Skip to content

Instantly share code, notes, and snippets.

@cryptozeny
Last active February 9, 2020 14:54
Show Gist options
  • Save cryptozeny/3501c77750541208b9dd1a9e9719fc53 to your computer and use it in GitHub Desktop.
Save cryptozeny/3501c77750541208b9dd1a9e9719fc53 to your computer and use it in GitHub Desktop.
SUGAR gitian cross compilation for Sugarchain v0.16.3.x

GITIAN BUILD for Sugarchain (SUGAR) 0.16.3.10rc61

Prepare VM


Setup VM

Install DEP

sudo apt-get install -y \
git ruby apt-cacher-ng qemu-utils debootstrap lxc python-cheetah parted kpartx bridge-utils make ubuntu-archive-keyring curl firewalld

LXC && UTF-8 && Timezone

$ sudo -s
  • LXC
echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc && \
echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-execute" >> /etc/sudoers.d/gitian-lxc && \
echo '#!/bin/sh -e' > /etc/rc.local && \
echo 'brctl addbr br0' >> /etc/rc.local && \
echo 'ip addr add 10.0.3.1/24 broadcast 10.0.3.255 dev br0' >> /etc/rc.local && \
echo 'ip link set br0 up' >> /etc/rc.local && \
echo 'firewall-cmd --zone=trusted --add-interface=br0' >> /etc/rc.local && \
echo 'exit 0' >> /etc/rc.local && \
chmod +x /etc/rc.local && \
echo 'export USE_LXC=1' >> /home/gitianuser/.profile && \
echo 'export GITIAN_HOST_IP=10.0.3.1' >> /home/gitianuser/.profile && \
echo 'export LXC_GUEST_IP=10.0.3.5' >> /home/gitianuser/.profile
  • UTF-8 en_US.UTF-8
export LANGUAGE="en_US.UTF-8" && \
echo 'LANGUAGE="en_US.UTF-8"' >> /etc/default/locale && \
echo 'LC_ALL="en_US.UTF-8"' >> /etc/default/locale
  • Set Timezone Asia/Seoul
timedatectl set-timezone Asia/Seoul
  • Reboot
sudo reboot now # WARNING!! SYSTEM NOW REBOOTING!!
  • Check (after reboot)
cat /etc/default/locale && \
locale && \
cat /etc/timezone
  • Check Output
#  File generated by update-locale
LANG="en_US.UTF-8"
LANGUAGE="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LANG=en_US.UTF-8
LANGUAGE=en_US.UTF-8
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=en_US.UTF-8
Asia/Seoul

Gitian Setup

Installing Gitian

  • build from source : python-vm-builder (since no python-vm-builder package in Debian)
cd && \
wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr494.orig.tar.gz && \
echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e  vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c && \
tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz && \
cd vm-builder-0.12.4+bzr494 && \
sudo python setup.py install && \
cd ..

SUGAR clone (SUGAR tags/v0.16.3.10rc25) dir sugarchain-v0.16.3 branch master-v0.16.3

cd && \
git clone https://github.com/devrandom/gitian-builder.git && \
git clone https://github.com/sugarchain-project/gitian.sigs.sugar.git && \
git clone https://github.com/sugarchain-project/sugarchain-detached-sigs.git && \
git clone git@github.com:cryptozeny/sugarchain-v0.16.3.git && \
mv sugarchain-v0.16.3 sugarchain && \
cd sugarchain && \
git checkout tags/v0.16.3.10rc25 && \
cd

Make Your Own PGP Key

gpg --allow-secret-key-import --import cryptozeny-secret-key.pgp

Gitain Build

Initial Gitian Setup (SUGAR tags/v0.16.3.10rc25)

