This steps in this guide will leave your machine highly insecure. Hence, the guide should be used on a temporary VPS not an actual machine/server.
In this section we will be setting up the Ubuntu installation for Gitian building. We are using the user builder
to do the setup. You can use any non-root user.
First we need to log in as root
to set up dependencies and make sure that our
user can use the sudo command. Type/paste the following in the terminal:
apt-get install make git ruby sudo apt-cacher-ng qemu-utils debootstrap lxc python-cheetah parted kpartx bridge-utils python-vm-builder
adduser builder sudo
When you get a colorful screen with a question about the 'LXC directory', just
go with the default (/var/lib/lxc
).
Then set up LXC and the rest with the following, which is a complex jumble of settings and workarounds:
# lxc-start in Ubuntu needs to run as root, so make sure
# that the build script can exectute it without providing a password
echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/builder
# also add the following line if you want to run the gitian-build.py
# script in the background using nohup.
# Note: it will give 'builder' a __password-less sudo__ capability
echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/builder
# add cgroup for LXC
echo "cgroup /sys/fs/cgroup cgroup defaults 0 0" >> /etc/fstab
# make /etc/rc.local script that sets up bridge between guest and host
echo '#!/bin/sh -e' > /etc/rc.local
echo 'brctl addbr br0' >> /etc/rc.local
echo 'ifconfig br0 10.0.3.2/24 up' >> /etc/rc.local
echo 'exit 0' >> /etc/rc.local
# make sure that USE_LXC is always set when logging in as gitian,
# and configure LXC IP addresses
echo 'export USE_LXC=1' >> /home/builder/.profile
echo 'export GITIAN_HOST_IP=10.0.3.2' >> /home/builder/.profile
echo 'export LXC_GUEST_IP=10.0.3.5' >> /home/builder/.profile
reboot
At the end the VM is rebooted to make sure that the changes take effect. The steps in this section need only to be performed once.
Re-login as the user builder
that was created during installation. The rest of the steps in this guide will be performed as that user.
If you don't have one, create a GPG key. The script will stop if it doesn't find a key in your keychain.
gpg --gen-key
Copy the gitian-build.py
script from your blockchain's /contrib/' directory to
builder`'s home directory. Then, run
./gitian-build.py --setup "GPG Key Name" "1.0.0"
If you don't pass --commit
(completely unrelated to the option --no-commit), the script will assume the version to be a tag and automaticall prepend v
to it.
Create the dir inputs
inside gitian-builder
and copy MacOSX10.11.sdk.tar.gz
to it. (See README_osx.md
)
./gitian-build.py --build --jobs $(nproc) --os lwm --no-commit "GPG Key Name" "1.0.0"
The building phase of the gitian job is going to take an extremely long time because, by default binaries for the following architectures are built: "i686-pc-linux-gnu x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu riscv64-linux-gnu". AFAIK, the only way to change this is remove hosts(archs) directly from the .yml file.
You can use nohup if you enabled password-less sudo in the previous step.
Once the build is over, you should find all the packaged binaries in $HOME/blockchain-binaries/1.0.0/ diretory. scp that directory over to your machine and delete the VPS