From 0a2fb218ff3ae019347c2e2b806bab59aca83057 Mon Sep 17 00:00:00 2001 From: Crypto Centric Date: Fri, 21 Dec 2018 20:49:28 +0000 Subject: [PATCH 1/2] Signature path update Signature path update for standard absolute Repos --- doc/release-process.md | 44 +++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/doc/release-process.md b/doc/release-process.md index dd448bac9a7ac..04a414c89b095 100644 --- a/doc/release-process.md +++ b/doc/release-process.md @@ -10,8 +10,8 @@ Release Process Check out the source code in the following directory hierarchy. cd /path/to/your/toplevel/build - git clone https://github.com/absolute-community/gitian.sigs.git - git clone https://github.com/absolute-community/absolute-detached-sigs.git + git clone https://github.com/absolute-community/gitian.signatures.git + git clone https://github.com/absolute-community/absolute-detached-signatures.git git clone https://github.com/devrandom/gitian-builder.git git clone https://github.com/absolute-community/absolute.git @@ -47,9 +47,9 @@ Check out the source code in the following directory hierarchy. git checkout v${VERSION} popd - Ensure your gitian.sigs are up-to-date if you wish to gverify your builds against other Gitian signatures. + Ensure your gitian.signatures are up-to-date if you wish to gverify your builds against other Gitian signatures. - pushd ./gitian.sigs + pushd ./gitian.signatures git pull popd @@ -82,23 +82,23 @@ Only missing files will be fetched, so this is safe to re-run for each build. NOTE: Offline builds must use the --url flag to ensure Gitian fetches only from local URLs. For example: ``` -./bin/gbuild --url absolute=/path/to/absolute,signature=/path/to/sigs {rest of arguments} +./bin/gbuild --url absolute=/path/to/absolute,signature=/path/to/signatures {rest of arguments} ``` The gbuild invocations below DO NOT DO THIS by default. ### Build and sign Absolute Core for Linux, Windows, and OS X: ./bin/gbuild --commit absolute=v${VERSION} ../absolute/contrib/gitian-descriptors/gitian-linux.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-linux --destination ../gitian.sigs/ ../absolute/contrib/gitian-descriptors/gitian-linux.yml + ./bin/gsign --signer $SIGNER --release ${VERSION}-linux --destination ../gitian.signatures/ ../absolute/contrib/gitian-descriptors/gitian-linux.yml mv build/out/absolute-*.tar.gz build/out/src/absolute-*.tar.gz ../ ./bin/gbuild --commit absolute=v${VERSION} ../absolute/contrib/gitian-descriptors/gitian-win.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-win-unsigned --destination ../gitian.sigs/ ../absolute/contrib/gitian-descriptors/gitian-win.yml + ./bin/gsign --signer $SIGNER --release ${VERSION}-win-unsigned --destination ../gitian.signatures/ ../absolute/contrib/gitian-descriptors/gitian-win.yml mv build/out/absolute-*-win-unsigned.tar.gz inputs/absolute-win-unsigned.tar.gz mv build/out/absolute-*.zip build/out/absolute-*.exe ../ ./bin/gbuild --commit absolute=v${VERSION} ../absolute/contrib/gitian-descriptors/gitian-osx.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-osx-unsigned --destination ../gitian.sigs/ ../absolute/contrib/gitian-descriptors/gitian-osx.yml + ./bin/gsign --signer $SIGNER --release ${VERSION}-osx-unsigned --destination ../gitian.signatures/ ../absolute/contrib/gitian-descriptors/gitian-osx.yml mv build/out/absolute-*-osx-unsigned.tar.gz inputs/absolute-osx-unsigned.tar.gz mv build/out/absolute-*.tar.gz build/out/absolute-*.dmg ../ popd @@ -109,7 +109,7 @@ The gbuild invocations below DO NOT DO THIS by default. 2. linux 32-bit and 64-bit dist tarballs (absolute-${VERSION}-linux[32|64].tar.gz) 3. windows 32-bit and 64-bit unsigned installers and dist zips (absolute-${VERSION}-win[32|64]-setup-unsigned.exe, absolute-${VERSION}-win[32|64].zip) 4. OS X unsigned installer and dist tarball (absolute-${VERSION}-osx-unsigned.dmg, absolute-${VERSION}-osx64.tar.gz) - 5. Gitian signatures (in gitian.sigs/${VERSION}-/(your Gitian key)/ + 5. Gitian signatures (in gitian.signatures/${VERSION}-/(your Gitian key)/ ### Verify other gitian builders signatures to your own. (Optional) @@ -119,34 +119,34 @@ The gbuild invocations below DO NOT DO THIS by default. Verify the signatures - ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-linux ../absolute/contrib/gitian-descriptors/gitian-linux.yml - ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-win-unsigned ../absolute/contrib/gitian-descriptors/gitian-win.yml - ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-osx-unsigned ../absolute/contrib/gitian-descriptors/gitian-osx.yml + ./bin/gverify -v -d ../gitian.signatures/ -r ${VERSION}-linux ../absolute/contrib/gitian-descriptors/gitian-linux.yml + ./bin/gverify -v -d ../gitian.signatures/ -r ${VERSION}-win-unsigned ../absolute/contrib/gitian-descriptors/gitian-win.yml + ./bin/gverify -v -d ../gitian.signatures/ -r ${VERSION}-osx-unsigned ../absolute/contrib/gitian-descriptors/gitian-osx.yml popd ### Next steps: -Commit your signature to gitian.sigs: +Commit your signature to gitian.signatures: - pushd gitian.sigs + pushd gitian.signatures git add ${VERSION}-linux/${SIGNER} git add ${VERSION}-win-unsigned/${SIGNER} git add ${VERSION}-osx-unsigned/${SIGNER} git commit -a - git push # Assuming you can push to the gitian.sigs tree + git push # Assuming you can push to the gitian.signature tree popd Wait for Windows/OS X detached signatures: Once the Windows/OS X builds each have 3 matching signatures, they will be signed with their respective release keys. - Detached signatures will then be committed to the [absolute-detached-sigs](https://github.com/absolute-community/absolute-detached-sigs) repository, which can be combined with the unsigned apps to create signed binaries. + Detached signatures will then be committed to the [absolute-detached-signatues](https://github.com/absolute-community/absolute-detached-signaturess) repository, which can be combined with the unsigned apps to create signed binaries. Create (and optionally verify) the signed OS X binary: pushd ./gitian-builder ./bin/gbuild -i --commit signature=v${VERSION} ../absolute/contrib/gitian-descriptors/gitian-osx-signer.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-osx-signed --destination ../gitian.sigs/ ../absolute/contrib/gitian-descriptors/gitian-osx-signer.yml - ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-osx-signed ../absolute/contrib/gitian-descriptors/gitian-osx-signer.yml + ./bin/gsign --signer $SIGNER --release ${VERSION}-osx-signed --destination ../gitian.signatures/ ../absolute/contrib/gitian-descriptors/gitian-osx-signer.yml + ./bin/gverify -v -d ../gitian.signatures/ -r ${VERSION}-osx-signed ../absolute/contrib/gitian-descriptors/gitian-osx-signer.yml mv build/out/absolute-osx-signed.dmg ../absolute-${VERSION}-osx.dmg popd @@ -154,17 +154,17 @@ Commit your signature to gitian.sigs: pushd ./gitian-builder ./bin/gbuild -i --commit signature=v${VERSION} ../absolute/contrib/gitian-descriptors/gitian-win-signer.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-win-signed --destination ../gitian.sigs/ ../absolute/contrib/gitian-descriptors/gitian-win-signer.yml - ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-win-signed ../absolute/contrib/gitian-descriptors/gitian-win-signer.yml + ./bin/gsign --signer $SIGNER --release ${VERSION}-win-signed --destination ../gitian.signatures/ ../absolute/contrib/gitian-descriptors/gitian-win-signer.yml + ./bin/gverify -v -d ../gitian.signatures/ -r ${VERSION}-win-signed ../absolute/contrib/gitian-descriptors/gitian-win-signer.yml mv build/out/absolute-*win64-setup.exe ../absolute-${VERSION}-win64-setup.exe mv build/out/absolute-*win32-setup.exe ../absolute-${VERSION}-win32-setup.exe popd Commit your signature for the signed OS X/Windows binaries: - pushd gitian.sigs + pushd gitian.signatures git add ${VERSION}-osx-signed/${SIGNER} git add ${VERSION}-win-signed/${SIGNER} git commit -a - git push # Assuming you can push to the gitian.sigs tree + git push # Assuming you can push to the gitian.signatures tree popd From 692e823338f43a0f47007ea50208bbb2bbb507a8 Mon Sep 17 00:00:00 2001 From: Crypto Centric Date: Fri, 21 Dec 2018 20:50:50 +0000 Subject: [PATCH 2/2] Typo Cleanup to address Typo Cleanup to address --- doc/release-process.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/release-process.md b/doc/release-process.md index 04a414c89b095..33d5ba20c9e7c 100644 --- a/doc/release-process.md +++ b/doc/release-process.md @@ -11,7 +11,7 @@ Check out the source code in the following directory hierarchy. cd /path/to/your/toplevel/build git clone https://github.com/absolute-community/gitian.signatures.git - git clone https://github.com/absolute-community/absolute-detached-signatures.git + git clone https://github.com/absolute-community/absolute.detached.signatures.git git clone https://github.com/devrandom/gitian-builder.git git clone https://github.com/absolute-community/absolute.git