Doc: Update Gitian (Reproducible Builds) with small code snippets and fixes
This commit is contained in:
parent
f6279a633d
commit
834e23bfcf
@ -36,6 +36,10 @@ This guide explains how to set up the environment, and how to start the builds.
|
|||||||
|
|
||||||
You need to create a new user called `gitianuser` and be logged in as that user. The user needs `sudo` access.
|
You need to create a new user called `gitianuser` and be logged in as that user. The user needs `sudo` access.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo adduser gitianuser
|
||||||
|
sudo usermod -aG sudo gitianuser
|
||||||
|
```
|
||||||
|
|
||||||
LXC
|
LXC
|
||||||
---
|
---
|
||||||
@ -83,7 +87,7 @@ Docker
|
|||||||
Prepare for building with docker:
|
Prepare for building with docker:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo apt-get install git make curl docker.io
|
sudo bash -c 'apt-get update && apt-get upgrade -y && apt-get install git curl docker.io'
|
||||||
```
|
```
|
||||||
|
|
||||||
Consider adding `gitianuser` to the `docker` group after reading about [the security implications](https://docs.docker.com/v17.09/engine/installation/linux/linux-postinstall/):
|
Consider adding `gitianuser` to the `docker` group after reading about [the security implications](https://docs.docker.com/v17.09/engine/installation/linux/linux-postinstall/):
|
||||||
@ -96,13 +100,12 @@ sudo usermod -aG docker gitianuser
|
|||||||
Optionally add yourself to the docker group. Note that this will give docker root access to your system.
|
Optionally add yourself to the docker group. Note that this will give docker root access to your system.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo usermod -aG docker gitianuser
|
sudo usermod -aG docker $USER
|
||||||
```
|
```
|
||||||
|
|
||||||
Manual Building
|
Manual Building
|
||||||
-------------------
|
-------------------
|
||||||
|
|
||||||
The instructions below use the automated script [gitian-build.py](gitian-build.py) which only works in Ubuntu.
|
|
||||||
=======
|
=======
|
||||||
The script automatically installs some packages with apt. If you are not running it on a debian-like system, pass `--no-apt` along with the other
|
The script automatically installs some packages with apt. If you are not running it on a debian-like system, pass `--no-apt` along with the other
|
||||||
arguments to it. It calls all available .yml descriptors, which in turn pass the build configurations for different platforms to gitian.
|
arguments to it. It calls all available .yml descriptors, which in turn pass the build configurations for different platforms to gitian.
|
||||||
@ -122,17 +125,23 @@ cp monero/contrib/gitian/gitian-build.py .
|
|||||||
|
|
||||||
### Setup the required environment
|
### Setup the required environment
|
||||||
|
|
||||||
Setup for LXC:
|
Common setup part:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
GH_USER=fluffypony
|
su - gitianuser
|
||||||
VERSION=v0.17.0.0
|
|
||||||
|
|
||||||
./gitian-build.py --setup $GH_USER $VERSION
|
GH_USER=YOUR_GITHUB_USER_NAME
|
||||||
|
VERSION=v0.17.2.0
|
||||||
```
|
```
|
||||||
|
|
||||||
Where `GH_USER` is your Github user name and `VERSION` is the version tag you want to build.
|
Where `GH_USER` is your Github user name and `VERSION` is the version tag you want to build.
|
||||||
|
|
||||||
|
Setup for LXC:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
./gitian-build.py --setup $GH_USER $VERSION
|
||||||
|
```
|
||||||
|
|
||||||
Setup for docker:
|
Setup for docker:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -145,8 +154,10 @@ fork the [gitian.sigs repository](https://github.com/monero-project/gitian.sigs)
|
|||||||
or pass the signed assert file back to your build machine.
|
or pass the signed assert file back to your build machine.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
git clone git@github.com:monero-project/gitian.sigs.git
|
git clone https://github.com/monero-project/gitian.sigs/
|
||||||
git remote add $GH_USER git@github.com:$GH_USER/gitian.sigs.git
|
pushd gitian.sigs
|
||||||
|
git remote add $GH_USER https://github.com/$GH_USER/gitian.sigs
|
||||||
|
popd
|
||||||
```
|
```
|
||||||
|
|
||||||
Build the binaries
|
Build the binaries
|
||||||
@ -154,13 +165,26 @@ Build the binaries
|
|||||||
|
|
||||||
**Note:** if you intend to build MacOS binaries, please follow [these instructions](https://github.com/bitcoin-core/docs/blob/master/gitian-building/gitian-building-mac-os-sdk.md) to get the required SDK.
|
**Note:** if you intend to build MacOS binaries, please follow [these instructions](https://github.com/bitcoin-core/docs/blob/master/gitian-building/gitian-building-mac-os-sdk.md) to get the required SDK.
|
||||||
|
|
||||||
|
Currently working MacOS solution:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
curl -O https://bitcoincore.org/depends-sources/sdks/MacOSX10.11.sdk.tar.gz
|
||||||
|
mv MacOSX10.11.sdk.tar.gz builder/inputs
|
||||||
|
```
|
||||||
|
|
||||||
To build the most recent tag (pass in `--docker` if using docker):
|
To build the most recent tag (pass in `--docker` if using docker):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
./gitian-build.py --detach-sign --no-commit --build $GH_USER $VERSION
|
./gitian-build.py --detach-sign --no-commit --build $GH_USER $VERSION
|
||||||
```
|
```
|
||||||
|
|
||||||
To speed up the build, use `-j 5 --memory 5000` as the first arguments, where `5` is the number of CPU's you allocated to the VM plus one, and 5000 is a little bit less than then the MB's of RAM you allocated. If there is memory corruption on your machine, try to tweak these values.
