Backport osslsigncode 2.0 #3258
Conversation
The original osslsigncode project (https://sourceforge.net/projects/osslsigncode/) has been marked as abandonware, "This is now - and has been for a long while - abandonware. Feel free to create your own forks etc.". However, a fork at https://github.com/mtrojnar/osslsigncode has emerged that has incorporated theuni's patches, updated the tool to work with OpenSSL 1.1 and made other improvements. This commit switches the windows signer descriptor to use this new version of osslsigncode.
|
Thanks! Looks good and I agree that dropping dead dependencies before they disappear and switching to the active fork (which is included in official OS distros now bitcoin#16669 (comment)) is potentially a good thing. However this might cause some (trivial?) conflicts for our future backports. Thoughts @nmarley @codablock ? |
|
I'm fine with the minor merge conflicts in future backports. @charlesrocket you also have to backport bitcoin#17671 now |
|
I remember some issues building osslsigncode 2.0 on OSX because of the OpenSSL version I think -- will need to dive in again and see if those still exist. I'm fine as long as I'm able to get a version built on OSX which I can sign binaries with (and which the Gitian script can validate). I guess we could also do it on Linux (e.g. Codablock could sign) so shouldn't be any blocker now that I think of it... |
|
@nmarley the signing is happening inside Gitian, so it'd be strange if it fails on Mac but succeeds on Linux. It might have been related to Ubuntu inside Gitian being to old, which shouldn't be an issue now as we're on bionic now. I'd suggest merging this and then fixing upcoming build errors if we encounter them (we'll know pretty soon when creating v15 rc2) |
The osslsigncode is used for Windows codesigning, this is what I'm referring to. I'm transferring the bundle to my local Macbook and signing it using a custom compiled osslsigncode binary. Same with OSX codesigning, this is external to Gitian. https://github.com/dashpay/dash/blob/master/doc/release-process.md#next-steps |
|
I think the the problem with w/the previous version was that it had to link against OpenSSL 1.0 so had special instructions to build. I was able to build this w/no issues and now everything is caught up to OpenSSL 1.1 so there are no more worries about mismatched libssl versions. |
…3258) * build: use osslsigncode 2.0 in gitian The original osslsigncode project (https://sourceforge.net/projects/osslsigncode/) has been marked as abandonware, "This is now - and has been for a long while - abandonware. Feel free to create your own forks etc.". However, a fork at https://github.com/mtrojnar/osslsigncode has emerged that has incorporated theuni's patches, updated the tool to work with OpenSSL 1.1 and made other improvements. This commit switches the windows signer descriptor to use this new version of osslsigncode. * Fixed wget call in gitian-build.py Co-authored-by: Michael <[email protected]> Co-authored-by: willyk <[email protected]>
…3258) * build: use osslsigncode 2.0 in gitian The original osslsigncode project (https://sourceforge.net/projects/osslsigncode/) has been marked as abandonware, "This is now - and has been for a long while - abandonware. Feel free to create your own forks etc.". However, a fork at https://github.com/mtrojnar/osslsigncode has emerged that has incorporated theuni's patches, updated the tool to work with OpenSSL 1.1 and made other improvements. This commit switches the windows signer descriptor to use this new version of osslsigncode. * Fixed wget call in gitian-build.py Co-authored-by: Michael <[email protected]> Co-authored-by: willyk <[email protected]>
We use osslsigncode 2.0 already due to dashpay#3258 so this commit reverts backport of bitcoin#13782 (dashpay@619f7fb)
…-build" We use osslsigncode 2.0 already due to #3258 so this commit reverts backport of bitcoin#13782 (619f7fb)
…-build" We use osslsigncode 2.0 already due to dashpay#3258 so this commit reverts backport of bitcoin#13782 (619f7fb)
Better practice since https://sourceforge.net/projects/osslsigncode is dead. This PR backports bitcoin#16669.