zec
/
zcash-gitian
mirror of https://github.com/zcash/zcash-gitian.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #58 from charlieok/update_gitian_setup 

Update gitian setup
This commit is contained in:
Charlie O'Keefe 2019-03-29 09:34:39 -06:00 committed by GitHub
parent 9376172368 c84bad4d6e
commit b2f9de80b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 617 additions and 325 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.env.example Normal file
View File

@ -0,0 +1,4 @@
GPG_KEY_ID=3F14A629C06FA31D59C64FE93F0C2117D53A4A49
GPG_KEY_NAME=hpotter
ZCASH_GIT_REPO_URL=https://github.com/zcash/zcash
ZCASH_VERSION=v2.0.4

5
.envrc.example Normal file
View File

@ -0,0 +1,5 @@
source_up
dotenv
export GIT_NAME=`git config user.name`
export GIT_EMAIL=`git config user.email`

4
.gitignore vendored
View File

@ -1,4 +1,8 @@
.env
.envrc
.vagrant/*
*.swp
gitian.sigs/*
local/*
!local/README.md
zcash-binaries/*

329
README.md
View File

@ -21,7 +21,7 @@ If you're using one of the following platforms, see the linked instructions for
- [Debian 9.x](dependency_install_steps_by_platform/Debian_9.x.md)
- [Ubuntu 18.04.x](dependency_install_steps_by_platform/Ubuntu_18.04.x.md)
- [macOS 10.13.x](dependency_install_steps_by_platform/macOS_10.13.x.md)
- [macOS](dependency_install_steps_by_platform/macOS.md)
If you're not using one of the platforms that we have specific instructions for, this is the list of
@ -31,22 +31,9 @@ above!
- [Git](https://git-scm.com/)
- [VirtualBox](https://www.virtualbox.org/)
- [Vagrant](https://www.vagrantup.com/) 2.0.3 or higher
- [Ansible](https://www.ansible.com/) 2.4.x or higher
- [GnuPG](https://www.gnupg.org/) 2.x (2.11.18 or greater) and make sure it is callable via `gpg2`
## Install the `vagrant-disksize` plugin to support resize of the start up disk:
```
$ vagrant plugin install vagrant-disksize
```
Most recently tested 2019-02-13 with the following vagrant-disksize release:
```
$ vagrant plugin list
vagrant-disksize (0.1.3)
```
- [GnuPG](https://www.gnupg.org/) 2.x (2.11.18 or greater)
- [Python](https://www.python.org/) 3.x (with `venv` support in case that is packaged separately)
- [direnv](https://direnv.net/) (Optional/Recommended)
@ -75,8 +62,8 @@ $ git config user.email
hpotter@hogwarts.wiz
```
This is all the configuration needed for the steps below, but here is a good reference for further
reading on configuring git:
This is all the git configuration needed for the steps below, but here is a good reference for
further reading on configuring git:
https://git-scm.com/book/en/v2/Customizing-Git-Git-Configuration
@ -87,7 +74,7 @@ https://git-scm.com/book/en/v2/Customizing-Git-Git-Configuration
You can generate a keypair specifically for connecting to github like this:
```
$ ssh-keygen -t rsa -C "hpotter@hogwarts.wiz" -f ~/.ssh/github_id_rsa -N ''
$ ssh-keygen -t rsa -b 4096 -C "hpotter@hogwarts.wiz" -f ~/.ssh/github_id_rsa -N ''
Generating public/private rsa key pair.
Your identification has been saved in /Users/hpotter/.ssh/github_id_rsa.
Your public key has been saved in /Users/hpotter/.ssh/github_id_rsa.pub.
@ -159,20 +146,241 @@ $
## Clone this git project on your machine
From a location where you want to place your local clone of this repository (e.g. `~/Projects`)
```
$ git clone git@github.com:zcash/zcash-gitian.git
```
cd into the project repo
```
$ cd zcash-gitian
zcash-gitian
```
## Add git config values to gitian.yml
## Copy example environment configuration files
The `gitian.yml` file in the root of the project has some blank values that need to be updated or
filled in:
The files `.env.example` and `.envrc.example` are tracked in the repo as example configurations you
should be able to use to get started. The filenames `.env` and `.envrc` are `.gitignore`'d to allow
you to easily make local customizations that don't show up as untracked changes.
- `zcash_version`: The git tag name of the version of zcash you want to build
- `git_name`: You probably want the output from `git config user.name`
- `git_email`: You probably want the output from `git config user.email`
Note that `.envrc` is probably only useful if you are using `direnv`. If you're not, you can ignore
that file and the places below that talk about it, and use your preferred way of managing
environment variables instead.
```
zcash-gitian$ cp .env.example .env
zcash-gitian$ cp .envrc.example .envrc
direnv: error .envrc is blocked. Run `direnv allow` to approve its content.
zcash-gitian$
```
More on that above message in the following section...
## Enable auto-execution of .envrc
If you installed and activated `direnv`, it will detect when `.envrc` is created in your current
directory, as shown above. As a security precaution, it won't automatically run it without your
approval (to prevent untrusted code from doing something malicious). Let's take a look at what's in
the file:
```
zcash-gitian$ cat .envrc
source_up
dotenv
export GIT_NAME=`git config user.name`
export GIT_EMAIL=`git config user.email`
direnv: error .envrc is blocked. Run `direnv allow` to approve its content.
zcash-gitian$
```
Some explanation of the lines in the above `.envrc` file:
```
`source_up` Load any .envrc higher up in the folder structure. So if for
example you place an `.envrc` in your home directory, variables
set there will still be available within this project, rather
than being overridden by this project's `.envrc`.
`dotenv` Set the environment variables defined in `.env`. Think of
`.envrc` as code (it runs in a bash interpreter with some extra
functions added) and `.env` as data (you can basically just set
literal values, and each update to it doesn't require approval).
export GIT_NAME=`git config user.name`
export GIT_EMAIL=`git config user.email`
Use your local git configuration values for the name and email
that will be used to add build signatures inside the virtual
environment.
```
If you're ok with running `.envrc`, follow the directions in the prompt to allow it.
```
zcash-gitian$ echo $ZCASH_GIT_REPO_URL
direnv: error .envrc is blocked. Run `direnv allow` to approve its content.
zcash-gitian$ direnv allow
direnv: loading .envrc
direnv: export +GIT_EMAIL +GIT_NAME +GPG_KEY_ID +GPG_KEY_NAME +ZCASH_GIT_REPO_URL +ZCASH_VERSION
zcash-gitian$ echo $ZCASH_GIT_REPO_URL
https://github.com/zcash/zcash
zcash-gitian$
```
A variable defined in `.env` is now active in our environment. If we leave this project, it is
unloaded. When we return, it is reloaded:
```
zcash-gitian$ cd ..
direnv: unloading
$ echo $ZCASH_GIT_REPO_URL
$ cd zcash-gitian/
direnv: loading .envrc
direnv: export +GIT_EMAIL +GIT_NAME +GPG_KEY_ID +GPG_KEY_NAME +ZCASH_GIT_REPO_URL +ZCASH_VERSION
zcash-gitian$ echo $ZCASH_GIT_REPO_URL
https://github.com/zcash/zcash
zcash-gitian$
```
Project-specific environment settings will come in handy in the next step, when we'll create an
isolated python virtual environment specifically for use with this project.
## Create a python virtual environment for this project
Note: The main purpose of this part is to get a current version of ansible, and keep it locally
within this project. If you already installed ansible (e.g. from an OS package manager like apt),
you can skip this part and the following parts about pip and pip packages.
When creating a virtual environment, call the python executable you want the virtual environment to
use. The location and version will depend on your specific setup -- your OS may provide a suitably
current python interpreter, or you may have built and installed one yourself. If it's in your PATH,
a command like `type python3` should tell you where it is installed on your system. For example:
```
zcash-gitian$ type python3
python3 is /usr/local/bin/python3
zcash-gitian$ /usr/local/python3 --version
Python 3.7.2
```
We can use python's built-in `venv` module to create a virtual environment:
```
zcash-gitian$ /usr/local/bin/python3 -m venv local/python_v3.7.2_venv
```
Translation: "Create a virtual environment at ./local/python_v3.7.2_venv".
The project subdirectory `local` is `.gitignored` to provide a convenient location for files we
don't want to commit and track in version control.
You should now have a tree of directories and files in `local/python_v3.7.2_venv`:
```
zcash-gitian$ ls -F local/python_v3.7.2_venv/
bin/ include/ lib/ pyvenv.cfg
```
Inside the `bin` directory, among other things, are the entries `python` and `python3`, which are
symlinks that point back to the `python3` executable we used to create this environment:
```
zcash-gitian$ ls -F local/python_v3.7.2_venv/bin/
activate activate.fish easy_install-3.7* pip3* python@
activate.csh easy_install* pip* pip3.7* python3@
```
A python virtual environment is 'active' if the python interpreter being executed is run from its
path inside the environment's `bin` directory. Even though the file being executed is the same
whether run directly or via a symlink, it pays attention to the path of the command that was used to
run it.
An `activate` script is provided, and you can use that, but if you're using `direnv` you can set up
a simple automatic activation for the project directory by adding the following line to `.envrc`:
```
load_prefix local/python_v3.7.2_venv
```
The command `load_prefix` is provided by `direnv` to modify a whole set of common "path" variables
(including PATH) according to a common unix pattern.
Let's add that line now:
```
zcash-gitian$ echo "load_prefix local/python_v3.7.2_venv" >> .envrc
direnv: error .envrc is blocked. Run `direnv allow` to approve its content.
zcash-gitian$ direnv allow
direnv: loading .envrc
direnv: export +CPATH +GIT_EMAIL +GIT_NAME +GPG_KEY_ID +GPG_KEY_NAME +LD_LIBRARY_PATH +LIBRARY_PATH +MANPATH +PKG_CONFIG_PATH +ZCASH_GIT_REPO_URL +ZCASH_VERSION ~PATH
zcash-gitian$
```
When the content of `.envrc` is changed, it needs to be approved again (another security
precaution). Then, several variables were set or updated to add paths within our virtual environment
directory at the front (left side) of the list. Let's look at PATH and its effect on which `python`
locations we default to:
```
zcash-gitian$ echo $PATH
/Users/harrypotter/Projects/zcash-gitian/local/python_v3.7.2_venv/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
zcash-gitian$ type python
python is /Users/harrypotter/Projects/zcash-gitian/local/python_v3.7.2_venv/bin/python
zcash-gitian$ type python3
python3 is /Users/harrypotter/Projects/zcash-gitian/local/python_v3.7.2_venv/bin/python3
```
Since the `python` and `python3` commands will now run from the locations we've installed into our
project's virtual environment while we are in the project directory, we can consider the virtual
environment active when using a shell at (or below) that location.
## Upgrade pip
`pip` has a command to upgrade itself. Let's go ahead and run that:
```
zcash-gitian$ pip --version
pip 18.1 from /Users/harrypotter/Projects/zcash-gitian/local/python_v3.7.2_venv/lib/python3.7/site-packages/pip (python 3.7)
zcash-gitian$ pip install --upgrade pip
Collecting pip
[...]
Successfully installed pip-19.0.3
```
## Install pip packages
We have some dependencies to install as python packages, using the pip package manager installed
above. The set we need, with version numbers managed via git, is in `requirements-pip.lock`; we can
run `pip install` with that file as input:
```
zcash-gitian$ pip install --requirement requirements-pip.lock
```
Check that you can run `ansible` from the command line:
```
zcash-gitian$ ansible --version
ansible 2.7.9
[...]
zcash-gitian$
```
@ -182,7 +390,7 @@ You can generate a keypair specifically for zcash gitian builds with a command l
```
$ gpg2 --quick-generate-key --batch --passphrase '' "Harry Potter (zcash gitian) <hpotter@hogwarts.wiz>"
zcash-gitian$ gpg --quick-generate-key --batch --passphrase '' "Harry Potter (zcash gitian) <hpotter@hogwarts.wiz>"
gpg: key 3F0C2117D53A4A49 marked as ultimately trusted
gpg: directory '/home/hpotter/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/hpotter/.gnupg/openpgp-revocs.d/3F14A629C06FA31D59C64FE93F0C2117D53A4A49.rev'
@ -205,7 +413,7 @@ Some explanation of the arguments used in the above example:
You can check that the key was generated and added to your local gpg key database, and see its
fingerprint value, like this:
```
$ gpg2 --list-keys
zcash-gitian$ gpg --list-keys
/home/hpotter/.gnupg/pubring.kbx
----------------------------------
pub rsa2048 2018-04-23 [SC] [expires: 2020-04-22]
@ -214,14 +422,34 @@ uid [ultimate] Harry Potter (zcash gitian) <hpotter@hogwarts.wiz>
sub rsa2048 2018-04-23 [E]
```
Update the `gpg_key_id` and `gpg_key_name` entries in `gitian.yml` as follows:
Update your `GPG_KEY_ID` and `GPG_KEY_NAME` variables in `.env` as follows:
- `gpg_key_id`: In the example output shown here, this is the 40 character string
- `GPG_KEY_ID`: In the example output shown here, this is the 40 character string
`3F14A629C06FA31D59C64FE93F0C2117D53A4A49`. Some versions of gpg may truncate this value, e.g. to 8
or 16 characters. You should be able to use the truncated value.
- `gpg_key_name`: the part before the @ symbol of the associated email address. In our example
this is `hpotter`.
- `GPG_KEY_NAME`: This is passed as the '--signer' argument to Gitian, and used as the name of a
directory for your signatures in our `gitian.sigs` repository. We suggest using the username portion
of the email address associated with your GPG key. In our example this is `hpotter`.
## Install Vagrant plugins
This project uses some 3rd party Vagrant plugins. These dependencies are specified in `Vagrantfile`.
We can install them locally in the `.vagrant` directory with the following command:
```
zcash-gitian$ vagrant plugin install --local
```
## Configure the version of zcash you want to build and sign
Set the value of the `ZCASH_VERSION` variable in `.env` to point to the zcash commit you want to
create a signature for. Likely you want the name of a git tag, such as `v2.0.4`.
## Provision a virtual machine
@ -229,14 +457,12 @@ this is `hpotter`.
From the project root directory, run:
```
$ vagrant up --provision zcash-build
zcash-gitian$ vagrant up --provision zcash-build
```
This will provision a Gitian host virtual machine that uses a Linux container (LXC) guest to perform
the actual builds.
Use `git stash` to save one's local customizations to `gitian.yml`.
Load your ssh key into ssh-agent
--------------------------------
@ -247,13 +473,13 @@ This way, we don't need to copy ssh keys into the VM. You can verify that the ke
running `ssh-add -l`.
```
$ ssh-add -l
zcash-gitian$ ssh-add -l
The agent has no identities.
$ ssh-add ~/.ssh/github_id_rsa
zcash-gitian$ ssh-add ~/.ssh/github_id_rsa
Identity added: /home/hpotter/.ssh/github_id_rsa (/home/hpotter/.ssh/github_id_rsa)
$ ssh-add -l
zcash-gitian$ ssh-add -l
4096 SHA256:4fFdwJ71VIpF5cW0dqrsU7jxjctaFcAKmdQZPEqR0Y4 /home/hpotter/.ssh/github_id_rsa (RSA)
```
@ -264,7 +490,7 @@ SSH into the VM
Vagrant should now show that the new VM is in the 'running' state:
```
$ vagrant status
zcash-gitian$ vagrant status
Current machine states:
zcash-build running (virtualbox)
@ -280,14 +506,14 @@ ssh-add again to see that your forwarded key is available, and check that you ca
authenticate to github.
```
$ vagrant ssh zcash-build
zcash-gitian$ vagrant ssh zcash-build
[...]
# on the virtualbox vm
$ ssh-add -l
vagrant@zcash-build:~$ ssh-add -l
4096 d1:43:75:a7:95:65:9e:d4:8e:57:d8:98:58:7d:92:4c /home/hpotter/.ssh/github_id_rsa (RSA)
$ ssh -T git@github.com
vagrant@zcash-build:~$ ssh -T git@github.com
Warning: Permanently added the RSA host key for IP address '192.30.253.112' to the list of known hosts.
Hi harrypotter! You've successfully authenticated, but GitHub does not provide shell access.
```
@ -300,7 +526,7 @@ Once in a shell session in the VM, we're ready to run the gitian build.
```
# on the virtualbox vm
$ ./gitian-build.sh
vagrant@zcash-build:~$ ./gitian-build.sh
```
The output from `gbuild` is informative. There are some common warnings which can be ignored, e.g. if you get an intermittent privileges error related to LXC then just execute the script again. The most important thing is that one reaches the step which says `Running build script (log in var/build.log)`. If not, then something else is wrong and you should let us know.
@ -312,7 +538,18 @@ It's also a good idea to regularly `git pull` on this repository to obtain updat
Generating and uploading signatures
-----------------------------------
After the build successfully completes, the gitian command `gsign` will be called. Commit and push your signatures (both the .assert and .assert.sig files) to the [zcash/gitian.sigs](https://github.com/zcash/gitian.sigs) repository, or if that's not possible then create a pull request.
After the build successfully completes, the gitian command `gsign` will be called, which will
generate signatures, and a commit will be added. You can cd into the gitian.sigs directory, set the
repository to point to your fork of [zcash/gitian.sigs](https://github.com/zcash/gitian.sigs), push
your updates to a branch, and then make a pull request on github.
```
cd gitian.sigs
git remote rename origin upstream
git remote add origin git@github.com:harrypotter/zcash-gitian.git
git checkout -b v2.0.4
git push origin v2.0.4
```
Signatures can be verified by running `gitian-build.sh --verify`, but set `build=false` in the script to skip building. Run a `git pull` beforehand on `gitian.sigs` so you have the latest. The provisioning includes a task which imports Zcash developer public keys to the Vagrant user's keyring and sets them to ultimately trusted, but they can also be found at `contrib/gitian-downloader` within the Zcash source repository.
@ -335,10 +572,6 @@ Vagrant synced folders may also work natively with `vboxfs` if you install Virtu
Copying files
-------------
The easiest way to do it is with a plugin.
vagrant plugin install vagrant-scp
To copy files to the VM: `vagrant scp file_on_host.txt :file_on_vm.txt`
To copy files from the VM: `vagrant scp :file_on_vm.txt file_on_host.txt`

5
Vagrantfile vendored
View File

@ -2,6 +2,11 @@
# vi: set ft=ruby :
Vagrant.configure(2) do |config|
config.vagrant.plugins = {
"vagrant-disksize" => {"version" => "0.1.3"},
"vagrant-scp" => {"version" => "0.5.7"}
}
config.ssh.forward_agent = true
config.disksize.size = '16GB'
config.vm.define 'zcash-build', autostart: false do |gitian|

80
dependency_install_steps_by_platform/Debian_9.x.md
View File

@ -126,79 +126,59 @@ Vagrant 2.2.4
# Install pip (python package manager)
# Install venv support
We'll use this to install ansible, so we can be on a more current version of ansible than the one
Debian provides with its 'stretch' distribution.
`venv` is a python module used to create isolated project-specific environments, so that projects on
the same computer can each use their own version of the python executable and their own set of
installed python modules.
`python3-venv` is an `apt` package that includes support for using the `venv` python module.
```
sudo apt install python-pip
sudo apt install python3-venv
```
Most recently tested 2019-02-13 with the following pip release:
Most recently tested 2019-03-05 with the following python3-venv release:
```
$ pip --version
pip 9.0.1 from /usr/lib/python2.7/dist-packages (python 2.7)
$ dpkg --status python3-venv | grep Version
Version: 3.5.3-1
```
# Install ansible 2.4.x or higher
# Install direnv (Optional/Recommended)
This tool sets and unsets environment variables as you change directories in a shell session,
providing a convenient facility for setting up project-specific configuration.
```
pip install --user -U ansible
sudo apt install direnv
```
This will place an `ansible` executable in `~/.local/bin`, so add the following to `~/.bashrc`:
To activate direnv when starting bash (the default shell on Debian 9), add the following line to the
end of `~/.bashrc`:
```
# set PATH so it includes user's private .local/bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
eval "$(direnv hook bash)"
```
Then restart your shell or source .bashrc in your shell session:
direnv works by incorporating a call to `_direnv_hook` in the `PROMPT_COMMAND` shell variable. You
can check that this was done by starting a new bash session and checking whether that value is
present:
```
$ source .bashrc
$ echo $PROMPT_COMMAND
_direnv_hook;
```
Most recently tested 2019-02-13 with the following ansible release:
direnv also supports several other shells -- zsh, fish, tcsh, and elvish as of this writing. Its
website includes instructions for enabling each of the shells it supports.
Most recently tested 2019-03-21 with the following direnv release:
```
$ ansible --version
ansible 2.7.7
...
```
# Install GnuPG 2.x (2.1.18 or greater)
This is likely already installed and runnable via 'gpg'
```
$ gpg --version
gpg (GnuPG) 2.1.18
```
We want to be able to run it using the command 'gpg2'. For that we can install the gnupg2 package.
According to the description of that package, “This is a dummy transitional package that provides
symlinks from gpg2 to gpg.”
https://packages.debian.org/stretch/gnupg2
```
$ sudo apt install gnupg2
```
Most recently tested 2019-02-13 with the following GnuPG release:
```
$ gpg2 --version
gpg (GnuPG) 2.1.18
...
$ direnv --help
direnv v2.10.0
[...]
```

