The latest release of appimagetool bundles a new enough version of
mksquashfs. We had been building a fork of mksquashfs but all the
relevant patches there had been upstreamed.
Note: we still need a wrapper when calling mksquashfs, as appimagetool
calls it with "-mkfs-time 0" and we have the SOURCE_DATE_EPOCH env var
set; and these two would conflict.
Two ways to fix: either unset SOURCE_DATE_EPOCH for that context, or
build a wrapper that removes the "-mkfs-time 0". The former would be
cleaner but for some reason I did not manage to build reproducibly
that way. The latter seems to work.
related:
- https://github.com/AppImage/AppImageKit/issues/929#issuecomment-580769875
> Now official squashfs 4.4 makes reproducible images by default
- https://github.com/AppImage/AppImageKit/pull/996
-----
closes https://github.com/spesmilo/electrum/issues/6936
Note: if we used the python crowdin client (https://github.com/crowdin/crowdin-api-client-python),
we would do something like this:
```
from crowdin_api import CrowdinClient
class MyCrowdinClient(CrowdinClient):
TOKEN = ...
client = MyCrowdinClient()
with open(locale_file_name, 'rb') as f:
resp = client.storages.add_storage(f)
storage_id = resp['data']['id']
client.source_files.update_file(projectId=crowdin_project_id, storageId=storage_id, fileId=crowdin_file_id)
client.translations.build_crowdin_project_translation(projectId=crowdin_project_id)
```
- added notes about reproducibility requirements
- adapted build scripts from Bitcoin Core that can
- extract signatures from a signed .app
- apply previously extracted signatures to an unsigned .app
Turns out the Xcode CLI tools are still not enough, and we need full Xcode :(
This is only for notarization; as `altool` (which we need there) is only part
of full Xcode. So we need to download 8 gigs just for that single script...
related c1dbcab9bb
When the monkey-patch was added, we were building pyinstaller onefile
binaries; but since then we changed to build pyinstaller onedir binaries
instead. So I believe there are no embedded files inside the main executable
anymore, so doing `codesign --deep *.app` (near the end of make_osx)
should be sufficient.
for sanity...
re touching these files: not sure they are really needed
(but the ~/Library/Python/ and ~/.pyenv folders are no longer there
on the build machine)
The .pyc files would get created when a .py module is imported,
which is done during the build for some source files by pyinstaller
(when it analyses imports).
I considered setting PYTHONDONTWRITEBYTECODE=1 in build_tools_util.sh,
to apply to all builds, but am not sure how it would affect the Android build,
where we actually want .pyc files included in the apk.
