From: tobtoht Date: Thu, 20 Feb 2025 17:38:56 +0000 (+0100) Subject: build: macos codesigning X-Git-Url: https://git.nutra.tk/v1?a=commitdiff_plain;h=c47314d99da9d3f4a955a3e5a56bb9fa7c7637ae;p=gamesguru%2Ffeather.git build: macos codesigning --- diff --git a/.gitmodules b/.gitmodules index a8c3a3d3..aa81fa59 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,3 +7,9 @@ [submodule "external/feather-docs"] path = external/feather-docs url = https://github.com/feather-wallet/feather-docs.git +[submodule "external/feather-sigs"] + path = external/feather-sigs + url = https://github.com/feather-wallet/feather-sigs.git +[submodule "external/feather-codesigning"] + path = external/feather-codesigning + url = https://github.com/feather-wallet/feather-codesigning.git diff --git a/CMakeLists.txt b/CMakeLists.txt index fe0944a8..623184f4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -64,7 +64,7 @@ if(STATIC) endif() include(CMakePackageConfigHelpers) -include(VersionFeather) +configure_file("cmake/config-feather.h.cmake" "${CMAKE_CURRENT_SOURCE_DIR}/src/config-feather.h") #### Dependencies #### # Monero diff --git a/Makefile b/Makefile index eee37bba..dee805e0 100644 --- a/Makefile +++ b/Makefile @@ -1,14 +1,11 @@ build: @./contrib/guix/guix-build -codesign: - @./contrib/guix/guix-codesign - attest: @./contrib/guix/guix-attest verify: - @./contrib/guix/guix-attest + @./contrib/guix/guix-verify clean: @./contrib/guix/guix-clean diff --git a/cmake/TorQrcGenerator.cmake b/cmake/TorQrcGenerator.cmake index 54687b9b..2b24febf 100644 --- a/cmake/TorQrcGenerator.cmake +++ b/cmake/TorQrcGenerator.cmake @@ -1,3 +1,5 @@ +set(QRC_LIST) + if (TOR_DIR) FILE(GLOB TOR_FILES LIST_DIRECTORIES false ${TOR_DIR}/*) diff --git a/cmake/VersionFeather.cmake b/cmake/VersionFeather.cmake deleted file mode 100644 index dae2705a..00000000 --- a/cmake/VersionFeather.cmake +++ /dev/null @@ -1,27 +0,0 @@ -# SPDX-License-Identifier: BSD-3-Clause -# SPDX-FileCopyrightText: 2020-2023 The Monero Project - -find_package(Git QUIET) - -# Sets FEATHER_COMMIT to the first 9 chars of the current commit hash. - -if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/githash.txt") - # This file added in source archives where the .git folder has been removed to optimize for space. - file(READ "githash.txt" COMMIT) - string(SUBSTRING ${COMMIT} 0 9 COMMIT) - message(STATUS "You are currently on commit ${COMMIT}") - set(FEATHER_COMMIT "${COMMIT}") -else() - execute_process(COMMAND "${GIT_EXECUTABLE}" rev-parse --short=9 HEAD RESULT_VARIABLE RET OUTPUT_VARIABLE COMMIT OUTPUT_STRIP_TRAILING_WHITESPACE) - - if(RET) - message(WARNING "Cannot determine current commit. Make sure that you are building either from a Git working tree or from a source archive.") - set(FEATHER_COMMIT "unknown") - else() - string(SUBSTRING ${COMMIT} 0 9 COMMIT) - message(STATUS "You are currently on commit ${COMMIT}") - set(FEATHER_COMMIT "${COMMIT}") - endif() -endif() - -configure_file("cmake/config-feather.h.cmake" "${CMAKE_CURRENT_SOURCE_DIR}/src/config-feather.h") \ No newline at end of file diff --git a/cmake/config-feather.h.cmake b/cmake/config-feather.h.cmake index c062336b..1c763b9c 100644 --- a/cmake/config-feather.h.cmake +++ b/cmake/config-feather.h.cmake @@ -2,7 +2,6 @@ #define FEATHER_VERSION_H #define FEATHER_VERSION "@PROJECT_VERSION@" -#define FEATHER_COMMIT "@FEATHER_COMMIT@" #define TOR_VERSION "@TOR_VERSION@" diff --git a/contrib/guix/README.md b/contrib/guix/README.md index 689910b7..3c183134 