Scripts and tools: gitian-build.py improvements and corrections #13998
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
e212ccb to
0131194
Compare
ken2812221
approved these changes
Sep 5, 2018
contrib/gitian-build.py
Outdated
| elif not args.kvm: | ||
| args.lxc = 'lxc' in args.virtualization | ||
| args.kvm = 'kvm' in args.virtualization | ||
| args.docker = 'docker' in args.virtualization |
There was a problem hiding this comment.
I think == would be better. To avoid lxckvm
contrib/gitian-build.py
Outdated
| programs += ['python-vm-builder', 'qemu-kvm', 'qemu-utils'] | ||
| elif args.docker: | ||
| programs += ['apt-cacher-ng', 'python-vm-builder', 'qemu-kvm', 'qemu-utils'] | ||
| if args.docker and not os.path.isfile('/lib/systemd/system/docker.service'): |
There was a problem hiding this comment.
I think elif is better here.
contrib/gitian-build.py
Outdated
| @@ -32,10 +32,10 @@ def setup(): | |||
| subprocess.check_call(['git', 'clone', 'https://github.com/bitcoin/bitcoin.git']) | |||
| os.chdir('gitian-builder') | |||
| make_image_prog = ['bin/make-base-vm', '--suite', 'bionic', '--arch', 'amd64'] | |||
| if args.lxc: | |||
| make_image_prog += ['--lxc'] | |||
| if args.docker: | |||
maflcko
reviewed
Sep 5, 2018
contrib/gitian-build.py
Outdated
| parser.add_argument('-k', '--kvm', action='store_true', dest='kvm', help='Use KVM instead of LXC') | ||
| parser.add_argument('-d', '--docker', action='store_true', dest='docker', help='Use Docker instead of LXC') | ||
| parser.add_argument('-S', '--setup', action='store_true', dest='setup', help='Set up the Gitian building environment. Uses LXC. If you want to use KVM, use the --kvm option. Only works on Debian-based systems (Ubuntu, Debian)') | ||
| parser.add_argument('-V', '--virtualization', dest='virtualization', default='lxc', help='Specify virtualization technology to use: lxc for LXC, kvm for KVM, docker for Docker. Default is %(default)s') |
There was a problem hiding this comment.
Just noting that external documentation would have to be updated to reflect this change.
There was a problem hiding this comment.
All related documentation which describes this script options is located in the https://github.com/bitcoin-core/docs repository. Therefore, IMO, there is nothing to add to this PR regarding docs.
Or did I miss something?
I'll submit an appropriate PR to the https://github.com/bitcoin-core/docs repository in a timely manner.
There was a problem hiding this comment.
This can be achieved without a breaking change via
args.lxc = not args.kvm and not args.docker
c45cf0b to
a2b1d10
Compare
|
@ken2812221 Thank you for your review.
All nits are fixed and commits are squashed. |
a2b1d10 to
bc4ca46
Compare
bc4ca46 to
be88ede
Compare
|
Rebased. |
|
re-utACK be88ede |
|
@fanquake May I ask you to restart travis against this PR? |
|
utACK dbd217be69ab6453f0adeb52cbacdace78406a45 |
maflcko
reviewed
Nov 2, 2018
contrib/gitian-build.py
Outdated
| print('\nVerifying v'+args.version+' Signed MacOS\n') | ||
| subprocess.check_call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-osx-signed', '../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml']) | ||
| subprocess.call(['bin/gverify', '-v', '-d', '../gitian.sigs/', '-r', args.version+'-osx-signed', '../bitcoin/contrib/gitian-descriptors/gitian-osx-signer.yml']) |
There was a problem hiding this comment.
Why should this not fail if there is a mismatch?
There was a problem hiding this comment.
The gitian-builder/bin/gverify script returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design.
From the Python docs:
If the return code was zero then return, otherwise raise CalledProcessError.
Wait for command to complete, then return the returncode attribute.
There was a problem hiding this comment.
I understand that by this change the return code is ignored, but I'd like to understand why.
If the signatures are bad or the hashes mismatch, the verification should fail.
There was a problem hiding this comment.
I mean script fails. You cannot see the result of verifying of the signatures that remain.
With this commit script will not fail and you will see the results for all signatures.
There was a problem hiding this comment.
Fine, if you want to print the result for all signatures, but please don't change the behaviour (fail on non-zero exit code) of the script.
dbd217b to
710a636
Compare
|
@MarcoFalke Thank you for your review.
