- our new key now supports both
- note that we don't bother to "dual sign" for both sha1 and sha2, as
Win7 upwards sha2 is supported (and we already don't support XP, Vista, etc anymore)
Create a pyinstaller "onedir" executable instead of a "onefile" executable.
Note that the name change from "Electrum" to "run_electrum" affects the
name of the internal binary (usually not exposed to users). This is
needed to avoid a collision with the "electrum" folder inside the .app
(just like in the source tree).
based on 03c3eca856
maybe fixes#6225
If there is a collision between a branch name and a commit hash, git
will choose the branch, even if the full 40-hex-long commit hash is
given. GitHub disallows branches/tags with such a name but git itself
does not. By adding the `^{commit}` syntax sugar after a ref name,
we can tell git that we want the commit hash to be preferred,
and hence we don't need to trust GitHub (only git).
see https://security.stackexchange.com/questions/225411/
the one in apt refused to install certain package versions (that were pinned by hash!!)
and installed different versions instead... e.g.:
Collecting wheel==0.34.2 (from -r /opt/electrum/contrib/build-linux/sdist/../../../contrib/deterministic-build/requirements.txt (line 112))
Downloading 521c6dc7fe/wheel-0.34.2.tar.gz (58kB)
100% |████████████████████████████████| 61kB 3.8MB/s
Requested wheel==0.34.2 from 521c6dc7fe/wheel-0.34.2.tar.gz (sha256)=8788e9155fe14f54164c1b9eb0a319d98ef02c160725587ad60f14ddc57b6f96 (from -r /opt/electrum/contrib/build-linux/sdist/../../../contrib/deterministic-build/requirements.txt (line 112)), but installing version 0.30.0
Previously we stuck with version 2.6.8 as that had no deps but later
versions introduced several deps. However, now latest version only
has two dependencies (one of which has the same maintainer).
Futher, there are some bugs with 2.6.8 when used with new Qt,
e.g. with dropdowns that I want fixed (which it is in the newer ones).
related https://github.com/ColinDuquesnoy/QDarkStyleSheet/issues/182
Certain dependencies are only needed on old python versions,
e.g. backports of stdlib functionality.
We should definitely not use newer python when running freeze_packages.sh
than what we bundle in the binaries. Perhaps it is prudent to use the
min python version that we support (which is atm older than what we bundle).