  • download osslsigncode-1.7.1 and Patch (check sha256sum OK)
cd && \
git clone https://github.com/cryptozeny/osslsigncode-1.7.1.tar.gz.git && \
cd osslsigncode-1.7.1.tar.gz/ && \
echo 'a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 osslsigncode-Backports-to-1.7.1.patch' | sha256sum -c && \
echo 'f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 osslsigncode-1.7.1.tar.gz' | sha256sum -c && \
mkdir -p ~/gitian-builder/inputs && \
cp osslsigncode-Backports-to-1.7.1.patch ~/gitian-builder/inputs/ && \
cp osslsigncode-1.7.1.tar.gz ~/gitian-builder/inputs/ && \
cd
  • download Xcode SDK for macOS build (check sha256sum OK)
cd && \
git clone https://github.com/cryptozeny/MacOSX10.11.sdk.tar.gz.git && \
cd MacOSX10.11.sdk.tar.gz/ && \
echo "fc65dd34a3665a549cf2dc005c1d13fcead9ba17cadac6dfd0ebc46435729898" MacOSX10.11.sdk.tar.gz | sha256sum -c && \
mkdir -p ~/gitian-builder/inputs && \
cp MacOSX10.11.sdk.tar.gz ~/gitian-builder/inputs/MacOSX10.11.sdk.tar.gz && \
cd
cd && \
cd gitian-builder && \
bin/make-base-vm --lxc --arch amd64 --suite trusty && \
cd
  • Init Gitian cryptozeny and check branch master-v0.16.3
cd && \
cd sugarchain && \
git checkout master-v0.16.3 && \
git pull && \
cd && \
cp ./sugarchain/contrib/gitian-build.sh . && \
cd && \
./gitian-build.sh --setup cryptozeny 0.16.3.10rc25 && \
cd

Build Binaries (SUGAR tags/v0.16.3.10rc25)

  • OS Selection
    --os lwx : Linux + Windows + OSX
    --os l : Linux
    --os w : Windows
    --os x : OSX (macOS)

  • Options : Build Speed (Cores +1)
    2 CPU Cores : -j 3(2+1) or --num-make 3(2+1) (Default 2)
    3 GB Ram : -m 3000 or --memory 3000 (Default 2000)

  • Signer (Github ID) cryptozeny

  • All of them --os lwx

cd && \
./gitian-build.sh -j 3 -m 3000 --os lwx --detach-sign --no-commit -b cryptozeny 0.16.3.10rc25
  • Linux --os l
cd && \
./gitian-build.sh -j 3 -m 3000 --os l --detach-sign --no-commit -b cryptozeny 0.16.3.10rc25
  • Windows --os w
cd && \
./gitian-build.sh -j 3 -m 3000 --os w --detach-sign --no-commit -b cryptozeny 0.16.3.10rc25
  • OSX (macOS) --os x
cd && \
./gitian-build.sh -j 3 -m 3000 --os x --detach-sign --no-commit -b cryptozeny 0.16.3.10rc25
  • Check Building Process
tail -f ~/gitian-builder/var/build.log
  • Binary Location
ls ~/sugarchain-binaries/0.16.3.10rc25/
  • Signing PGP to Binaries (Windows and OSX: --os wx) TODO
cd && \
./gitian-build.sh -j 3 -m 3000 --os wx --detach-sign --no-commit -s cryptozeny 0.16.3.10rc25
  • Remove *-debug* && *-unsigned*
cd ~/sugarchain-binaries/0.16.3.10rc25/ && \
rm *-debug* ;

rm -unsigned

  • Create SHA256SUMS.asc and PGP-sign
cd ~/sugarchain-binaries/0.16.3.10rc25/ && \
sha256sum * > SHA256SUMS && \
gpg --digest-algo sha256 --clearsign SHA256SUMS # outputs SHA256SUMS.asc # input password
rm SHA256SUMS && \
cat SHA256SUMS.asc
  • SHA256SUM.asc result (SUGAR tags/v0.16.3.10rc25)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