|
To speed up the build, use `-j 5 --memory 10000` as the first arguments, where `5` is the number of CPU's you allocated to the VM plus one, and 10000 is a little bit less than then the MB's of RAM you allocated. If there is memory corruption on your machine, try to tweak these values. A good rule of thumb is, that Monero currently needs about 2 GB of RAM per core.
|
||||||
|
|
||||||
|
A full example for `docker` would look like the following:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
./gitian-build.py -j 5 --memory 10000 --docker --detach-sign --no-commit --build $GH_USER $VERSION
|
||||||
|
```
|
||||||
|
|
||||||
If all went well, this produces a number of (uncommitted) `.assert` files in the gitian.sigs directory.
|
If all went well, this produces a number of (uncommitted) `.assert` files in the gitian.sigs directory.
|
||||||
|
|
||||||
@ -171,6 +195,22 @@ Take a look in the assert files and note the SHA256 checksums listed there.
|
|||||||
|
|
||||||
You should verify that the checksum that is listed matches each of the binaries you actually built.
|
You should verify that the checksum that is listed matches each of the binaries you actually built.
|
||||||
This may be done on Linux using the `sha256sum` command or on MacOS using `shasum --algorithm 256` for example.
|
This may be done on Linux using the `sha256sum` command or on MacOS using `shasum --algorithm 256` for example.
|
||||||
|
An example script to verify the checksums would be:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
pushd out/${VERSION}
|
||||||
|
|
||||||
|
for ASSERT in ../../sigs/${VERSION}-*/*/*.assert; do
|
||||||
|
if ! sha256sum --ignore-missing -c "${ASSERT}" ; then
|
||||||
|
echo "FAILED for ${ASSERT} ! Please inspect manually."
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
popd
|
||||||
|
```
|
||||||
|
|
||||||
|
Don't ignore the incorrect formatting of the found assert files. These files you'll have to compare manually (currently OSX and FreeBSD).
|
||||||
|
|
||||||
|
|
||||||
You can also look in the [gitian.sigs](https://github.com/monero-project/gitian.sigs/) repo and / or [getmonero.org release checksums](https://web.getmonero.org/downloads/hashes.txt) to see if others got the same checksum for the same version tag. If there is ever a mismatch -- **STOP! Something is wrong**. Contact others on IRC / github to figure out what is going on.
|
You can also look in the [gitian.sigs](https://github.com/monero-project/gitian.sigs/) repo and / or [getmonero.org release checksums](https://web.getmonero.org/downloads/hashes.txt) to see if others got the same checksum for the same version tag. If there is ever a mismatch -- **STOP! Something is wrong**. Contact others on IRC / github to figure out what is going on.
|
||||||
|
|
||||||
@ -181,14 +221,7 @@ Signing assert files
|
|||||||
If you chose to do detached signing using `--detach-sign` above (recommended), you need to copy these uncommitted changes to your host machine, then sign them using your gpg key like so:
|
If you chose to do detached signing using `--detach-sign` above (recommended), you need to copy these uncommitted changes to your host machine, then sign them using your gpg key like so:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
GH_USER=fluffypony
|
for ASSERT in sigs/${VERSION}-*/*/*.assert; do gpg --detach-sign ${ASSERT}; done
|
||||||
VERSION=v0.17.0.0
|
|
||||||
|
|
||||||
gpg --detach-sign ${VERSION}-linux/${GH_USER}/monero-linux-*-build.assert
|
|
||||||
gpg --detach-sign ${VERSION}-win/${GH_USER}/monero-win-*-build.assert
|
|
||||||
gpg --detach-sign ${VERSION}-osx/${GH_USER}/monero-osx-*-build.assert
|
|
||||||
gpg --detach-sign ${VERSION}-android/${GH_USER}/monero-android-*-build.assert
|
|
||||||
gpg --detach-sign ${VERSION}-freebsd/${GH_USER}/monero-freebsd-*-build.assert
|
|
||||||
```
|
```
|
||||||
|
|
||||||
This will create a `.sig` file for each `.assert` file above (2 files for each platform).
|
This will create a `.sig` file for each `.assert` file above (2 files for each platform).
|
||||||
@ -201,6 +234,7 @@ Make a pull request (both the `.assert` and `.assert.sig` files) to the
|
|||||||
[monero-project/gitian.sigs](https://github.com/monero-project/gitian.sigs/) repository:
|
[monero-project/gitian.sigs](https://github.com/monero-project/gitian.sigs/) repository:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
cd gitian.sigs
|
||||||
git checkout -b $VERSION
|
git checkout -b $VERSION
|
||||||
# add your assert and sig files...
|
# add your assert and sig files...
|
||||||
git commit -S -a -m "Add $GH_USER $VERSION"
|
git commit -S -a -m "Add $GH_USER $VERSION"
|
||||||
|
Loading…
Reference in New Issue
Block a user