Gitian on Ubuntu 18.04 (Bionic) for BTC v0.20.1

gitian_ubuntu1804_btc0201.md

Gitian on Ubuntu 18.04 (Bionic) for BTC v0.20.1

VM

• Download Ubuntu 18.04 (Bionic)
  • https://releases.ubuntu.com/18.04.5/

echo "3756b3201007a88da35ee0957fbe6666c495fb3d8ef2e851ed2bd1115dc36446 *ubuntu-18.04.5-live-server-amd64.iso" | sha256sum -c | grep OK
# (must return OK)

• Installing VM
  • Set username as gitianuser
  • File location and size: at least 100 GB for huge Ubuntu 18.04 (Bionic)
  • Port Forwarding: Host Port 25252 and Guest Port 22
  • https://github.com/bitcoin-core/docs/blob/master/gitian-building/gitian-building-create-vm-debian.md
• Connect to VM

ssh gitianuser@localhost -p 25252

DEPS

Ubuntu 18.04 (Bionic) has no ubuntu-archive-keyring.

sudo apt-get install -y \
git ruby apt-cacher-ng qemu-utils debootstrap lxc python-cheetah parted kpartx bridge-utils make curl firewalld \
python-vm-builder \
# ubuntu-archive-keyring

LXC 3.0.3

sudo apt-get install -y lxc && \
lxc-execute --version | grep "3.0.3"

LXC Workaround

sudo -s

echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc && \
echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-execute" >> /etc/sudoers.d/gitian-lxc && \
echo '#!/bin/sh -e' > /etc/rc.local && \
echo 'brctl addbr br0' >> /etc/rc.local && \
echo 'ip addr add 10.0.3.1/24 broadcast 10.0.3.255 dev br0' >> /etc/rc.local && \
echo 'ip link set br0 up' >> /etc/rc.local && \
echo 'firewall-cmd --zone=trusted --add-interface=br0' >> /etc/rc.local && \
echo 'exit 0' >> /etc/rc.local && \
chmod +x /etc/rc.local && \
echo 'export USE_LXC=1' >> /home/gitianuser/.profile && \
echo 'export GITIAN_HOST_IP=10.0.3.1' >> /home/gitianuser/.profile && \
echo 'export LXC_GUEST_IP=10.0.3.5' >> /home/gitianuser/.profile

• reboot

DEBOOTSTRAP 1.0.95

sudo apt-get install -y debootstrap && \
apt list -a debootstrap && \
/usr/sbin/debootstrap --version | grep "1.0.95"

Gitian

VM-BUILDER

sudo apt-get install -y python-vm-builder

(Optional) VM-BUILDER from SRC

CLICK ME

wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr494.orig.tar.gz && \
echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e  vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c && \
tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz && \
cd vm-builder-0.12.4+bzr494 && \
sudo python2.7 setup.py install && \
cd ..

Clone

git clone https://github.com/devrandom/gitian-builder.git && \
git clone https://github.com/bitcoin/bitcoin && \
git clone https://github.com/bitcoin-core/gitian.sigs.git && \
git clone https://github.com/bitcoin-core/bitcoin-detached-sigs.git

Apple SDK

• Mirror by decryp2kanon: https://github.com/decryp2kanon/apple_sdk/releases/tag/200923

cd && \
cd gitian-builder && \
mkdir inputs && cd inputs && \
wget https://github.com/decryp2kanon/apple_sdk/releases/download/200923/MacOSX10.14.sdk.tar.gz && \
wget https://github.com/decryp2kanon/apple_sdk/releases/download/200923/Xcode-11.3.1-11C505-extracted-SDK-with-libcxx-headers.tar.gz && \
wget https://github.com/decryp2kanon/apple_sdk/releases/download/200923/osslsigncode-2.0.tar.gz && \
\
echo "328aff47e28c17093d59a72712a9b2e62cd8a8b87bbe03f91abb32960b413f0f  MacOSX10.14.sdk.tar.gz" | sha256sum -c | grep OK && \
echo "436df6dfc7073365d12f8ef6c1fdb060777c720602cc67c2dcf9a59d94290e38  Xcode-11.3.1-11C505-extracted-SDK-with-libcxx-headers.tar.gz" | sha256sum -c | grep OK && \
echo "5a60e0a4b3e0b4d655317b2f12a810211c50242138322b16e7e01c6fbb89d92f  osslsigncode-2.0.tar.gz" | sha256sum -c | grep OK

Build VM

cd && \
cd gitian-builder && \
bin/make-base-vm --lxc --arch amd64 --suite bionic

• reboot

Gitian Setup

cd && \
cd bitcoin && git checkout v0.20.1 && \
cd && \
cp bitcoin/contrib/gitian-build.py .

• Run this just once at first time. Never again. No idea...

./gitian-build.py --setup

• Ignore this error. However you can go next step.

base-bionic-amd64 already exists, please remove it first Traceback (most recent call last): File "./gitian-build.py", line 262, in main() File "./gitian-build.py", line 198, in main setup() File "./gitian-build.py", line 42, in setup subprocess.check_call(make_image_prog) File "/usr/lib/python3.6/subprocess.py", line 311, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['bin/make-base-vm', '--suite', 'bionic', '--arch', 'amd64', '--lxc']' returned non-zero exit status 1.

Build

Build Release

• -j 14: Thread amount
• -m 8000: Memory amount
• --os lwm: Linux, Windows and MacOS
• 0.20.1: Tagged version

cd && \
./gitian-build.py -j 14 -m 8000 --os lwm --detach-sign --no-commit -b decryp2kanon 0.20.1

Get Binaries & Remove Debug

cd ~/bitcoin-binaries/0.20.1/ && \
rm *-debug*

(Optional) Rename Filename

CLICK ME

TARGET_NAME=0.20.1.3 && rename 's#0.20.1#'$TARGET_NAME'#g' *.*

SHA256SUM

sha256sum * > SHA256SUMS && \
cat SHA256SUMS

(Optional) Importing PGP

CLICK ME

gpg --allow-secret-key-import --import decryp2kanon-secret-key.pgp

Signing PGP

• Switching PGP: --default-key ABCD1234

gpg --digest-algo sha256 --clearsign SHA256SUMS && \
rm SHA256SUMS && \
cat SHA256SUMS.asc

Verify PGP

gpg --verify SHA256SUMS.asc

CLICK ME

gpg: Signature made Sun 08 Nov 2020 09:02:20 PM UTC
gpg:                using RSA key A51B1957E82E5404FFE88CB9B07AEB803FB9E8E9
gpg: Good signature from "decryp2kanon (sugarchain developer) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: A51B 1957 E82E 5404 FFE8  8CB9 B07A EB80 3FB9 E8E9

Release

scp -r /home/gitianuser/bitcoin-binaries/0.20.1/ [email protected]:~/Desktop/

---

UPDATE

Tagging a new version

• git describe refers only to annotated tags. use annotation -a and tag message -m.
• Not on VM, but on your machine.

NEW_TAG=v0.20.99-rc1 && TAG_MESSAGE="I did update something!" && \
git tag -a ${NEW_TAG} -m "${TAG_MESSAGE}" && \
git push origin ${NEW_TAG} && \
git describe --exact-match HEAD