feat: guix to replace gitian and its dashification #5285
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
knst
added
the
Needs Release Notes
|
|
||
| cd /path/to/your/toplevel/build | ||
| git clone https://github.com/dashpay/gitian.sigs.git | ||
| git clone https://github.com/dashpay/guix.sigs.git |
Member
There was a problem hiding this comment.
does this need to be changed?
Collaborator
Author
There was a problem hiding this comment.
the hashes of artefacts of gitian and guix are not the same.
I think better to have new repo to avoid a confusion
Member
|
My results |
Closed
Collaborator
Author
|
I can't sign binaries successfully by current implementation. |
PastaPastaPasta
approved these changes
Apr 15, 2023
Member
PastaPastaPasta
left a comment
PastaPastaPasta
left a comment
There was a problem hiding this comment.
utACK for merging via merge commit; although I don't love significantly changing the release process doc before we have signed binaries and everything figured out, but gitian still exists after this PR, so it's probably all fine
UdjinM6
approved these changes
Apr 15, 2023
fac4814 doc/release-process: Add torrent creation details (Carl Dong) 5d24cc3 guix/INSTALL: Guix installs init scripts in libdir (Carl Dong) 5da2ee4 guix/INSTALL: Add coreutils/inotify-dir-recreate troubleshooting (Carl Dong) 318c607 guix: Adapt release-process.md to new Guix process (Carl Dong) fcab35b guix-attest: Produce and sign normalized documents (Carl Dong) c2541fd guix: Overhaul README (Carl Dong) 46ce6ce tree-wide: Rename gitian-keys to builder-keys (Carl Dong) fc4f844 guix: Update various check_tools lists (Carl Dong) 263220a guix: Check for a sane services database (Carl Dong) Pull request description: Based on: bitcoin#21462 Keeping the README in one file so that it's easy to search through. Will add more jumping links later so navigation is easier. Current TODOs: - [x] Shell installer option: prompt user to re-login for `/etc/profile.d` entry to be picked up - [x] Binary tarball option: prompt user to create `/etc/profile.d` entry and re-login - [x] Fanquake docker option: complete section - [x] Arch Linux AUR option: prompt to start `guix-daemon-latest` unit after finishing "optional setup" section - [x] Building from source option: Insert dependency tree diagram that I made - [x] Building from source option: redo sectioning, kind of a mess right now - [x] Optional setup: make clear which parts are only needed if building from source - [x] Workaround 1 for GnuTLS: perhaps mention how to remove Guix build farm's key - [x] Overall (after everything): Make the links work. Note to self: wherever possible, tell user how to check that something is true rather than branching by installation option. ACKs for top commit: fanquake: ACK fac4814 - going to go ahead and merge this now. It's a lot of documentation, and could probably be nit-picked / improved further, however, that can continue over the next few weeks. I'm sure more (backportable) improvements / clarifications will be made while we progress through RCs towards a new release. Tree-SHA512: dc46c0ecdfc67c7c7743ca26e4a603eb3f54adbf81be2f4c1f4c20577ebb84b5250b9c9ec89c0e9860337ab1c7cff94d7963c603287267deecfe1cd987fa070a
Co-authored-by: PastaPastaPasta <[email protected]>
a884a1e guix/INSTALL: Misc fixups (Carl Dong) 3c4d2c4 guix: Silence getent(1) invocation (Carl Dong) Pull request description: Otherwise the `getent(1)` checks will print out the default http, https, and ftp ports, making it seem like something is being spawned that is listening on those ports, which is not the case. ACKs for top commit: fanquake: ACK a884a1e Tree-SHA512: 7706a98fe5f2bcd766fd3a16bfffab899ec45e80d72c485b7bed2a83d2024eddbb44ae4a77e2352e308740ca203c163421a11a5a2327fa94d2032ecceef4d63f
…g files 90b3e48 release: Release with separate SHA256SUMS and sig files (Carl Dong) Pull request description: This allows us to: - remove the rfc4880 EOL hacks, and - release with a SHA256SUMS.asc file that's a combination of all signer signatures ACKs for top commit: achow101: ACK 90b3e48 laanwj: Concept and code review ACK 90b3e48 Tree-SHA512: 5d5086063d303aa0cbd590e5fdf2ae8f555e25f4e43bf67545e33384449b990e94834c711622530ad0eb3dcc83f52746884a5081dadb0acff8dd799cfadafac7
132cae4 doc: Mention the flat directory structure for uploads (Andrew Chow) fb17c99 guix: Don't include directory name in SHA256SUMS (Andrew Chow) Pull request description: The SHA256SUMS file can be used in a sha256sum -c command to verify downloaded binaries. However users are likely to download just a single file and not place this file in the correct directory relative to the SHA256SUMS file for the simple verification command to work. By not including the directory name in the SHA256SUMS file, it will be easier for users to verify downloaded binaries. ACKs for top commit: Zero-1729: re-ACK 132cae4 fanquake: ACK 132cae4 Tree-SHA512: c9ff416b8dfb2f3ceaf4d63afb84aac9fcaefbbf9092f9e095061b472884ec92c7a809e6530c7132a82cfe3ab115a7328e47994a412072e1d4feb26fc502c8c5
PastaPastaPasta
force-pushed
the
guix-dashification
branch
from
c96d251 to
46a5cd4
Compare
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Jul 24, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Jul 24, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Jul 25, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Jul 25, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Jul 25, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Jul 25, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Jul 25, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Jul 25, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Jul 25, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Jul 25, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Jul 30, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Aug 1, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
vijaydasmp
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Aug 1, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
UdjinM6
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Aug 1, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
PastaPastaPasta
pushed a commit
to vijaydasmp/dash
that referenced
this pull request
Aug 8, 2023
…not using default ports 010eed3 doc: warn that incoming conns are unlikely when not using default ports (Adam Jonas) Pull request description: Closes dashpay#5150. This was mostly copied from dashpay#5285 by sulks, who has since quit GitHub. The issue has remained open for 6 years, but the extra explanation still seems useful. ACKs for top commit: laanwj: re-ACK 010eed3 Tree-SHA512: d240fb06bba41ad8898ced59356c10adefc09f3abb33e277f8e2c5980b40678f2d237f286b476451bb29d2b94032a7dee2ada3b2efe004ed1c2509e70b48e40f
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue being fixed or feature implemented
This PR switches building dash from gitian to Guix containers. Guix is a transactional package manager much like Nix, but unlike Nix, it has more of a focus on bootstrappability and reproducibility which are attractive for security-sensitive projects like dash, bitcoin.
Prior work: #5194 and #5237
Related issue: https://github.com/dashpay/dash-issues/issues/47
What was done?
getent(1)invocation, doc fixups bitcoin/bitcoin#22511Things to do before merging PR:
How Has This Been Tested?
Followed instruction guix/README.md and got guix builds.
To test: signing binaries (not tested yet). Related instruction: Release Process
To test: gitian build. Related instruction: Release Process
Hashes to compare:
Breaking Changes
That's not really breaking changes, gitian should still work.
But the changes are major and should be included in release notes at least.
Checklist: