Skip to content
krumblez edited this page Apr 22, 2019 · 2 revisions

gitian building

Edit mode:
Gitian building

Setup instructions for a Gitian build of Ion Core using a VM or physical system.

Gitian is the deterministic build process that is used to build the Ion Core executables. It provides a way to be reasonably sure that the executables are really built from the git source. It also makes sure that the same, tested dependencies are used and statically built into the executable.

Multiple developers build the source code by following a specific descriptor ("recipe"), cryptographically sign the result, and upload the resulting signature. These results are compared and only if they match, the build is accepted and provided for download.

More independent Gitian builders are needed, which is why this guide exists. It is preferred you follow these steps yourself instead of using someone else's VM image to avoid 'contaminating' the build.

Table of Contents

Preparing the Gitian builder host

The first step is to prepare the host environment that will be used to perform the Gitian builds. This guide explains how to set up the environment, and how to start the builds.

Gitian builds are known to be working on recent versions of Debian, Ubuntu and Fedora. If your machine is already running one of those operating systems, you can perform Gitian builds on the actual hardware. Alternatively, you can install one of the supported operating systems in a virtual machine.

Any kind of virtualization can be used, for example:

Please refer to the following documents to set up the operating systems and Gitian.

Debian/Ubuntu Fedora
Setup virtual machine (Virtualbox) Create Debian 8 VirtualBox Create Fedora VirtualBox
Setup virtual machine (VMWare) Create Debian 8 VMWare Create Fedora VMWare
Setup Gitian Setup Gitian on Debian 8 (build for trusty) Setup Gitian on Fedora
Setup Gitian on Ubuntu 18.04.1 (build for bionic)

Download ISO/VMWare/Virtual Box Images

Source OS Live/ISO VMWare/Virtualbox offline image Source OS ISO
Iontu GitianOS 18.04.1 basic server ISO Iontu GitianOS Live Desktop 18.04.1 Iontu-GitianOS-18.04.1.ova Ubuntu 18.04.1 LTS netboot

Getting and building the inputs

At this point you have two options, you can either use the automated script (found in https://github.com/cevap/ion/blob/master/contrib/gitian-build.sh, only works in Debian/Ubuntu) or you could manually do everything by following this guide. If you are using the automated script, then run it with the --setup command. Afterwards, run it with the --build command (example: contrib/gitian-build.sh -b signer 3.1.0). Otherwise ignore this.

Follow the instructions in https://github.com/cevap/ion/blob/master/doc/release-process.md in the ion repository under 'Fetch and create inputs' to install sources which require manual intervention. Also optionally follow the next step: 'Seed the Gitian sources cache and offline git repositories' which will fetch the remaining files required for building offline.

Building Ion Core

To build Ion Core (for Linux, OS X and Windows) just follow the steps under 'perform Gitian builds' in https://github.com/cevap/ion/blob/master/doc/release-process.md in the ion repository.

This may take some time as it will build all the dependencies needed for each descriptor. These dependencies will be cached after a successful build to avoid rebuilding them when possible.

At any time you can check the package installation and build progress with

tail -f var/install.log
tail -f var/build.log

Output from gbuild will look something like

Initialized empty Git repository in /home/gitianuser/gitian-builder/inputs/ion/.git/
remote: Counting objects: 57959, done.
remote: Total 57959 (delta 0), reused 0 (delta 0), pack-reused 57958
Receiving objects: 100% (57959/57959), 53.76 MiB | 484.00 KiB/s, done.
Resolving deltas: 100% (41590/41590), done.
From https://github.com/cevap/ion
... (new tags, new branch etc)
--- Building for trusty amd64 ---
Stopping target if it is up
Making a new image copy
stdin: is not a tty
Starting target
Checking if target is up
Preparing build environment
Updating apt-get repository (log in var/install.log)
Installing additional packages (log in var/install.log)
Grabbing package manifest
stdin: is not a tty
Creating build script (var/build-script)
lxc-start: Connection refused - inotify event with no name (mask 32768)
Running build script (log in var/build.log)

Building an alternative repository

If you want to do a test build of a pull on GitHub it can be useful to point the Gitian builder at an alternative repository, using the same descriptors and inputs.

For example:

URL=https://github.com/cevap/bitcoin.git
COMMIT=2014_03_windows_unicode_path
./bin/gbuild --commit ion=${COMMIT} --url ion=${URL} ../bitcoin/contrib/gitian-descriptors/gitian-linux.yml
./bin/gbuild --commit ion=${COMMIT} --url ion=${URL} ../bitcoin/contrib/gitian-descriptors/gitian-win.yml
./bin/gbuild --commit ion=${COMMIT} --url ion=${URL} ../bitcoin/contrib/gitian-descriptors/gitian-osx.yml

Building fully offline

For building fully offline including attaching signatures to unsigned builds, the detached-sigs repository and the bitcoin git repository with the desired tag must both be available locally, and then gbuild must be told where to find them. It also requires an apt-cacher-ng which is fully-populated but set to offline mode, or manually disabling gitian-builder's use of apt-get to update the VM build environment.

To configure apt-cacher-ng as an offline cacher, you will need to first populate its cache with the relevant files. You must additionally patch target-bin/bootstrap-fixup to set its apt sources to something other than plain archive.ubuntu.com: us.archive.ubuntu.com works.

So, if you use LXC:

export PATH="$PATH":/path/to/gitian-builder/libexec
export USE_LXC=1
cd /path/to/gitian-builder
./libexec/make-clean-vm --suite trusty --arch amd64

LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root apt-get update
LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root \
  -e DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -y install \
  $( sed -ne '/^packages:/,/[^-] .*/ {/^- .*/{s/"//g;s/- //;p}}' ../bitcoin/contrib/gitian-descriptors/*|sort|uniq )
LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root apt-get -q -y purge grub
LXC_ARCH=amd64 LXC_SUITE=trusty on-target -u root -e DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade

And then set offline mode for apt-cacher-ng:

/etc/apt-cacher-ng/acng.conf
[...]
Offlinemode: 1
[...]

service apt-cacher-ng restart

Then when building, override the remote URLs that gbuild would otherwise pull from the Gitian descriptors::

cd /some/root/path/
git clone https://github.com/cevap/ion-detached-sigs.git

BTCPATH=/some/root/path/bitcoin
SIGPATH=/some/root/path/bitcoin-detached-sigs

./bin/gbuild --url ion=${BTCPATH},signature=${SIGPATH} ../bitcoin/contrib/gitian-descriptors/gitian-win-signer.yml

Signing externally

If you want to do the PGP signing on another device, that's also possible; just define SIGNER as mentioned and follow the steps in the build process as normal.

gpg: skipped "cevap": secret key not available

When you execute gsign you will get an error from GPG, which can be ignored. Copy the resulting .assert files in gitian.sigs to your signing machine and do

    gpg --detach-sign ${VERSION}-linux/${SIGNER}/bitcoin-linux-build.assert
    gpg --detach-sign ${VERSION}-win/${SIGNER}/bitcoin-win-build.assert
    gpg --detach-sign ${VERSION}-osx-unsigned/${SIGNER}/bitcoin-osx-build.assert

This will create the .sig files that can be committed together with the .assert files to assert your Gitian build.

Uploading signatures

After building and signing you can push your signatures (both the .assert and .assert.sig files) to the cevap/gitian.sigs repository, or if that's not possible create a pull request. You can also mail the files to Wladimir (dev@i2pmail.org) and he will commit them.

ION coin Qt and Daemon Info

Builds

HOW TO: Compile iond Daemon from source

HOW TO: Compile the ION QT wallet on Ubuntu

Snapcraft installs

Install ION client in a snap

Upgrade

HOW TO: Upgrade to ION 5.0

ION Masternodes

ION Masternode FAQ

HOW TO: ION 5.0 Masternode Quickstart Guide

HOW TO: Setup ION 5.0 remote Masternode with Ubuntu remote and local QT wallet(DASH-Rebase)

ION coincore QT wallet ELECTRON MINING

Mining ION coin ELECTRON tokens with Proof of Work

ionomy Sharenodes

ionomy Zendesk hosted Sharenodes and dedicated Masternodes FAQ

ION Chain Token System

Atomic Token Protocol (ATP) Overview

ION Token system Basic Operations

UseCases tokens Create-New-Token

UseCases tokens Send-tokens

UseCases tokens Token-balance

UseCases tokens View-token-information

Testing ION tokens on regtest

UseCases regtest Start-regtest

UseCases regtest Access Token Management Key

ION Token group management

UseCases tokens Key-rotation-with-token-authorities

Create and distribute the XDM token according to the IEO

UseCases tokens Create-Management-Tokens

UseCases tokens Drop-token-mint-capability

UseCases tokens Find-token-authorities

General FAQ

How to backup my wallet and its data

How to: backup ION coin blockchain database

HOW TO: Export Private Keys from ION QT

HOW TO: Import private key to ION 3.0 Wallet

How to generate an onion privacy address

Multisend

User-Documentation

Accounts-Explained

ION-coin-Data-Directory

Raw-Transactions

Running-ION

Gitian

Gitian Building

Gitian-building-create-VM-Debian

Gitian-building-create-Debian-VMware

Gitian-building-create-VM-Fedora

Gitian-building-setup-Gitian-Debian

Gitian-building-setup-Gitian-Debian-Google-Console

Gitian-building-setup-Gitian-Debian-Google-Console-Create-instance-template

Gitian-building-setup-Gitian-Debian-Google-Console-Create-VM-from-template

Gitian-building-setup-Gitian-Fedora

Zerocoin

HOW TO: Convert Zerocoin xION to ION

How to: Backup and restore xION Zerocoin private seed

Developer-Documentation

API-Calls-List

API-Reference-JSON-RPC

Weekly Play to Win ION coin mobile gaming tournaments

How do I get involved

ionomy extra info

XDM DarkMatter IEO

ionomy Support Help Centre

ionomy web links and info

ION coin Technical Whitepaper

ion coin Bounty Procedures

ionomy Bounty Information

ionomy ION current events

Clone this wiki locally