AaronFiore/electrum
1
0
Fork 0
Code Activity
Files
0e7b7624fb98cced80c8b7b2c0728532b720174f
electrum/contrib/build-wine
History
SomberNight 0e7b7624fb win build: bump wine 6.0.2->7.0.0.0 to fix installing python 
with wine 6.0.2 and 6.0.3, cpython 3.9.11 fails to install (but cpython 3.9.10 worked)
```
010c:err:virtual:virtual_setup_exception stack overflow 1220 bytes in thread 010c addr 0x7bc6713d stack 0x440b3c (0x440000-0x441000-0x640000)
🗯 ERROR: wine msiexec failed for dev.msi
🗯 ERROR: prepare-wine failed
```

-----

btw, related note:
After changing the Dockerfile, building the docker image from cache failed. Setting ELECBUILD_NOCACHE=1 fixed it:
```
E: Could not configure 'libc6:i386'.
E: Could not perform immediate configuration on 'libgcc-s1:i386'. Please see man 5 apt.conf under APT::Immediate-Configure for details. (2)

$ ELECBUILD_NOCACHE=1 ./contrib/build-wine/build.sh
```
2022-03-20 17:15:58 +01:00
..
gpg_keys
build-wine: don't use gpg keyservers
2019-07-01 18:01:14 +02:00
build-electrum-git.sh
build: rm need for sudo in most places; and do not run as root
2022-03-03 19:24:18 +01:00
build.sh
build: rm need for sudo in most places; and do not run as root
2022-03-03 19:24:18 +01:00
deterministic.spec
qt: qrreader: keep both old and new toolchain; try to abstract it away
2021-06-25 16:52:02 +02:00
Dockerfile
win build: bump wine 6.0.2->7.0.0.0 to fix installing python
2022-03-20 17:15:58 +01:00
electrum.nsi
qt+android: add lightning URI support
2021-07-30 08:44:15 +02:00
make_win.sh
build: rm need for sudo in most places; and do not run as root
2022-03-03 19:24:18 +01:00
prepare-wine.sh
win build: bump wine 6.0.2->7.0.0.0 to fix installing python
2022-03-20 17:15:58 +01:00
README.md
contrib: add docker_notes.md
2022-03-03 19:24:22 +01:00
sign.sh
binaries: use sha256 instead of sha1 for Windows native signing scheme
2020-06-24 20:23:06 +02:00
unsign.sh
build: extend release.sh so that all builders can use it
2021-06-21 19:29:56 +02:00

README.md

Windows binaries

These binaries should be reproducible, meaning you should be able to generate binaries that match the official releases.

This assumes an Ubuntu (x86_64) host, but it should not be too hard to adapt to another similar system.

  1. Install Docker

    See contrib/docker_notes.md.

    Note: older versions of Docker might not work well (see #6971). If having problems, try to upgrade to at least docker 20.10.

  2. Build Windows binaries

    $ ./build.sh

    If you want reproducibility, try instead e.g.:

    $ ELECBUILD_COMMIT=HEAD ELECBUILD_NOCACHE=1 ./build.sh

  3. The generated binaries are in ./contrib/build-wine/dist.

Code Signing

Electrum Windows builds are signed with a Microsoft Authenticode™ code signing certificate in addition to the GPG-based signatures.

The advantage of using Authenticode is that Electrum users won't receive a Windows SmartScreen warning when starting it.

The release signing procedure involves a signer (the holder of the certificate/key) and one or multiple trusted verifiers:

Signer Verifier
Build .exe files using make_win.sh
Sign .exe with ./sign.sh
Upload signed files to download server
Build .exe files using make_win.sh
Compare files using unsign.sh
Sign .exe file using gpg -b
Signer and verifiers:
Upload signatures to 'electrum-signatures' repo, as $version/$filename.$builder.asc

Verify Integrity of signed binary

Every user can verify that the official binary was created from the source code in this repository. To do so, the Authenticode signature needs to be stripped since the signature is not reproducible.

This procedure removes the differences between the signed and unsigned binary:

  1. Remove the signature from the signed binary using osslsigncode or signtool.
  2. Set the COFF image checksum for the signed binary to 0x0. This is necessary because pyinstaller doesn't generate a checksum.
  3. Append null bytes to the unsigned binary until the byte count is a multiple of 8.

The script unsign.sh performs these steps.

View Git Blame Copy Permalink