~~`[ foo -a bar ]` is not well defined, use `[ foo ] && [ bar ]` instead.~~
  * ~~`[ foo -o bar ]` is not well defined, use `[ foo ] || [ bar ]` instead.~~

Tree-SHA512: 80f6ded58bce625b15b4da30d69d2714c633e184e62b21ed67d2c58e2ebaa08b4147593324012694d02bf4f1f252844cdff2fd1cf5e817ddb07e2777db7a6390
2020-04-01 12:43:18 -05:00
Wladimir J. van der Laan
f9a2e4c4fc Merge #9514: release: Windows signing script
09fe2d9 release: update docs to show basic codesigning procedure (Cory Fields)
f642753 release: create a bundle for the new signing script (Cory Fields)
0068361 release: add win detached sig creator and our cert chain (Cory Fields)

Tree-SHA512: 032ad84697c70faaf857b9187f548282722cffca95d658e36413dc048ff02d9183253373254ffcc1158afb71140753f35abfc9fc8781ea5329c04d13c98759c0
2019-02-26 16:41:04 -06:00
Wladimir J. van der Laan
a5a9e46042 Merge #8700: [copyright] add MIT license headers to .sh scripts where missing
0766d1c [copyright] add MIT license headers to .sh scripts where missing (isle2983)
2018-01-11 13:20:57 +01:00
UdjinM6
a5ac60b868 Merge remote-tracking branch 'bitcoin/0.12' into HEAD
+ merge fixes
+ keepass on evhttp
2016-02-06 16:48:04 +03:00
Cory Fields
c110575a92 gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures
Rather than fetching a signature.tar.gz from somewhere on the net, instruct
Gitian to use a signature from a tag in the bitcoin-detached-sigs repository
which corresponds to the tag of the release being built.

This changes detached-sig-apply.sh to take a dirname rather than a tarball as
an argument, though detached-sig-create.sh still outputs a tarball for
convenience.
2015-06-10 17:54:46 -04:00
Jonas Schnelli
a2241eabfd [OSX] revert renaming of Bitcoin-Qt.app 2015-06-01 15:42:34 +02:00
Cory Fields
d1a3866e0b build: Cope with spaces in filenames when creating/applying OSX sigs 2015-05-19 11:03:54 +02:00
Jonas Schnelli
7cef321e65 [Mac only] rename Bitcoin-Qt.app to "Bitcoin Core.app" 2015-05-19 11:03:49 +02:00
UdjinM6
fabca0a428 more bitcoin->dash fixes 2015-04-06 00:56:58 +03:00
Cory Fields
914868a05d build: add a deterministic dmg signer 2014-11-26 00:57:16 -05:00