Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
The `bitcoin-core/guix.sigs` Repository Workflow

The bitcoin-core/guix.sigs Repository Workflow

Common environment variables

export SIGNER="hebasto"
export GUIX_SIGS_REPO="/home/hebasto/guix.sigs"
export DETACHED_SIGS_REPO="/home/hebasto/bitcoin-detached-sigs"

Prerequisites

  1. Make sure your public key is available on https://keys.openpgp.org/.

  2. Fork the bitcoin-core/guix.sigs repository on GitHub (if not forked yet):

pushd /home/hebasto/guix.sigs
git remote add hebasto git@github.com:hebasto/guix.sigs.git
git config remote.pushDefault hebasto
popd
  1. The Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers subdirectory must resides in the depends/SDKsdirectory.

Preparing repository

If building for a tag:

VERSION=22.0rc3
git fetch
git checkout v$VERSION

Building

./contrib/guix/guix-build

Attesting non-codesigned binaries

./contrib/guix/guix-attest
pushd $GUIX_SIGS_REPO
git switch main
git pull
git checkout -b ${VERSION}-non-codesigned
git add $VERSION
git commit -m "Add attestations by $SIGNER for $VERSION non-codesigned"
git push
popd

Submit a PR to the bitcoin-core/guix.sigs repository on GitHub.

Signing binaries

pushd $DETACHED_SIGS_REPO
git fetch
git checkout v$VERSION
popd
./contrib/guix/guix-codesign

Attesting codesigned binaries

./contrib/guix/guix-attest
pushd $GUIX_SIGS_REPO
git switch main
git pull
git checkout -b ${VERSION}-codesigned
git add $VERSION
git commit -m "Add attestations by $SIGNER for $VERSION codesigned"
git push
popd

Submit a PR to the bitcoin-core/guix.sigs repository on GitHub.

Verifying

pushd $GUIX_SIGS_REPO
git switch main
git pull
popd
./contrib/guix/guix-verify
@Emzy

This comment has been minimized.

Copy link

@Emzy Emzy commented Apr 16, 2021

tested, worked.

@jonatack

This comment has been minimized.

Copy link

@jonatack jonatack commented Jul 23, 2021

Very helpful doc! Thanks!

In Signing Binaries, the git checkout command should be git checkout v$VERSION (the "v" is missing).

@jonatack

This comment has been minimized.

Copy link

@jonatack jonatack commented Jul 23, 2021

(Maybe also state that the ./contrib/guix/guix-{build, attest, verify} commands should be run from the root of the bitcoin directory.)

@hebasto

This comment has been minimized.

Copy link
Owner Author

@hebasto hebasto commented Jul 24, 2021

Very helpful doc! Thanks!

Thanks you!

In Signing Binaries, the git checkout command should be git checkout v$VERSION (the "v" is missing).

Is it ok now?

@jonatack

This comment has been minimized.

Copy link

@jonatack jonatack commented Jul 24, 2021

In Signing Binaries, the git checkout command should be git checkout v$VERSION (the "v" is missing).

Is it ok now?

Seems good. Thanks!

@0xB10C

This comment has been minimized.

Copy link

@0xB10C 0xB10C commented Aug 4, 2021

Thank you! Very helpful.

@benthecarman

This comment has been minimized.

Copy link

@benthecarman benthecarman commented Aug 7, 2021

Is this possible without having an apple developer account?

@hebasto

This comment has been minimized.

Copy link
Owner Author

@hebasto hebasto commented Aug 7, 2021

@willcl-ark

This comment has been minimized.

Copy link

@willcl-ark willcl-ark commented Sep 10, 2021

Thanks, very useful (and worked very well!)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment