-
Notifications
You must be signed in to change notification settings - Fork 7
Gitian building
gitian building
Setup instructions for a Gitian build of Ion Core using a VM or physical system.
Gitian is the deterministic build process that is used to build the Ion Core executables. It provides a way to be reasonably sure that the executables are really built from the git source. It also makes sure that the same, tested dependencies are used and statically built into the executable.
Multiple developers build the source code by following a specific descriptor ("recipe"), cryptographically sign the result, and upload the resulting signature. These results are compared and only if they match, the build is accepted and provided for download.
More independent Gitian builders are needed, which is why this guide exists. It is preferred you follow these steps yourself instead of using someone else's VM image to avoid 'contaminating' the build.
- Preparing the Gitian builder host
- Getting and building the inputs
- Building Ion Core
- Building an alternative repository
- Signing externally
- Uploading signatures
The first step is to prepare the host environment that will be used to perform the Gitian builds. This guide explains how to set up the environment, and how to start the builds.
Gitian builds are known to be working on recent versions of Debian, Ubuntu and Fedora. If your machine is already running one of those operating systems, you can perform Gitian builds on the actual hardware. Alternatively, you can install one of the supported operating systems in a virtual machine.
Any kind of virtualization can be used, for example:
- VirtualBox (covered by this guide)
- KVM
- LXC, see also Gitian host docker container.
Please refer to the following documents to set up the operating systems and Gitian.
Debian/Ubuntu | Fedora | |
---|---|---|
Setup virtual machine (Virtualbox) | Create Debian 8 VirtualBox | Create Fedora VirtualBox |
Setup virtual machine (VMWare) | Create Debian 8 VMWare | Create Fedora VMWare |
Setup Gitian | Setup Gitian on Debian 8 (build for trusty) | Setup Gitian on Fedora |
Setup Gitian on Ubuntu 18.04.1 (build for bionic) |
Source OS | Live/ISO | VMWare/Virtualbox offline image | Source OS ISO |
---|---|---|---|
Iontu GitianOS 18.04.1 basic server ISO | Iontu GitianOS Live Desktop 18.04.1 | Iontu-GitianOS-18.04.1.ova | Ubuntu 18.04.1 LTS netboot |
At this point you have two options, you can either use the automated script (found in https://github.com/cevap/ion/blob/master/contrib/gitian-build.sh, only works in Debian/Ubuntu) or you could manually do everything by following this guide.
If you are using the automated script, then run it with the --setup
command. Afterwards, run it with the --build
command (example: contrib/gitian-build.sh -b signer 3.1.0
). Otherwise ignore this.
Follow the instructions in https://github.com/cevap/ion/blob/master/doc/release-process.md in the ion repository under 'Fetch and create inputs' to install sources which require manual intervention. Also optionally follow the next step: 'Seed the Gitian sources cache and offline git repositories' which will fetch the remaining files required for building offline.
To build Ion Core (for Linux, OS X and Windows) just follow the steps under 'perform Gitian builds' in https://github.com/cevap/ion/blob/master/doc/release-process.md in the ion repository.
This may take some time as it will build all the dependencies needed for each descriptor. These dependencies will be cached after a successful build to avoid rebuilding them when possible.
At any time you can check the package installation and build progress with
tail -f var/install.log
tail -f var/build.log
Output from gbuild
will look something like
Initialized empty Git repository in /home/gitianuser/gitian-builder/inputs/ion/.git/
remote: Counting objects: 57959, done.
remote: Total 57959 (delta 0), reused 0 (delta 0), pack-reused 57958
Receiving objects: 100% (57959/57959), 53.76 MiB | 484.00 KiB/s, done.
Resolving deltas: 100% (41590/41590), done.
From https://github.com/cevap/ion
... (new tags, new branch etc)
--- Building for trusty amd64 ---
Stopping target if it is up
Making a new image copy
stdin: is not a tty
Starting target
Checking if target is up
Preparing build environment
Updating apt-get repository (log in var/install.log)
Installing additional packages (log in var/install.log)
Grabbing package manifest
stdin: is not a tty
Creating build script (var/build-script)
lxc-start: Connection refused - inotify event with no name (mask 32768)
Running build script (log in var/build.log)
If you want to do a test build of a pull on GitHub it can be useful to point the Gitian builder at an alternative repository, using the same descriptors and inputs.
For example:
URL=https://github.com/cevap/bitcoin.git
COMMIT=2014_03_windows_unicode_path
./bin/gbuild --commit ion=${COMMIT} --url ion=${URL} ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
./bin/gbuild --commit ion=${COMMIT} --url ion=${URL} ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
./bin/gbuild --commit ion=${COMMIT} --url ion=${URL} ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml
For building fully offline including attaching signatures to unsigned builds, the detached-sigs repository and the bitcoin git repository with the desired tag must both be available locally, and then gbuild must be told where to find them. It also requires an apt-cacher-ng which is fully-populated but set to offline mode, or manually disabling gitian-builder's use of apt-get to update the VM build environment.
To configure apt-cacher-ng as an offline cacher, you will need to first populate its cache with the relevant files. You must additionally patch target-bin/bootstrap-fixup to set its apt sources to something other than plain archive.ubuntu.com: us.archive.ubuntu.com works.
So, if you use LXC:
export PATH="$PATH":/path/to/gitian-builder/libexec
export USE_LXC=1
cd /path/to/gitian-builder
./libexec/make-clean-vm --suite trusty --arch amd64
LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root apt-get update
LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root \
-e DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -y install \
$( sed -ne '/^packages:/,/[^-] .*/ {/^- .*/{s/"//g;s/- //;p}}' ../bitcoin/contrib/gitian-descriptors/*|sort|uniq )
LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root apt-get -q -y purge grub
LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root -e DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade
And then set offline mode for apt-cacher-ng:
/etc/apt-cacher-ng/acng.conf
[...]
Offlinemode: 1
[...]
service apt-cacher-ng restart
Then when building, override the remote URLs that gbuild would otherwise pull from the Gitian descriptors::
cd /some/root/path/
git clone https://github.com/cevap/ion-detached-sigs.git
BTCPATH=/some/root/path/bitcoin
SIGPATH=/some/root/path/bitcoin-detached-sigs
./bin/gbuild --url ion=${BTCPATH},signature=${SIGPATH} ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml
If you want to do the PGP signing on another device, that's also possible; just define SIGNER
as mentioned
and follow the steps in the build process as normal.
gpg: skipped "cevap": secret key not available
When you execute gsign
you will get an error from GPG, which can be ignored. Copy the resulting .assert
files
in gitian.sigs
to your signing machine and do
gpg --detach-sign ${VERSION}-linux/${SIGNER}/bitcoin-linux-build.assert
gpg --detach-sign ${VERSION}-win/${SIGNER}/bitcoin-win-build.assert
gpg --detach-sign ${VERSION}-osx-unsigned/${SIGNER}/bitcoin-osx-build.assert
This will create the .sig
files that can be committed together with the .assert
files to assert your
Gitian build.
After building and signing you can push your signatures (both the .assert
and .assert.sig
files) to the
cevap/gitian.sigs repository, or if that's not possible create a pull
request. You can also mail the files to Wladimir (dev@i2pmail.org) and he will commit them.
Builds
HOW TO: Compile iond Daemon from source
HOW TO: Compile the ION QT wallet on Ubuntu
Snapcraft installs
Upgrade
ION Masternodes
HOW TO: ION 5.0 Masternode Quickstart Guide
HOW TO: Setup ION 5.0 remote Masternode with Ubuntu remote and local QT wallet(DASH-Rebase)
ION coincore QT wallet ELECTRON MINING
Mining ION coin ELECTRON tokens with Proof of Work
ionomy Sharenodes
ionomy Zendesk hosted Sharenodes and dedicated Masternodes FAQ
ION Chain Token System
Atomic Token Protocol (ATP) Overview
ION Token system Basic Operations
UseCases tokens Create-New-Token
UseCases tokens Send-tokens
UseCases tokens Token-balance
UseCases tokens View-token-information
Testing ION tokens on regtest
UseCases regtest Start-regtest
UseCases regtest Access Token Management Key
ION Token group management
UseCases tokens Key-rotation-with-token-authorities
Create and distribute the XDM token according to the IEO
UseCases tokens Create-Management-Tokens
UseCases tokens Drop-token-mint-capability
UseCases tokens Find-token-authorities
General FAQ
How to backup my wallet and its data
How to: backup ION coin blockchain database
HOW TO: Export Private Keys from ION QT
HOW TO: Import private key to ION 3.0 Wallet
How to generate an onion privacy address
Multisend
User-Documentation
Accounts-Explained
ION-coin-Data-Directory
Raw-Transactions
Running-ION
Gitian
Gitian Building
Gitian-building-create-VM-Debian
Gitian-building-create-Debian-VMware
Gitian-building-create-VM-Fedora
Gitian-building-setup-Gitian-Debian
Gitian-building-setup-Gitian-Debian-Google-Console
Gitian-building-setup-Gitian-Debian-Google-Console-Create-instance-template
Gitian-building-setup-Gitian-Debian-Google-Console-Create-VM-from-template
Gitian-building-setup-Gitian-Fedora
Zerocoin
HOW TO: Convert Zerocoin xION to ION
How to: Backup and restore xION Zerocoin private seed
Developer-Documentation
API-Calls-List
API-Reference-JSON-RPC
Weekly Play to Win ION coin mobile gaming tournaments
How do I get involved
ionomy extra info
XDM DarkMatter IEO
ionomy Support Help Centre
ionomy web links and info
ION coin Technical Whitepaper
ion coin Bounty Procedures
ionomy Bounty Information
ionomy ION current events