214a3c82e73fb6defcb5aab4a49ca0881e2d3cf4f0aa29af109a570e4ec85fd9  sugarchain-0.16.3-aarch64-linux-gnu.tar.gz
ee5852814ca5ff08962bfb936955a4f81cf6f82aa8127d8f73e308600d5515a2  sugarchain-0.16.3-arm-linux-gnueabihf.tar.gz
788b0a3df07f41e73acb22ba2c7cda8f664417f88d56ee3dafb2d79146d03479  sugarchain-0.16.3-i686-pc-linux-gnu.tar.gz
d67b457c7e6e82a487d8687810b1bf409311a4c2abe4126ee79f6ca80535bbdc  sugarchain-0.16.3-osx64.tar.gz
d50548c86c5dbb3a6b5f930a8533024a5f52f3a92e7677908f6ae7eea71bc9c6  sugarchain-0.16.3-osx-unsigned.dmg
f39919ff2f3680fdbc1cd8bad543aa77eb5a659f9b43d121a3e0b86993156339  sugarchain-0.16.3.tar.gz
e789b56227bb99ddb78ec9deb3a65cca28bb271f91dd26f415fb87375a547147  sugarchain-0.16.3-win32-setup-unsigned.exe
1975ff5aff8cfd5b27b37c66adb85ab0c91b357d2bf20c1455bd2606bd8dce62  sugarchain-0.16.3-win32.zip
3241579bb9b825a452b6f6d64d343842a677bbfc41e212b50ece992616b36412  sugarchain-0.16.3-win64-setup-unsigned.exe
57dfb9fa0ff860dd4ed8cd748608046432b26e07ebd56cbdf394ebde6cdfdc26  sugarchain-0.16.3-win64.zip
64b6505cdd5cb9d755dc61717dc93a1b65e214b383a781c9f36e5dbe5a6b37a1  sugarchain-0.16.3-x86_64-linux-gnu.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJcfYr5AAoJELndveKqrcQhiDMQAL1HWm3lCr1D+Cl+c4LDhFrl
hjx9p3iXrAHtRrEmme98ww1dgwnUPgGNprD4AZEwu57OBdoLOLxwH2zUEotMZymZ
9+A/cJjKOEuRGlNg/xvqDJyB8ibda9iCYRm4g/B+f1qn7w7s8he7BW3nBbRaTi/8
2MwthvZfE4wACGtJoHd/UTR5HNXhJI2xB+0UPCb0IalzTTG4q6HyA/UdNPpIBrgj
ZmpkshGnX4giMxBONDtEH7uYnDTDVh3D7/tNkJ+XPPbuh/UbLarFF6PuSBWY9pqI
aR0ioVPH4HGCmcclJl/n3Gs6xhr1AxSLYtW2WWGRr7u+c3m7Xve93ZD7cCVvFuFy
hTlDZ2Sxtk34hDFAwOoKQJs/Ay8wWYWsbT3uEc/eQrEY+RymBhz+rM4xv63Syscs
sncBLeJ6ufjgD2wz0mTM0hQkAdShXl6syZQ98jOqZU5lks0wNBtstnUFoWSa3Zpg
/euCP1irSdqAPxhuTqRxcjiSuxlwCzZjz9/Ct25NkfrcdouFImltFmimSPe06rx8
Qa6XKa9W1Jwh9eHfAbOBWoqCxDMZ9i37fh5dGkBXEsUxKyaSZfSF3siP1e92rf20
mngb2HuUux6CoaGcyFtt09AikRHUDKYoazKAvmTzlulz4JFO2gOiLays5N8I5f+u
Blc9ztBB3tiiHKArgzEg
=qH7G
-----END PGP SIGNATURE-----
gpg --verify SHA256SUMS.asc

gpg: Signature made Sun 03 Mar 2019 01:03:44 AM KST using RSA key ID AAADC421
gpg: Good signature from "cryptozeny (sugarchain developer) <cryptozeny@gmail.com>"
Primary key fingerprint: BB27 9FE1 59A0 E40E D02B  3365 B9DD BDE2 AAAD C421
  • FINAL RELEASE - Copy Binaries to Host (192.168.1.111 is Host's IP)
scp -r /home/gitianuser/sugarchain-binaries/0.16.3.10rc25/ USERNAME@192.168.1.111:~/Desktop/

TODO:

@cryptozeny
Copy link
Author

@cryptozeny
Copy link
Author

cryptozeny commented Mar 5, 2019

Update REMOTE

  • rc26
REMOTE=origin ; BRANCH=master-v0.16.3 ; RC=v0.16.3.12rc1 && git tag $RC && git push $REMOTE $BRANCH && git push origin $RC
  • output - new tag
Everything up-to-date
Total 0 (delta 0), reused 0 (delta 0)
To git@github.com:cryptozeny/sugarchain-v0.16.3.git
 * [new tag]         v0.16.3.12rc1 -> v0.16.3.12rc1