110
dependency_install_steps_by_platform/Ubuntu_18.04.x.md
View File

@ -2,46 +2,91 @@
This document assumes you are starting from a fresh install of Ubuntu in the 18.04.x series.
Most recently tested 2018-05-21 with the following ubuntu release:
## Install Git, VirtualBox, and rng-tools
```
$ lsb_release --description
Description: Ubuntu 18.04 LTS
$ sudo apt install git virtualbox rng-tools
```
## Install Git, VirtualBox, Ansible, GnuPG, and rng-tools
```
$ sudo apt install git virtualbox ansible gnupg2 rng-tools
```
## Install Vagrant 2.0.3 or higher
# Install Vagrant 2.0.3 or higher
As of this writing, the vagrant version that Ubuntu 18.04 uses is 2.0.2 so we suggest a later
release in the 2.0.x series.
```
$ wget https://releases.hashicorp.com/vagrant/2.0.4/vagrant_2.0.4_x86_64.deb
...
$ sudo apt install ./vagrant_2.0.4_x86_64.deb
...
$ dpkg --status vagrant
Package: vagrant
Status: install ok installed
...
$ rm ./vagrant_2.0.4_x86_64.deb
wget -c https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2.2.4_x86_64.deb
sudo dpkg -i vagrant_2.2.4_x86_64.deb
rm vagrant_2.2.4_x86_64.deb
```
Most recently tested 2019-03-26 with the following vagrant release:
```
$ vagrant --version
Vagrant 2.2.4
```
## Choice: Install Ansible via apt now or pip later
You can install ansible to a system-wide location using Ubuntu's apt tool, which will be a less
current version, with infrequent updates, or choose another method described later to install it via
a python package in a project-local virtual environment. The apt method is a bit easier, while the
python method is ansible's native distribution channel and will be more current and more frequently
updated.
If you choose the apt option, run this command:
```
$ sudo apt install ansible
```
If you choose the python/pip option, run this command:
```
$ sudo apt install python3-venv
```
# Install direnv (Optional/Recommended)
This tool sets and unsets environment variables as you change directories in a shell session,
providing a convenient facility for setting up project-specific configuration.
```
sudo apt install direnv
```
To activate direnv when starting bash (the default shell on Debian 9), add the following line to the
end of `~/.bashrc`:
```
eval "$(direnv hook bash)"
```
direnv works by incorporating a call to `_direnv_hook` in the `PROMPT_COMMAND` shell variable. You
can check that this was done by starting a new bash session and checking whether that value is
present:
```
$ echo $PROMPT_COMMAND
_direnv_hook;
```
direnv also supports several other shells -- zsh, fish, tcsh, and elvish as of this writing. Its
website includes instructions for enabling each of the shells it supports.
## Versions
Most recently tested 2018-05-21 with the following versions:
Most recently tested 2018-03-26 with the following versions:
### Ubuntu
@ -56,7 +101,7 @@ Description: Ubuntu 18.04 LTS
```
$ git --version
git version 2.17.0
git version 2.17.1
```
@ -64,7 +109,7 @@ git version 2.17.0
```
$ virtualbox --help
Oracle VM VirtualBox Manager 5.2.10_Ubuntu
Oracle VM VirtualBox Manager 5.2.18_Ubuntu
...
```
@ -74,21 +119,14 @@ Oracle VM VirtualBox Manager 5.2.10_Ubuntu
```
$ ansible --version
ansible 2.5.1
[...]
```
### GnuPG
### direnv
```
$ gpg2 --version
gpg (GnuPG) 2.2.4
...
```
### Vagrant
```
$ vagrant --version
Vagrant 2.0.4
$ direnv --help
direnv v2.15.0
[...]
```