100644 --- a/contrib/guix/README.md +++ b/contrib/guix/README.md @@ -118,7 +118,7 @@ env GUIX_SIGS_REPO= SIGNER== \\ - SIGNER=GPG_KEY_NAME[=SIGNER_NAME] \\ + env SIGNER=GPG_KEY_NAME[=SIGNER_NAME] \\ [ NO_SIGN=1 ] ./contrib/guix/guix-attest Example w/o overriding signing name: - env GUIX_SIGS_REPO=/home/user/feather-sigs \\ - SIGNER=achow101 \\ + env SIGNER=achow101 \\ ./contrib/guix/guix-attest Example overriding signing name: - env GUIX_SIGS_REPO=/home/user/feather-sigs \\ - SIGNER=0x96AB007F1A7ED999=dongcarl \\ + env SIGNER=0x96AB007F1A7ED999=dongcarl \\ ./contrib/guix/guix-attest Example w/o signing, just creating SHA256SUMS: - env GUIX_SIGS_REPO=/home/user/feather-sigs \\ - SIGNER=achow101 \\ + env SIGNER=achow101 \\ NO_SIGN=1 \\ ./contrib/guix/guix-attest EOF } -if [ -z "${GUIX_SIGS_REPO}" ]; then - echo "[HINT] Fork and clone the feather-sigs repo, if you haven't already:" - echo "https://github.com/feather-wallet/feather-sigs" - echo "" - - printf "Enter path to 'feather-sigs' repo: " - read -r repo - - if [ ! -d "${repo}" ]; then - echo "ERR: directory does not exist" - exit 1 - fi - - export GUIX_SIGS_REPO="$repo" - wizard=1 -fi - if [ -z "${SIGNER}" ]; then printf "Enter your GitHub username: " read -r signer @@ -108,28 +87,10 @@ fi if [ -n "$wizard" ]; then echo "" echo "Next time, invoke this command as:" - echo "env GUIX_SIGS_REPO=${GUIX_SIGS_REPO} SIGNER=${SIGNER} make attest" + echo "env SIGNER=${SIGNER} make attest" echo "" fi -################ -# GUIX_SIGS_REPO should exist as a directory -################ - -if [ ! -d "$GUIX_SIGS_REPO" ]; then -cat << EOF -ERR: The specified GUIX_SIGS_REPO is not an existent directory: - - '$GUIX_SIGS_REPO' - -Hint: Please clone the feather-sigs repository and point to it with the - GUIX_SIGS_REPO environment variable. - -EOF -cmd_usage -exit 1 -fi - ################ # The key specified in SIGNER should be usable ################ @@ -154,19 +115,15 @@ shopt -s nullglob sha256sum_fragments=( "$LOGDIR_BASE"/*/SHA256SUMS.part ) # This expands to an array of directories... shopt -u nullglob -noncodesigned_fragments=() -codesigned_fragments=() +fragments=() if (( ${#sha256sum_fragments[@]} )); then echo "Found build output SHA256SUMS fragments:" for logdir in "${sha256sum_fragments[@]}"; do echo " '$logdir'" case "$logdir" in - "$LOGDIR_BASE"/*-codesigned/SHA256SUMS.part) - codesigned_fragments+=("$logdir") - ;; *) - noncodesigned_fragments+=("$logdir") + fragments+=("$logdir") ;; esac done @@ -223,67 +180,40 @@ basenameify_SHA256SUMS() { sed -E 's@(^[[:xdigit:]]{64}[[:space:]]+).+/([^/]+$)@\1\2@' } -outsigdir="$GUIX_SIGS_REPO/$VERSION/$signer_name" +outsigdir="external/feather-sigs/$VERSION/$signer_name" mkdir -p "$outsigdir" ( cd "$outsigdir" - temp_noncodesigned="$(mktemp)" - trap 'rm -rf -- "$temp_noncodesigned"' EXIT + temp_file="$(mktemp)" + trap 'rm -rf -- "$temp_file"' EXIT - if (( ${#noncodesigned_fragments[@]} )); then - cat "${noncodesigned_fragments[@]}" \ + if (( ${#fragments[@]} )); then + cat "${fragments[@]}" \ | sort -u \ | basenameify_SHA256SUMS \ | sort -k2 \ - > "$temp_noncodesigned" - if [ -e noncodesigned.SHA256SUMS ]; then + > "$temp_file" + if [ -e all.SHA256SUMS ]; then # The SHA256SUMS already exists, make sure it's exactly what we # expect, error out if not - if diff -u noncodesigned.SHA256SUMS "$temp_noncodesigned"; then - echo "A noncodesigned.SHA256SUMS file already exists for '${VERSION}' and is up-to-date." + if diff -u all.SHA256SUMS "$temp_file"; then + echo "A SHA256SUMS file already exists for '${VERSION}' and is up-to-date." else - shasum_already_exists noncodesigned.SHA256SUMS + shasum_already_exists all.SHA256SUMS exit 1 fi else - mv "$temp_noncodesigned" noncodesigned.SHA256SUMS + mv "$temp_file" all.SHA256SUMS fi else - echo "ERR: No noncodesigned outputs found for '${VERSION}', exiting..." + echo "ERR: No outputs found for '${VERSION}', exiting..." exit 1 fi temp_all="$(mktemp)" trap 'rm -rf -- "$temp_all"' EXIT - if (( ${#codesigned_fragments[@]} )); then - # Note: all.SHA256SUMS attests to all of $sha256sum_fragments, but is - # not needed if there are no $codesigned_fragments - cat "${sha256sum_fragments[@]}" \ - | sort -u \ - | basenameify_SHA256SUMS \ - | sort -k2 \ - > "$temp_all" - if [ -e all.SHA256SUMS ]; then - # The SHA256SUMS already exists, make sure it's exactly what we - # expect, error out if not - if diff -u all.SHA256SUMS "$temp_all"; then - echo "An all.SHA256SUMS file already exists for '${VERSION}' and is up-to-date." - else - shasum_already_exists all.SHA256SUMS - exit 1 - fi - else - mv "$temp_all" all.SHA256SUMS - fi - else - # It is fine to have the codesigned outputs be missing (perhaps the - # detached codesigs have not been published yet), just print a log - # message instead of erroring out - echo "INFO: No codesigned outputs found for '${VERSION}', skipping..." - fi - if [ -z "$NO_SIGN" ]; then echo "Signing SHA256SUMS to produce SHA256SUMS.asc" for i in *.SHA256SUMS; do diff --git a/contrib/guix/guix-build b/contrib/guix/guix-build index 0d04e0af..3a07986c 100755 --- a/contrib/guix/guix-build +++ b/contrib/guix/guix-build @@ -446,6 +446,7 @@ EOF ${ADDITIONAL_GUIX_COMMON_FLAGS} ${ADDITIONAL_GUIX_ENVIRONMENT_FLAGS} \ -- env HOST="$HOST" \ DISTNAME="$DISTNAME" \ + RELEASE="$RELEASE" \ JOBS="$JOBS" \ COMMIT_TIMESTAMP="${COMMIT_TIMESTAMP:?unable to determine value}" \ ${V:+V=1} \ diff --git a/contrib/guix/guix-codesign b/contrib/guix/guix-codesign deleted file mode 100755 index 4afd5b02..00000000 --- a/contrib/guix/guix-codesign +++ /dev/null @@ -1,341 +0,0 @@ -#!/usr/bin/env bash -export LC_ALL=C -set -e -o pipefail - -# Source the common prelude, which: -# 1. Checks if we're at the top directory of the Feather Wallet repository -# 2. Defines a few common functions and variables -# -# shellcheck source=libexec/prelude.bash -source "$(dirname "${BASH_SOURCE[0]}")/libexec/prelude.bash" - - -################### -## SANITY CHECKS ## -################### - -################ -# Required non-builtin commands should be invocable -################ - -check_tools cat mkdir git guix - -################ -# Required env vars should be non-empty -################ - -cmd_usage() { - cat < \\ - ./contrib/guix/guix-codesign - -EOF -} - -if [ -z "$GUIX_SIGS_REPO" ]; then - echo "[HINT] Fork and clone the feather-sigs repo:" - echo "https://github.com/feather-wallet/feather-sigs" - echo "" - - printf "Enter path to 'feather-sigs' repo: " - read -r GUIX_SIGS_REPO - - if [ ! -d "${GUIX_SIGS_REPO}" ]; then - echo "Directory does not exist" - exit 1 - fi - - echo "" - echo "Next time, invoke this command as:" - echo "env GUIX_SIGS_REPO=${GUIX_SIGS_REPO} make codesign" - echo "" -fi - -################ -# GUIX_BUILD_OPTIONS should be empty -################ -# -# GUIX_BUILD_OPTIONS is an environment variable recognized by guix commands that -# can perform builds. This seems like what we want instead of -# ADDITIONAL_GUIX_COMMON_FLAGS, but the value of GUIX_BUILD_OPTIONS is actually -# _appended_ to normal command-line options. Meaning that they will take -# precedence over the command-specific ADDITIONAL_GUIX__FLAGS. -# -# This seems like a poor user experience. Thus we check for GUIX_BUILD_OPTIONS's -# existence here and direct users of this script to use our (more flexible) -# custom environment variables. -if [ -n "$GUIX_BUILD_OPTIONS" ]; then -cat << EOF -Error: Environment variable GUIX_BUILD_OPTIONS is not empty: - '$GUIX_BUILD_OPTIONS' - -Unfortunately this script is incompatible with GUIX_BUILD_OPTIONS, please unset -GUIX_BUILD_OPTIONS and use ADDITIONAL_GUIX_COMMON_FLAGS to set build options -across guix commands or ADDITIONAL_GUIX__FLAGS to set build options for a -specific guix command. - -See contrib/guix/README.md for more details. -EOF -exit 1 -fi - -################ -# The codesignature git worktree should not be dirty -################ - -if ! git -C "$GUIX_SIGS_REPO" diff-index --quiet HEAD -- && [ -z "$FORCE_DIRTY_WORKTREE" ]; then - cat << EOF -ERR: The FEATHER SIGS git worktree is dirty, which may lead to broken builds. - - Aborting... - -Hint: To make your git worktree clean, You may want to: - 1. Commit your changes, - 2. Stash your changes, or - 3. Set the 'FORCE_DIRTY_WORKTREE' environment variable if you insist on - using a dirty worktree -EOF - exit 1 -fi - -################ -# Build directories should not exist -################ - -# Default to building for all supported HOSTs (overridable by environment) -export HOSTS="${HOSTS:-x86_64-w64-mingw32 x86_64-w64-mingw32.installer}" - -# Usage: distsrc_for_host HOST -# -# HOST: The current platform triple we're building for -# -distsrc_for_host() { - echo "${DISTSRC_BASE}/build/distsrc-${VERSION}-${1}-codesigned" -} - -# Accumulate a list of build directories that already exist... -hosts_distsrc_exists="" -for host in $HOSTS; do - if [ -e "$(distsrc_for_host "$host")" ]; then - hosts_distsrc_exists+=" ${host}" - fi -done - -if [ -n "$hosts_distsrc_exists" ]; then -# ...so that we can print them out nicely in an error message -cat << EOF -ERR: Build directories for this commit already exist for the following platform - triples you're attempting to build, probably because of previous builds. - Please remove, or otherwise deal with them prior to starting another build. - - Aborting... - -Hint: To blow everything away, you may want to use: - - $ ./contrib/guix/guix-clean - -Specifically, this will remove all files without an entry in the index, -excluding the SDK directory, the depends download cache, the depends built -packages cache, the garbage collector roots for Guix environments, and the -output directory. -EOF -for host in $hosts_distsrc_exists; do - echo " ${host} '$(distsrc_for_host "$host")'" -done -exit 1 -else - mkdir -p "$DISTSRC_BASE" -fi - - -################ -# Unsigned files SHOULD exist -################ - -# Usage: outdir_for_host HOST SUFFIX -# -# HOST: The current platform triple we're building for -# -outdir_for_host() { - echo "${OUTDIR_BASE}/${1}${2:+-${2}}" -} - -# Usage: logdir_for_host HOST SUFFIX -# -# HOST: The current platform triple we're building for -# -logdir_for_host() { - echo "${LOGDIR_BASE}/${1}${2:+-${2}}" -} - -unsigned_file_for_host() { - case "$1" in - *mingw32.installer) - echo "$(outdir_for_host "$1")/FeatherWalletSetup-${VERSION}-unsigned.exe" - ;; - *mingw32*) - echo "$(outdir_for_host "$1")/${DISTNAME}-unsigned.exe" - ;; - *) - exit 1 - ;; - esac -} - -# Accumulate a list of