@cryptozeny
Copy link
Author

cryptozeny commented Mar 10, 2019

update GITIAN new tag (at gitianuser VM)

cd && cd sugarchain && git fetch && git checkout master-v0.16.3 && git pull && cd && cp ./sugarchain/contrib/gitian-build.sh . && cd && ./gitian-build.sh --setup cryptozeny 0.16.3.25rc1-6048eba && cd

REMOTE=origin && \
BRANCH=master-v0.16.3 && \
RC=0.16.3.25rc1-6048eba && \
cd && \
cd sugarchain && \
git fetch $REMOTE $BRANCH && \
git checkout $BRANCH && \
git pull $REMOTE $BRANCH && \
cd && cp ./sugarchain/contrib/gitian-build.sh . && \
cd && \
./gitian-build.sh --setup cryptozeny $RC && \
cd

@cryptozeny
Copy link
Author

cryptozeny commented Mar 10, 2019

-O2 duplicated

HOST_CFLAGS='-O2 -g -I/home/ubuntu/build/sugarchain/src/crypto/yespower-1.0.0 -fPIE -Wall -O2 -fomit-frame-pointer'

@cryptozeny
Copy link
Author

Win

HOST_CFLAGS='-O2 -g -I/home/ubuntu/build/sugarchain/src/crypto/yespower-1.0.0 -fPIE -Wall -O2 -fomit-frame-pointer'

@cryptozeny
Copy link
Author

OSX

HOST_CFLAGS='-I/home/ubuntu/build/sugarchain/src/crypto/yespower-1.0.0 -fPIE -Wall -O2 -fomit-frame-pointer'

@cryptozeny
Copy link
Author

cryptozeny commented Jun 30, 2019

change file name for version

RC=0.16.3.25rc1-6048eba && rename 's#0.16.3#'$RC'#g' *.*

@cryptozeny
Copy link
Author

cryptozeny commented Aug 16, 2019

IDK but it fails at first time. However from second try, it will go. Please do twice.

mv: cannot stat ‘build/out/sugarchain-*.tar.gz’: No such file or directory
mv: cannot stat ‘build/out/src/sugarchain-*.tar.gz’: No such file or directory

@decryp2kanon
Copy link

--default-key ABCD1234 for switch your PGP

@decryp2kanon
Copy link

decryp2kanon commented Feb 5, 2020

strange, in some case, sugarchain-0.16.3-win32-setup-unsigned.exe sha256hash is only changed. (the others OK) need verify.

1st

84633a80534732c73a2011e0783554d5ac0ba8b6ceed65c79c17b3f3dafd252b sugarchain-0.16.3-win32-setup-unsigned.exe

2nd

5c499f90f84fbac8768d74d1bd8d59a670420f9d5ea7a356b39972bce3afd704 sugarchain-0.16.3-win32-setup-unsigned.exe

3rd

a432640eb9247dca98a107350f4e9d741b4da84a3be8359fcba417d44755bc31 sugarchain-0.16.3-win32-setup-unsigned.exe

@decryp2kanon
Copy link

decryp2kanon commented Feb 5, 2020

26rc2

cd && cd sugarchain && git fetch && git checkout master-v0.16.3 && git pull && cd && cp ./sugarchain/contrib/gitian-build.sh . && cd && ./gitian-build.sh --setup decryp2kanon 0.16.3.26rc2-36d633c && cd

cd && \
cd sugarchain && \
git checkout master-v0.16.3 && \
git pull && \
cd && \
cp ./sugarchain/contrib/gitian-build.sh . && \
cd && \
./gitian-build.sh --setup decryp2kanon 0.16.3.26rc2-36d633c && \
cd

cd && ./gitian-build.sh -j 12 -m 12000 --os lwx --detach-sign --no-commit -b decryp2kanon 0.16.3.26rc2-36d633c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment