gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures#6269
gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures#6269laanwj merged 1 commit intobitcoin:masterfrom
Conversation
Rather than fetching a signature.tar.gz from somewhere on the net, instruct Gitian to use a signature from a tag in the bitcoin-detached-sigs repository which corresponds to the tag of the release being built. This changes detached-sig-apply.sh to take a dirname rather than a tarball as an argument, though detached-sig-create.sh still outputs a tarball for convenience.
|
Concept ACK. Definite improvement over the someone pastes a URL in IRC and everyone fetches it method. Now that you've removed Gavin from the doc, does that mean that the key is held by multiple people? Do we assume the signer is whoever commits the sig to the repo? |
For privacy/security reasons we'd rather not elaborate on that. Still need to figure a way to do threshold signing, or multisig. so there is no central point of failure there. |
|
How does this interact with other signers? Will a central key be available for use to sign releases outside bitcoin/bitcoin? |
|
@luke-jr This just changes how the signatures are distributed (and integrated) |
c110575 gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures (Cory Fields)
Rather than fetching a signature.tar.gz from somewhere on the net, instruct Gitian to use a signature from a tag in the bitcoin-detached-sigs repository which corresponds to the tag of the release being built. This changes detached-sig-apply.sh to take a dirname rather than a tarball as an argument, though detached-sig-create.sh still outputs a tarball for convenience. Github-Pull: #6269 Rebased-From: c110575
|
Yes, this was just a change in how the signatures are fetched to make things easier for gitian builders. Now there's no need to look around on irc/mail for a link to a sig, the descriptor knows where to look and can use it as soon as it's been committed. |
4 participants
Rather than fetching a signature.tar.gz from somewhere on the net, instruct Gitian to use a signature from a tag in the bitcoin-detached-sigs repository which corresponds to the tag of the release being built.
Gitian should then be run something like:
This changes detached-sig-apply.sh to take a dirname rather than a tarball as an argument, though detached-sig-create.sh still outputs a tarball for convenience.
The dir structure was also altered to add an 'osx' prefix, so that detached win signatures may be added in the future without clashing.
I've successfully tested by creating tags in local bitcoin/bitcoin-detached-sigs repos and walking through the build process like a real release.
Safe for 0.11 backport.