AaronFiore/electrum
1
0
Fork 0
Code Activity
Files
0e2d147afd9dbc76698948cfbc4e481536a2b8f1
electrum/contrib/build-wine
History
SomberNight 0e2d147afd windows build: fix build.sh "cp" cmd 
was exiting with non-zero error code due to trying to copy directory

```
9cf9cdda331b565dd95b105d3fe987beefa113ac2c594d83783998017ad52d70  dist/electrum-4.1.4-16-g648fac709-portable.exe
020ceacb3a6fc5986d3ec271985c22c8646d2bb534536b8e2ab774924b21d58f  dist/electrum-4.1.4-16-g648fac709-setup.exe
e65dbbe24fe01e8635d4def088667e65d4e9763e2ab74cbc1aec616b3f2834bc  dist/electrum-4.1.4-16-g648fac709.exe
💬 INFO:  Done.
cp: -r not specified; omitting directory '/home/user/wspace/electrum/contrib/build-wine/../../contrib/build-wine/fresh_clone/electrum/contrib/build-wine/dist/electrum'
```
2021-06-21 19:29:52 +02:00
..
gpg_keys
build-wine: don't use gpg keyservers
2019-07-01 18:01:14 +02:00
build-electrum-git.sh
build: clarify which locale files are included
2021-03-31 17:00:39 +02:00
build.sh
windows build: fix build.sh "cp" cmd
2021-06-21 19:29:52 +02:00
deterministic.spec
Minor style changes
2021-03-21 00:36:23 -04:00
Dockerfile
windows build: update gnupg(2.2.19-3ubuntu2.1) (#7030)
2021-02-16 23:27:29 +00:00
electrum.nsi
icons: instead of symlinks, just mv "icons" dir
2019-02-07 20:01:52 +01:00
make_win.sh
build: rename some scripts
2021-06-18 16:29:03 +02:00
prepare-wine.sh
binaries: bump python version
2021-03-13 16:52:19 +01:00
README.md
build: try to consolidate instructions and decr codedupe in release.sh
2021-06-18 17:10:15 +02:00
sign.sh
binaries: use sha256 instead of sha1 for Windows native signing scheme
2020-06-24 20:23:06 +02:00
unsign.sh
build-wine/unsign.sh: allow using before files are uploaded publicly
2021-06-17 12:12:11 +02:00

README.md

Windows binaries

These binaries should be reproducible, meaning you should be able to generate binaries that match the official releases.

This assumes an Ubuntu (x86_64) host, but it should not be too hard to adapt to another similar system.

  1. Install Docker

    $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce

    Note: older versions of Docker might not work well (see #6971). If having problems, try to upgrade to at least docker 20.10.

  2. Build Windows binaries

    $ ./build.sh

    If you want reproducibility, try instead e.g.:

    $ ELECBUILD_COMMIT=HEAD ELECBUILD_NOCACHE=1 ./build.sh

  3. The generated binaries are in ./contrib/build-wine/dist.

Code Signing

Electrum Windows builds are signed with a Microsoft Authenticode™ code signing certificate in addition to the GPG-based signatures.

The advantage of using Authenticode is that Electrum users won't receive a Windows SmartScreen warning when starting it.

The release signing procedure involves a signer (the holder of the certificate/key) and one or multiple trusted verifiers:

Signer Verifier
Build .exe files using make_win.sh
Sign .exe with ./sign.sh
Upload signed files to download server
Build .exe files using make_win.sh
Compare files using unsign.sh
Sign .exe file using gpg -b
Signer and verifiers:
Upload signatures to 'electrum-signatures' repo, as $version/$filename.$builder.asc

Verify Integrity of signed binary

Every user can verify that the official binary was created from the source code in this repository. To do so, the Authenticode signature needs to be stripped since the signature is not reproducible.

This procedure removes the differences between the signed and unsigned binary:

  1. Remove the signature from the signed binary using osslsigncode or signtool.
  2. Set the COFF image checksum for the signed binary to 0x0. This is necessary because pyinstaller doesn't generate a checksum.
  3. Append null bytes to the unsigned binary until the byte count is a multiple of 8.

The script unsign.sh performs these steps.

View Git Blame Copy Permalink