twine-build: clarify to use docker for reproducible builds. move parts of readme. - electrum - Electrum Bitcoin wallet
HTML git clone https://git.parazyd.org/electrum
DIR Log
DIR Files
DIR Refs
DIR Submodules
---
DIR commit db834800c0672b7d0b75aa4255e64919ad1c9e91
DIR parent 3089edd3a2533ea22896e253f981bac42f85c7bc
HTML Author: SomberNight <somber.night@protonmail.com>
Date: Wed, 15 Aug 2018 13:22:24 +0200
wine-build: clarify to use docker for reproducible builds. move parts of readme.
Diffstat:
M contrib/build-wine/README.md | 49 ++-----------------------------
M contrib/build-wine/docker/README.md | 49 +++++++++++++++++++++++++++++++
2 files changed, 51 insertions(+), 47 deletions(-)
---
DIR diff --git a/contrib/build-wine/README.md b/contrib/build-wine/README.md
t@@ -2,7 +2,8 @@ Windows Binary Builds
=====================
These scripts can be used for cross-compilation of Windows Electrum executables from Linux/Wine.
-Produced binaries are deterministic, so you should be able to generate binaries that match the official releases.
+
+For reproducible builds, see the `docker` folder.
Usage:
t@@ -34,49 +35,3 @@ The binaries are also built by Travis CI, so if you are having problems,
2. Make sure `/opt` is writable by the current user.
3. Run `build.sh`.
4. The generated binaries are in `./dist`.
-
-
-Code Signing
-============
-
-Electrum Windows builds are signed with a Microsoft Authenticodeā¢ code signing
-certificate in addition to the GPG-based signatures.
-
-The advantage of using Authenticode is that Electrum users won't receive a
-Windows SmartScreen warning when starting it.
-
-The release signing procedure involves a signer (the holder of the
-certificate/key) and one or multiple trusted verifiers:
-
-
-| Signer | Verifier |
-|-----------------------------------------------------------|-----------------------------------|
-| Build .exe files using `build.sh` | |
-| Sign .exe with `./sign.sh` | |
-| Upload signed files to download server | |
-| | Build .exe files using `build.sh` |
-| | Compare files using `unsign.sh` |
-| | Sign .exe file using `gpg -b` |
-
-| Signer and verifiers:
-| Upload signatures to 'electrum-signatures' repo, as `$version/$filename.$builder.asc` |
-
-
-
-
-Verify Integrity of signed binary
-=================================
-
-Every user can verify that the official binary was created from the source code in this
-repository. To do so, the Authenticode signature needs to be stripped since the signature
-is not reproducible.
-
-This procedure removes the differences between the signed and unsigned binary:
-
-1. Remove the signature from the signed binary using osslsigncode or signtool.
-2. Set the COFF image checksum for the signed binary to 0x0. This is necessary
- because pyinstaller doesn't generate a checksum.
-3. Append null bytes to the _unsigned_ binary until the byte count is a multiple
- of 8.
-
-The script `unsign.sh` performs these steps.
DIR diff --git a/contrib/build-wine/docker/README.md b/contrib/build-wine/docker/README.md
t@@ -1,6 +1,9 @@
Deterministic Windows binaries with Docker
==========================================
+Produced binaries are deterministic, so you should be able to generate
+binaries that match the official releases.
+
This assumes an Ubuntu host, but it should not be too hard to adapt to another
similar system. The docker commands should be executed in the project's root
folder.
t@@ -39,3 +42,49 @@ folder.
Note: the `setup` binary (NSIS installer) is not deterministic yet.
+
+
+Code Signing
+============
+
+Electrum Windows builds are signed with a Microsoft Authenticodeā¢ code signing
+certificate in addition to the GPG-based signatures.
+
+The advantage of using Authenticode is that Electrum users won't receive a
+Windows SmartScreen warning when starting it.
+
+The release signing procedure involves a signer (the holder of the
+certificate/key) and one or multiple trusted verifiers:
+
+
+| Signer | Verifier |
+|-----------------------------------------------------------|-----------------------------------|
+| Build .exe files using `build.sh` | |
+| Sign .exe with `./sign.sh` | |
+| Upload signed files to download server | |
+| | Build .exe files using `build.sh` |
+| | Compare files using `unsign.sh` |
+| | Sign .exe file using `gpg -b` |
+
+| Signer and verifiers: |
+|-----------------------------------------------------------------------------------------------|
+| Upload signatures to 'electrum-signatures' repo, as `$version/$filename.$builder.asc` |
+
+
+
+Verify Integrity of signed binary
+=================================
+
+Every user can verify that the official binary was created from the source code in this
+repository. To do so, the Authenticode signature needs to be stripped since the signature
+is not reproducible.
+
+This procedure removes the differences between the signed and unsigned binary:
+
+1. Remove the signature from the signed binary using osslsigncode or signtool.
+2. Set the COFF image checksum for the signed binary to 0x0. This is necessary
+ because pyinstaller doesn't generate a checksum.
+3. Append null bytes to the _unsigned_ binary until the byte count is a multiple
+ of 8.
+
+The script `unsign.sh` performs these steps.