build directories that already exist... -hosts_file_tarball_missing="" -for host in $HOSTS; do - if [ ! -e "$(unsigned_file_for_host "$host")" ]; then - hosts_file_tarball_missing+=" ${host}" - fi -done - -if [ -n "$hosts_file_tarball_missing" ]; then - # ...so that we can print them out nicely in an error message - cat << EOF -ERR: Unsigned files do not exist -... - -EOF -for host in $hosts_file_tarball_missing; do - echo " ${host} '$(unsigned_file_for_host "$host")'" -done -exit 1 -fi - -################ -# Check that we can connect to the guix-daemon -################ - -cat << EOF -Checking that we can connect to the guix-daemon... - -Hint: If this hangs, you may want to try turning your guix-daemon off and on - again. - -EOF -if ! guix gc --list-failures > /dev/null; then - cat << EOF - -ERR: Failed to connect to the guix-daemon, please ensure that one is running and - reachable. -EOF - exit 1 -fi - -# Developer note: we could use `guix repl` for this check and run: -# -# (import (guix store)) (close-connection (open-connection)) -# -# However, the internal API is likely to change more than the CLI invocation - - -######### -# SETUP # -######### - -# Determine the maximum number of jobs to run simultaneously (overridable by -# environment) -JOBS="${JOBS:-$(nproc)}" - -# Determine the reference time used for determinism (overridable by environment) -SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-$(git -c log.showSignature=false log --format=%at -1)}" - -# Make sure an output directory exists for our builds -OUTDIR_BASE="${OUTDIR_BASE:-${VERSION_BASE}/output}" -mkdir -p "$OUTDIR_BASE" - -# Usage: profiledir_for_host HOST SUFFIX -# -# HOST: The current platform triple we're building for -# -profiledir_for_host() { - echo "${PROFILES_BASE}/${1}${2:+-${2}}" -} - -######### -# BUILD # -######### - -# Function to be called when codesigning for host ${1} and the user interrupts -# the codesign -int_trap() { -cat << EOF -** INT received while codesigning ${1}, you may want to clean up the relevant - work directories (e.g. distsrc-*) before recodesigning - -Hint: To blow everything away, you may want to use: - - $ ./contrib/guix/guix-clean - -Specifically, this will remove all files without an entry in the index, -excluding the SDK directory, the depends download cache, the depends built -packages cache, the garbage collector roots for Guix environments, and the -output directory. -EOF -} - -# shellcheck disable=SC2153 -for host in $HOSTS; do - - # Display proper warning when the user interrupts the build - trap 'int_trap ${host}' INT - - ( - # Required for 'contrib/guix/manifest.scm' to output the right manifest - # for the particular $HOST we're building for - export HOST="$host" - - # shellcheck disable=SC2030 -cat << EOF -INFO: Codesigning ${VERSION:?not set} for platform triple ${HOST:?not set}: - ...using reference timestamp: ${SOURCE_DATE_EPOCH:?not set} - ...from worktree directory: '${PWD}' - ...bind-mounted in container to: '/feather' - ...in build directory: '$(distsrc_for_host "$HOST")' - ...bind-mounted in container to: '$(DISTSRC_BASE=/distsrc-base && distsrc_for_host "$HOST")' - ...outputting in: '$(outdir_for_host "$HOST" codesigned)' - ...bind-mounted in container to: '$(OUTDIR_BASE=/outdir-base && outdir_for_host "$HOST" codesigned)' - ...using detached signatures in: '${GUIX_SIGS_REPO:?not set}' - ...bind-mounted in container to: '/detached-sigs' -EOF - - # shellcheck disable=SC2086,SC2031 - time-machine shell --manifest="${PWD}/contrib/guix/manifest.scm" \ - --container \ - --pure \ - --no-cwd \ - --share="$PWD"=/feather \ - --share="$DISTSRC_BASE"=/distsrc-base \ - --share="$OUTDIR_BASE"=/outdir-base \ - --share="$LOGDIR_BASE"=/logdir-base \ - --share="$GUIX_SIGS_REPO"=/guix-sigs \ - --expose="$(git rev-parse --git-common-dir)" \ - --expose="$(git -C "$GUIX_SIGS_REPO" rev-parse --git-common-dir)" \ - ${SOURCES_PATH:+--share="$SOURCES_PATH"} \ - --cores="$JOBS" \ - --keep-failed \ - --fallback \ - --link-profile \ - --user="user" \ - --root="$(profiledir_for_host "${HOST}" codesigned)" \ - ${SUBSTITUTE_URLS:+--substitute-urls="$SUBSTITUTE_URLS"} \ - ${ADDITIONAL_GUIX_COMMON_FLAGS} ${ADDITIONAL_GUIX_ENVIRONMENT_FLAGS} \ - -- env HOST="$host" \ - DISTNAME="$DISTNAME" \ - VERSION="$VERSION" \ - JOBS="$JOBS" \ - SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:?unable to determine value}" \ - ${V:+V=1} \ - ${SOURCES_PATH:+SOURCES_PATH="$SOURCES_PATH"} \ - DISTSRC="$(DISTSRC_BASE=/distsrc-base && distsrc_for_host "$HOST")" \ - OUTDIR="$(OUTDIR_BASE=/outdir-base && outdir_for_host "$HOST" codesigned)" \ - LOGDIR="$(LOGDIR_BASE=/logdir-base && logdir_for_host "$HOST" codesigned)" \ - GUIX_SIGS_REPO=/guix-sigs \ - UNSIGNED_FILE="$(OUTDIR_BASE=/outdir-base && unsigned_file_for_host "$HOST")" \ - bash -c "cd /feather && bash contrib/guix/libexec/codesign.sh" - ) - -done diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh index 30e570d2..9b9060d1 100755 --- a/contrib/guix/libexec/build.sh +++ b/contrib/guix/libexec/build.sh @@ -35,6 +35,7 @@ cat << EOF Required environment variables as seen inside the container: DIST_ARCHIVE_BASE: ${DIST_ARCHIVE_BASE:?not set} DISTNAME: ${DISTNAME:?not set} + RELEASE: ${RELEASE:?not set} HOST: ${HOST:?not set} COMMIT_TIMESTAMP: ${COMMIT_TIMESTAMP:?not set} JOBS: ${JOBS:?not set} @@ -44,8 +45,11 @@ Required environment variables as seen inside the container: OPTIONS: ${OPTIONS} EOF +mkdir -p ${DISTSRC} +ln -s "${DISTSRC}" /distsrc + ACTUAL_OUTDIR="${OUTDIR}" -OUTDIR="${DISTSRC}/output" +OUTDIR="/distsrc/output" # Use a fixed timestamp for depends builds so hashes match across commits that don't make changes to the build system export SOURCE_DATE_EPOCH=1397818193 @@ -274,9 +278,8 @@ export USE_DEVICE_TREZOR_MANDATORY=1 # Make $HOST-specific native binaries from depends available in $PATH export PATH="${BASEPREFIX}/${HOST}/native/bin:${PATH}" -mkdir -p "$DISTSRC" ( - cd "$DISTSRC" + cd "/distsrc" # Extract the source tarball tar --strip-components=1 -xf "${GIT_ARCHIVE}" @@ -284,7 +287,7 @@ mkdir -p "$DISTSRC" # Setup the directory where our Bitcoin Core build for HOST will be # installed. This directory will also later serve as the input for our # binary tarballs. - INSTALLPATH="${DISTSRC}/installed" + INSTALLPATH="/distsrc/installed" mkdir -p "${INSTALLPATH}" @@ -314,6 +317,9 @@ mkdir -p "$DISTSRC" *gnueabihf) CMAKEVARS+=" -DNO_AES=On" # Raspberry Pi ;; + *darwin*) + CMAKEVARS+=" -DTOR_DIR=Off -DTOR_VERSION=Off" + ;; esac # Configure this DISTSRC for $HOST @@ -401,9 +407,21 @@ mkdir -p "$DISTSRC" case "$HOST" in *darwin*) mv "feather.app" "Feather.app" + mkdir -p Feather.app/Contents/bin + cp -a /feather/contrib/depends/${HOST}/Tor/libevent-2.1.7.dylib Feather.app/Contents/bin + cp -a /feather/contrib/depends/${HOST}/Tor/tor Feather.app/Contents/bin ;; esac + # Code-signing + if [ "$RELEASE" -ne 0 ]; then + case "$HOST" in + *darwin*) + signapple apply Feather.app "/distsrc/external/feather-codesigning/signatures/${HOST}/Feather.app" + ;; + esac + fi + # Finally, deterministically produce {non-,}debug binary tarballs ready # for release case "$HOST" in diff --git a/contrib/guix/libexec/codesign.sh b/contrib/guix/libexec/codesign.sh deleted file mode 100755 index 33fd9b78..00000000 --- a/contrib/guix/libexec/codesign.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/usr/bin/env bash -# Copyright (c) 2021-2022 The Bitcoin Core developers -# Copyright (c) 2024-2024 The Monero Project -# Distributed under the MIT software license, see the accompanying -# file COPYING or http://www.opensource.org/licenses/mit-license.php. -export LC_ALL=C -set -e -o pipefail -export TZ=UTC - -# Although Guix _does_ set umask when building its own packages (in our case, -# this is all packages in manifest.scm), it does not set it for `guix -# shell`. It does make sense for at least `guix shell --container` -# to set umask, so if that change gets merged upstream and we bump the -# time-machine to a commit which includes the aforementioned change, we can -# remove this line. -# -# This line should be placed before any commands which creates files. -umask 0022 - -if [ -n "$V" ]; then - # Print both unexpanded (-v) and expanded (-x) forms of commands as they are - # read from this file. - set -vx - # Set VERBOSE for CMake-based builds - export VERBOSE="$V" -fi - -# Check that required environment variables are set -cat << EOF -Required environment variables as seen inside the container: - UNSIGNED_FILE: ${UNSIGNED_FILE:?not set} - GUIX_SIGS_REPO: ${GUIX_SIGS_REPO:?not set} - DISTNAME: ${DISTNAME:?not set} - VERSION: ${VERSION:?not set} - HOST: ${HOST:?not set} - SOURCE_DATE_EPOCH: ${SOURCE_DATE_EPOCH:?not set} - DISTSRC: ${DISTSRC:?not set} - OUTDIR: ${OUTDIR:?not set} - LOGDIR: ${LOGDIR:?not set} -EOF - -ACTUAL_OUTDIR="${OUTDIR}" -OUTDIR="${DISTSRC}/output" - -git_head_version() { - local recent_tag - if recent_tag="$(git -C "$1" describe --exact-match HEAD 2> /dev/null)"; then - echo "${recent_tag#v}" - else - git -C "$1" rev-parse --short=12 HEAD - fi -} - -mkdir -p "$OUTDIR" - -mkdir -p "$DISTSRC" -( - cd "$DISTSRC" - - case "$HOST" in - *mingw32*) - infile_base="$(basename "$UNSIGNED_FILE")" - outfile_base="${infile_base/-unsigned}" - - # Codesigned *-unsigned.exe and output to OUTDIR - osslsigncode attach-signature \ - -in "$UNSIGNED_FILE" \ - -out "${OUTDIR}/$outfile_base" \ - -CAfile "$GUIX_ENVIRONMENT/etc/ssl/certs/ca-certificates.crt" \ - -sigin /guix-sigs/codesignatures/"${VERSION}"/"$outfile_base".pem - ;; - *) - exit 1 - ;; - esac -) # $DISTSRC - - -( - cd "$OUTDIR" - - case "$HOST" in - *mingw32.installer) - find . -print0 \ - | xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" - find . \ - | sort \ - | zip -X@ "${OUTDIR}/${DISTNAME}-win-installer.zip" \ - || ( rm -f "${OUTDIR}/${DISTNAME}-win-installer.zip" && exit 1 ) - ;; - *mingw32*) - find . -print0 \ - | xargs -0r touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" - find . \ - | sort \ - | zip -X@ "${OUTDIR}/${DISTNAME}-win.zip" \ - || ( rm -f "${OUTDIR}/${DISTNAME}-win.zip" && exit 1 ) - ;; - esac -) - -rm -rf "$ACTUAL_OUTDIR" -mv --no-target-directory "$OUTDIR" "$ACTUAL_OUTDIR" \ - || ( rm -rf "$ACTUAL_OUTDIR" && exit 1 ) - -( - cd /outdir-base - mkdir -p "$LOGDIR"/codesigned - { - find "$ACTUAL_OUTDIR" -type f - } | xargs realpath --relative-base="$PWD" \ - | xargs sha256sum \ - | sort -k2 \ - | sponge "$LOGDIR"/SHA256SUMS.part -) diff --git a/contrib/guix/libexec/prelude.bash b/contrib/guix/libexec/prelude.bash index 255b0687..5f1947a2 100644 --- a/contrib/guix/libexec/prelude.bash +++ b/contrib/guix/libexec/prelude.bash @@ -67,6 +67,7 @@ time-machine() { VERSION="${FORCE_VERSION:-$(git_head_version)}" DISTNAME="${DISTNAME:-feather-${VERSION}}" +RELEASE="$(is_release)" VERSION_BASE_DIR="${VERSION_BASE_DIR:-${PWD}}" version_base_prefix="${VERSION_BASE_DIR}/guix/guix-build-" diff --git a/contrib/shell/git-utils.bash b/contrib/shell/git-utils.bash index 37bac1f3..08f039e9 100644 --- a/contrib/shell/git-utils.bash +++ b/contrib/shell/git-utils.bash @@ -7,8 +7,20 @@ git_root() { git_head_version() { local recent_tag if recent_tag="$(git describe --exact-match HEAD 2> /dev/null)"; then - echo "${recent_tag#v}" + echo "${recent_tag%-rc}" else git rev-parse --short=12 HEAD fi } + +is_release() { + local recent_tag + if recent_tag="$(git describe --exact-match HEAD 2> /dev/null)"; then + if [[ "$recent_tag" == *"-rc" ]]; then + echo -n "0" + fi + echo -n "1" + else + echo -n "0" + fi +} diff --git a/external/feather-codesigning b/external/feather-codesigning new file mode 160000 index 00000000..9dc35878 --- /dev/null +++ b/external/feather-codesigning @@ -0,0 +1 @@ +Subproject commit 9dc358787ec49588e36d1c53894cda5583df016a diff --git a/external/feather-sigs b/external/feather-sigs new file mode 160000 index 00000000..91aef404 --- /dev/null +++ b/external/feather-sigs @@ -0,0 +1 @@ +Subproject commit 91aef404e540bded90b541be18f69e0afcb94320 diff --git a/src/assets/about.txt b/src/assets/about.txt index db366e94..f560ba05 100644 --- a/src/assets/about.txt +++ b/src/assets/about.txt @@ -1,4 +1,4 @@ -Feather () +Feather Copyright (c) 2020-, The Monero Project diff --git a/src/dialog/AboutDialog.cpp b/src/dialog/AboutDialog.cpp index 3ca0ca95..b64326cd 100644 --- a/src/dialog/AboutDialog.cpp +++ b/src/dialog/AboutDialog.cpp @@ -21,7 +21,6 @@ AboutDialog::AboutDialog(QWidget *parent) auto about = Utils::fileOpenQRC(":assets/about.txt"); auto about_text = Utils::barrayToString(about); about_text = about_text.replace("", FEATHER_VERSION); - about_text = about_text.replace("", FEATHER_COMMIT); about_text = about_text.replace("", QString::number(QDate::currentDate().year())); ui->copyrightText->setPlainText(about_text); diff --git a/src/dialog/DebugInfoDialog.cpp b/src/dialog/DebugInfoDialog.cpp index 598464c0..df6bb508 100644 --- a/src/dialog/DebugInfoDialog.cpp +++ b/src/dialog/DebugInfoDialog.cpp @@ -48,7 +48,7 @@ void DebugInfoDialog::updateInfo() { else torStatus = "Unknown"; - ui->label_featherVersion->setText(QString("%1-%2").arg(FEATHER_VERSION, FEATHER_COMMIT)); + ui->label_featherVersion->setText(QString("%1").arg(FEATHER_VERSION)); ui->label_walletHeight->setText(QString::number(m_wallet->blockChainHeight())); ui->label_daemonHeight->setText(QString::number(m_wallet->daemonBlockChainHeight())); diff --git a/src/main.cpp b/src/main.cpp index 9fbe07ef..37e74662 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -49,7 +49,7 @@ void signal_handler(int signum) { if (conf()->get(Config::writeStackTraceToDisk).toBool()) { QString crashLogPath{Config::defaultConfigDir().path() + "/crash_report.txt"}; std::ofstream out(crashLogPath.toStdString()); - out << QString("Version: %1-%2\n").arg(FEATHER_VERSION, FEATHER_COMMIT).toStdString(); + out << QString("Version: %1\n").arg(FEATHER_VERSION).toStdString(); out << QString("OS: %1\n").arg(QSysInfo::prettyProductName()).toStdString(); out << keyStream.str(); out.close();