LBRYFoundation/LBRY-Vault
1
0
Fork 0
mirror of https://github.com/LBRYFoundation/LBRY-Vault.git synced 2025-09-05 14:01:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
LBRY-Vault/contrib/build-wine
History
Filip Gospodinov 73fee2fefa build-wine: allow local testing 
Before, it was only possible to test commits that are
on Github (pull request or merged). Now, changes can be
tested locally too.

This introduces the risk that a release could be built
containing uncommitted changes which by definition breaks
deterministic builds. Fortunately, this will always be
detected because the version string is created using
`git describe --tags --dirty`.

Also, retire $TARGET variable because it decouples the
build scripts from the commit revision to be built. This
is a problem for deterministic  builds.
2018-07-10 13:33:46 +02:00
..
docker build-wine: allow local testing 2018-07-10 13:33:46 +02:00
build-electrum-git.sh build-wine: allow local testing 2018-07-10 13:33:46 +02:00
build-secp256k1.sh wine build: towards deterministic libsecp - strip debug symbols 2018-06-28 22:05:13 +02:00
build.sh build-wine: allow local testing 2018-07-10 13:33:46 +02:00
deterministic.spec fix revealer for linux distributables; and small clean-up 2018-06-10 22:12:23 +02:00
electrum.nsi build-wine: allow local testing 2018-07-10 13:33:46 +02:00
prepare-wine.sh build-wine: allow local testing 2018-07-10 13:33:46 +02:00
README.md winbuilds: update README. Do not sign in unsign.sh 2018-06-30 13:22:46 +02:00
sign.sh sign.sh: rm signed dir 2018-07-02 09:19:02 +02:00
unsign.sh sign.sh: rm signed dir 2018-07-02 09:19:02 +02:00

README.md

Windows Binary Builds

These scripts can be used for cross-compilation of Windows Electrum executables from Linux/Wine. Produced binaries are deterministic, so you should be able to generate binaries that match the official releases.

Usage:

  1. Install the following dependencies:
  • dirmngr
  • gpg
  • 7Zip
  • Wine (>= v2)
  • (and, for building libsecp256k1)
    • mingw-w64
    • autotools-dev
    • autoconf
    • libtool

For example:

$ sudo apt-get install wine-development dirmngr gnupg2 p7zip-full
$ sudo apt-get install mingw-w64 autotools-dev autoconf libtool

The binaries are also built by Travis CI, so if you are having problems, that script might help.

  1. Make sure /opt is writable by the current user.
  2. Run build.sh.
  3. The generated binaries are in ./dist.

Code Signing

Electrum Windows builds are signed with a Microsoft Authenticode™ code signing certificate in addition to the GPG-based signatures.

The advantage of using Authenticode is that Electrum users won't receive a Windows SmartScreen warning when starting it.

The release signing procedure involves a signer (the holder of the certificate/key) and one or multiple trusted verifiers:

Signer Verifier
Build .exe files using build.sh
Sign .exe with ./sign.sh
Upload signed files to download server
Build .exe files using build.sh
Compare files using unsign.sh
Sign .exe file using gpg -b

| Signer and verifiers: | Upload signatures to 'electrum-signatures' repo, as $version/$filename.$builder.asc |

Verify Integrity of signed binary

Every user can verify that the official binary was created from the source code in this repository. To do so, the Authenticode signature needs to be stripped since the signature is not reproducible.

This procedure removes the differences between the signed and unsigned binary:

  1. Remove the signature from the signed binary using osslsigncode or signtool.
  2. Set the COFF image checksum for the signed binary to 0x0. This is necessary because pyinstaller doesn't generate a checksum.
  3. Append null bytes to the unsigned binary until the byte count is a multiple of 8.

The script unsign.sh performs these steps.