179
dependency_install_steps_by_platform/macOS.md Normal file
View File

@ -0,0 +1,179 @@
# Dependency installation steps for macOS
This document assumes you are starting from a fresh install of macOS.
Most recently tested 2019-03-22 with the following macOS release:
```
$ sw_vers
ProductName: Mac OS X
ProductVersion: 10.14.3
BuildVersion: 18D109
```
## Make sure Git is installed
macOS includes git, so you should already have that. It may prompt you to set up developer tools if
you're using it for the first time.
Most recently tested 2019-03-22 with the following git release:
```
$ git --version
git version 2.17.2 (Apple Git-113)
```
## Install Homebrew
Homebrew's site gives a shell command to download and install it
https://brew.sh/
To update both the installed homebrew version and its list of formulae:
```
$ brew update
```
To upgrade software installed via brew:
```
$ brew upgrade <formula name>
```
Homebrew has a search page you can use to look up formula names: http://formulae.brew.sh/
Most recently tested 2019-03-22 with the following Homebrew release:
```
$ brew --version
Homebrew 2.0.5
Homebrew/homebrew-core (git revision b26ddf; last commit 2019-03-21)
Homebrew/homebrew-cask (git revision 8a0f5; last commit 2019-03-21)
```
That last line about "homebrew-cask" refers to a component that started as a separate plugin and now
comes with homebrew by default. The subcommand 'cask' can be used to manage the types of installs
mac users ordinarily do manually - the "drag to the applications folder" type and the "run an
installer" type.
We'll use both "brew" and "brew cask" install methods in the steps below.
## Install Virtualbox
This one may fail on the first attempt with a prompt to allow software signed by Oracle. After doing
that, the second attempt should succeed.
```
$ brew cask install virtualbox
```
Most recently tested 2019-03-22 with the following Virtualbox release:
```
$ virtualbox --help
Oracle VM VirtualBox VM Selector v6.0.4
```
## Install Vagrant
```
$ brew cask install vagrant
```
Most recently tested 2019-03-22 with the following Vagrant release:
```
$ vagrant --version
Vagrant 2.2.4
```
## Install GnuPG 2.x (2.11.18 or greater)
```
$ brew install gnupg
```
Most recently tested 2019-03-22 with the following GnuPG release:
```
$ gpg --version
gpg (GnuPG) 2.2.14
libgcrypt 1.8.4
[...]
```
## Install Python 3.x
Python 2.x is installed by default in macOS, but we want to be more current. Installing the 'python'
homebrew formula will get us python 3.x.
```
$ brew install python
```
This will install as the executable `python3`; running `python` will still get the macOS-managed
python version:
```
$ type python
python is /usr/bin/python
$ type python3
python3 is /usr/local/bin/python3
```
Most recently tested 2019-03-22 with the following Python release:
```
$ python3 --version
Python 3.7.2
```
# Install direnv (Optional/Recommended)
This tool sets and unsets environment variables as you change directories in a shell session,
providing a convenient facility for setting up project-specific configuration.
```
brew install direnv
```
To activate direnv when starting bash (the default shell on macOS), add the following line to the
end of `~/.profile`:
```
eval "$(direnv hook bash)"
```
direnv works by incorporating a call to `_direnv_hook` in the `PROMPT_COMMAND` shell variable. You
can check that this was done by starting a new bash session and checking whether that value is
present:
```
$ echo $PROMPT_COMMAND
_direnv_hook;
```
direnv also supports several other shells -- zsh, fish, tcsh, and elvish as of this writing. Its
website includes instructions for enabling each of the shells it supports.
Most recently tested 2019-03-22 with the following direnv release:
```
$ direnv --version
2.19.2
```

180
dependency_install_steps_by_platform/macOS_10.13.x.md
View File

@ -1,180 +0,0 @@
# Dependency installation steps for macOS 10.x (aka High Sierra)
This document assumes you are starting from a fresh install of macOS.
Most recently tested 2018-04-17 with the following macOS release:
```
$ sw_vers
ProductName: Mac OS X
ProductVersion: 10.13.4
BuildVersion: 17E199
```
## Make sure Git is installed
macOS includes git, so you should already have that. It may prompt you to set up developer tools if
you're using it for the first time.
Most recently tested 2018-04-17 with the following git release:
```
$ git --version
git version 2.15.1 (Apple Git-101)
```
## Install Homebrew
Homebrew's site gives a shell command to download and install it
https://brew.sh/
To update both the installed homebrew version and its list of formulae:
```
$ brew update
```
To upgrade software installed via brew:
```
$ brew upgrade <formula name>
```
Homebrew has a search page you can use to look up package names: http://formulae.brew.sh/
Most recently tested 2018-04-23 with the following Homebrew release:
```
$ brew --version
Homebrew 1.6.2
Homebrew/homebrew-core (git revision 2251; last commit 2018-04-23)
```
## Install Homebrew-Cask
Software projects offered as mac-specific downloads tend to come in one of two forms:
- a file users can drag into their Applications folder
- an installer application for users to execute
Homebrew-Cask is an extension to Homebrew designed to extend the benefits of package management to
this category of mac software.
Homebrew-Cask's site gives a shell command to download and install it: https://caskroom.github.io/
The same `brew update` command given above to update Homebrew will also update Homebrew-Cask.
To upgrade software installed via cask:
```
$ brew cask upgrade <cask-name>
```
To upgrade all installed casks:
```
$ brew cask upgrade
```
Homebrew Cask also has a search page for package names: https://caskroom.github.io/search
Most recently tested 2018-04-23 with the following Homebrew-Cask release:
```
$ brew cask --version
Homebrew-Cask 1.6.2
caskroom/homebrew-cask (git revision 5f4c5d; last commit 2018-04-23)
```
## Install Virtualbox
```
$ brew cask install virtualbox
```
Most recently tested 2018-04-23 with the following Virtualbox release:
```
$ virtualbox --help
Oracle VM VirtualBox Manager 5.2.10
...
```
## Install Vagrant
```
$ brew cask install vagrant
```
Most recently tested 2018-04-23 with the following Vagrant release:
```
$ vagrant --version
Vagrant 2.0.4
```
## Install Ansible
```
$ brew install ansible
```
Most recently tested 2018-04-23 with the following Ansible release:
```
$ ansible --version
ansible 2.5.1
...
```
## Install GnuPG 2.x (2.11.18 or greater)
```
$ brew install gnupg
```
Most recently tested 2018-04-23 with the following GnuPG release:
```
$ gpg --version
gpg (GnuPG) 2.2.6
```
## Make sure 'gpg2' can be called
As of this writing, we have ansible tasks that make calls to 'gpg2' while the gnupg homebrew package
installs the executable 'gpg'.
```
$ type gpg
gpg is /usr/local/bin/gpg
$ type gpg2
-bash: type: gpg2: not found
```
If this is still the case, a simple workaround option is to create a symlink from gpg2 to gpg:
```
$ ln -s /usr/local/bin/gpg /usr/local/bin/gpg2
$ gpg2 --version
gpg (GnuPG) 2.2.6
[...]
$
```
If you find that this issue has been resolved, please remove this step :)

12
gitian.yml
View File

@ -3,12 +3,12 @@
become: yes
hosts: localhost:zcash-build
vars:
zcash_git_repo_url: https://github.com/zcash/zcash
zcash_version: v1.0.8-1
gpg_key_name: ''
git_name: ''
git_email: ''
gpg_key_id: ''
zcash_git_repo_url: "{{ lookup('env','ZCASH_GIT_REPO_URL') }}"
zcash_version: "{{ lookup('env','ZCASH_VERSION') }}"
git_name: "{{ lookup('env','GIT_NAME') }}"
git_email: "{{ lookup('env','GIT_EMAIL') }}"
gpg_key_name: "{{ lookup('env','GPG_KEY_NAME') }}"
gpg_key_id: "{{ lookup('env','GPG_KEY_ID') }}"
roles:
- role: common
tags: common

8
local/README.md Normal file
View File

@ -0,0 +1,8 @@
local/
======
This directory is intended for content that is local to your work area, and
not intended to be tracked by version control.
This file is here to make git track the existence of this directory (git doesn't
track empty directories).

17
requirements-pip.lock Normal file
View File

@ -0,0 +1,17 @@
# Primary Dependencies
# (Packages we actually decided to include)
ansible==2.7.9
# Secondary Dependencies
# (pulled in by one or more of the above dependencies)
asn1crypto==0.24.0
bcrypt==3.1.6
cffi==1.12.2
cryptography==2.6.1
Jinja2==2.10
MarkupSafe==1.1.1
paramiko==2.4.2
pyasn1==0.4.5
pycparser==2.19
PyNaCl==1.3.0
PyYAML==5.1
six==1.12.0

6
roles/gitian/tasks/gpg.yml
View File

@ -1,12 +1,12 @@
---
- name: Check that the secret key exists.
local_action: "shell gpg2 --list-secret-keys --with-colons | grep {{ gpg_key_id }}"
local_action: "shell gpg --list-secret-keys --with-colons | grep {{ gpg_key_id }}"
become: no
ignore_errors: true
register: gpg_list_keys_result
- name: Export the GPG private key from the local keyring.
local_action: "command gpg2 --armor --export-secret-key {{ gpg_key_id }}"
local_action: "command gpg --armor --export-secret-key {{ gpg_key_id }}"
become: no
register: gpg_private_key
changed_when: false
@ -40,7 +40,7 @@
group: "{{ gitian_user }}"
- name: Import the GPG private key to the Vagrant user.
command: "gpg2 --import /tmp/{{ gpg_key_id }}.sec"
command: "gpg --import /tmp/{{ gpg_key_id }}.sec"
become_user: "{{ gitian_user }}"
when: gpg_list_keys_result.stdout != '' and gpg_private_key.stdout is defined
no_log: True

2
roles/gitian/templates/gitian-build.sh
View File

@ -19,7 +19,7 @@ proc=2
mem=3584
lxc=true
scriptName=$(basename -- "$0")
signProg="gpg2 --detach-sign"
signProg="gpg --detach-sign"
commitFiles=true
# Help Message

1
roles/gitian/templates/profile
View File

@ -21,7 +21,6 @@ if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
alias gpg='gpg2'
export DISTRO=debian
export SUITE=jessie
export ARCH=amd64