Fixed. Would you mind re-reviewing? |
The Docker does not depend on apt-cacher-ng package. Do not try to install the Docker if docker.service is detected on the system (e.g., the Docker was installed manually). Also small style corrections were applied.
This prevents the setting of more than one environment variable for the gitian-builder (e.g., USE_LXC being set shadows USE_DOCKER; for details see gitian-builder/libexec/make-clean-vm).
The gitian-builder/bin/gverify script returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design. This commit allows to see the verification results for all signatures without a premature fail of the gitian-build.py script.
|
Rebased.
Dropped new Also "do not warn about macOS build on setup" feature dropped in favor of #15236. Commit messages have been brushed. |
|
@Sjors |
maflcko
pushed a commit
that referenced
this pull request
May 20, 2019
…rections 0f22a0c Fix gitian-build.py --verify option (Hennadii Stepanov) 4c56a79 Set/unset USE_LXC, USE_VBOX, USE_DOCKER explicitly (Hennadii Stepanov) cbbd988 Fix Docker related issues for gitian-build.py (Hennadii Stepanov) Pull request description: 1. The Docker does not depend on `apt-cacher-ng` package. Ref: #14002. 2. Do not try to install the Docker if `docker.service` is detected on the system (e.g., the Docker was installed manually). Fix #13623 (comment) by **Sjors**. 3. Prevent the setting of more than one environment variable for the `gitian-builder` (an alternative to #13999). E.g., USE_LXC being set shadows USE_DOCKER; for details see [`gitian-builder/libexec/make-clean-vm`](https://github.com/devrandom/gitian-builder/blob/93a62c7d7d018c66c02a19bac3d751144043cfec/libexec/make-clean-vm#L7): ```sh VMSW=KVM if [ -n "$USE_LXC" ]; then VMSW=LXC elif [ -n "$USE_VBOX" ]; then VMSW=VBOX elif [ -n "$USE_DOCKER" ]; then VMSW=DOCKER fi ``` 4. The [`gitian-builder/bin/gverify`](https://github.com/devrandom/gitian-builder/blob/master/bin/gverify) script returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design. This PR allows to see the verification results for all signatures without a premature fail of the `gitian-build.py` script. Ref: #14014. ACKs for commit 0f22a0: Tree-SHA512: 55f8a5cffa20d0c745f51a687f3199cea015fa616e56a0aee4c25b5ca0985036c61e8cf1922515338d8c6a85f873674ebe7a9a56a5069d65a187e383150f1a83
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
May 20, 2019
…and corrections 0f22a0c Fix gitian-build.py --verify option (Hennadii Stepanov) 4c56a79 Set/unset USE_LXC, USE_VBOX, USE_DOCKER explicitly (Hennadii Stepanov) cbbd988 Fix Docker related issues for gitian-build.py (Hennadii Stepanov) Pull request description: 1. The Docker does not depend on `apt-cacher-ng` package. Ref: bitcoin#14002. 2. Do not try to install the Docker if `docker.service` is detected on the system (e.g., the Docker was installed manually). Fix bitcoin#13623 (comment) by **Sjors**. 3. Prevent the setting of more than one environment variable for the `gitian-builder` (an alternative to bitcoin#13999). E.g., USE_LXC being set shadows USE_DOCKER; for details see [`gitian-builder/libexec/make-clean-vm`](https://github.com/devrandom/gitian-builder/blob/93a62c7d7d018c66c02a19bac3d751144043cfec/libexec/make-clean-vm#L7): ```sh VMSW=KVM if [ -n "$USE_LXC" ]; then VMSW=LXC elif [ -n "$USE_VBOX" ]; then VMSW=VBOX elif [ -n "$USE_DOCKER" ]; then VMSW=DOCKER fi ``` 4. The [`gitian-builder/bin/gverify`](https://github.com/devrandom/gitian-builder/blob/master/bin/gverify) script returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design. This PR allows to see the verification results for all signatures without a premature fail of the `gitian-build.py` script. Ref: bitcoin#14014. ACKs for commit 0f22a0: Tree-SHA512: 55f8a5cffa20d0c745f51a687f3199cea015fa616e56a0aee4c25b5ca0985036c61e8cf1922515338d8c6a85f873674ebe7a9a56a5069d65a187e383150f1a83
maflcko
pushed a commit
that referenced
this pull request
May 20, 2019
e0eae1b Make --setup command independent (Hennadii Stepanov) Pull request description: This PR allows a user to run: ```sh ./gitian-build.py --setup ``` without unused `signer` and `version` options. In master the `signer` and `version` options are mandatory. This implies the following code is dead: https://github.com/bitcoin/bitcoin/blob/387eb5b34307448f16d3769ac0245c4e3d996a38/contrib/gitian-build.py#L192-L200 This PR fixes those lines of code. Also this PR has a nice side effect: there is no more warnings about macOS build during processing `--setup` command. Ref: #13998 (comment) Note: https://github.com/bitcoin-core/docs/blob/master/gitian-building.md will be updated when this PR is merged. ACKs for commit e0eae1: Tree-SHA512: df851fe461e402229c57b410f30f1d8bc816e8a2600ece4249aa39c763566de5b661e7aa0af171d484727eb463a6d0e10cfcf459aa60ae1a5d4e12974a8615c6
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Sep 1, 2021
…and corrections 0f22a0c Fix gitian-build.py --verify option (Hennadii Stepanov) 4c56a79 Set/unset USE_LXC, USE_VBOX, USE_DOCKER explicitly (Hennadii Stepanov) cbbd988 Fix Docker related issues for gitian-build.py (Hennadii Stepanov) Pull request description: 1. The Docker does not depend on `apt-cacher-ng` package. Ref: bitcoin#14002. 2. Do not try to install the Docker if `docker.service` is detected on the system (e.g., the Docker was installed manually). Fix bitcoin#13623 (comment) by **Sjors**. 3. Prevent the setting of more than one environment variable for the `gitian-builder` (an alternative to bitcoin#13999). E.g., USE_LXC being set shadows USE_DOCKER; for details see [`gitian-builder/libexec/make-clean-vm`](https://github.com/devrandom/gitian-builder/blob/93a62c7d7d018c66c02a19bac3d751144043cfec/libexec/make-clean-vm#L7): ```sh VMSW=KVM if [ -n "$USE_LXC" ]; then VMSW=LXC elif [ -n "$USE_VBOX" ]; then VMSW=VBOX elif [ -n "$USE_DOCKER" ]; then VMSW=DOCKER fi ``` 4. The [`gitian-builder/bin/gverify`](https://github.com/devrandom/gitian-builder/blob/master/bin/gverify) script returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design. This PR allows to see the verification results for all signatures without a premature fail of the `gitian-build.py` script. Ref: bitcoin#14014. ACKs for commit 0f22a0: Tree-SHA512: 55f8a5cffa20d0c745f51a687f3199cea015fa616e56a0aee4c25b5ca0985036c61e8cf1922515338d8c6a85f873674ebe7a9a56a5069d65a187e383150f1a83
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Sep 2, 2021
…and corrections 0f22a0c Fix gitian-build.py --verify option (Hennadii Stepanov) 4c56a79 Set/unset USE_LXC, USE_VBOX, USE_DOCKER explicitly (Hennadii Stepanov) cbbd988 Fix Docker related issues for gitian-build.py (Hennadii Stepanov) Pull request description: 1. The Docker does not depend on `apt-cacher-ng` package. Ref: bitcoin#14002. 2. Do not try to install the Docker if `docker.service` is detected on the system (e.g., the Docker was installed manually). Fix bitcoin#13623 (comment) by **Sjors**. 3. Prevent the setting of more than one environment variable for the `gitian-builder` (an alternative to bitcoin#13999). E.g., USE_LXC being set shadows USE_DOCKER; for details see [`gitian-builder/libexec/make-clean-vm`](https://github.com/devrandom/gitian-builder/blob/93a62c7d7d018c66c02a19bac3d751144043cfec/libexec/make-clean-vm#L7): ```sh VMSW=KVM if [ -n "$USE_LXC" ]; then VMSW=LXC elif [ -n "$USE_VBOX" ]; then VMSW=VBOX elif [ -n "$USE_DOCKER" ]; then VMSW=DOCKER fi ``` 4. The [`gitian-builder/bin/gverify`](https://github.com/devrandom/gitian-builder/blob/master/bin/gverify) script returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design. This PR allows to see the verification results for all signatures without a premature fail of the `gitian-build.py` script. Ref: bitcoin#14014. ACKs for commit 0f22a0: Tree-SHA512: 55f8a5cffa20d0c745f51a687f3199cea015fa616e56a0aee4c25b5ca0985036c61e8cf1922515338d8c6a85f873674ebe7a9a56a5069d65a187e383150f1a83
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Sep 2, 2021
…and corrections 0f22a0c Fix gitian-build.py --verify option (Hennadii Stepanov) 4c56a79 Set/unset USE_LXC, USE_VBOX, USE_DOCKER explicitly (Hennadii Stepanov) cbbd988 Fix Docker related issues for gitian-build.py (Hennadii Stepanov) Pull request description: 1. The Docker does not depend on `apt-cacher-ng` package. Ref: bitcoin#14002. 2. Do not try to install the Docker if `docker.service` is detected on the system (e.g., the Docker was installed manually). Fix bitcoin#13623 (comment) by **Sjors**. 3. Prevent the setting of more than one environment variable for the `gitian-builder` (an alternative to bitcoin#13999). E.g., USE_LXC being set shadows USE_DOCKER; for details see [`gitian-builder/libexec/make-clean-vm`](https://github.com/devrandom/gitian-builder/blob/93a62c7d7d018c66c02a19bac3d751144043cfec/libexec/make-clean-vm#L7): ```sh VMSW=KVM if [ -n "$USE_LXC" ]; then VMSW=LXC elif [ -n "$USE_VBOX" ]; then VMSW=VBOX elif [ -n "$USE_DOCKER" ]; then VMSW=DOCKER fi ``` 4. The [`gitian-builder/bin/gverify`](https://github.com/devrandom/gitian-builder/blob/master/bin/gverify) script returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design. This PR allows to see the verification results for all signatures without a premature fail of the `gitian-build.py` script. Ref: bitcoin#14014. ACKs for commit 0f22a0: Tree-SHA512: 55f8a5cffa20d0c745f51a687f3199cea015fa616e56a0aee4c25b5ca0985036c61e8cf1922515338d8c6a85f873674ebe7a9a56a5069d65a187e383150f1a83
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Sep 2, 2021
…and corrections 0f22a0c Fix gitian-build.py --verify option (Hennadii Stepanov) 4c56a79 Set/unset USE_LXC, USE_VBOX, USE_DOCKER explicitly (Hennadii Stepanov) cbbd988 Fix Docker related issues for gitian-build.py (Hennadii Stepanov) Pull request description: 1. The Docker does not depend on `apt-cacher-ng` package. Ref: bitcoin#14002. 2. Do not try to install the Docker if `docker.service` is detected on the system (e.g., the Docker was installed manually). Fix bitcoin#13623 (comment) by **Sjors**. 3. Prevent the setting of more than one environment variable for the `gitian-builder` (an alternative to bitcoin#13999). E.g., USE_LXC being set shadows USE_DOCKER; for details see [`gitian-builder/libexec/make-clean-vm`](https://github.com/devrandom/gitian-builder/blob/93a62c7d7d018c66c02a19bac3d751144043cfec/libexec/make-clean-vm#L7): ```sh VMSW=KVM if [ -n "$USE_LXC" ]; then VMSW=LXC elif [ -n "$USE_VBOX" ]; then VMSW=VBOX elif [ -n "$USE_DOCKER" ]; then VMSW=DOCKER fi ``` 4. The [`gitian-builder/bin/gverify`](https://github.com/devrandom/gitian-builder/blob/master/bin/gverify) script returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design. This PR allows to see the verification results for all signatures without a premature fail of the `gitian-build.py` script. Ref: bitcoin#14014. ACKs for commit 0f22a0: Tree-SHA512: 55f8a5cffa20d0c745f51a687f3199cea015fa616e56a0aee4c25b5ca0985036c61e8cf1922515338d8c6a85f873674ebe7a9a56a5069d65a187e383150f1a83
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Sep 2, 2021
…and corrections 0f22a0c Fix gitian-build.py --verify option (Hennadii Stepanov) 4c56a79 Set/unset USE_LXC, USE_VBOX, USE_DOCKER explicitly (Hennadii Stepanov) cbbd988 Fix Docker related issues for gitian-build.py (Hennadii Stepanov) Pull request description: 1. The Docker does not depend on `apt-cacher-ng` package. Ref: bitcoin#14002. 2. Do not try to install the Docker if `docker.service` is detected on the system (e.g., the Docker was installed manually). Fix bitcoin#13623 (comment) by **Sjors**. 3. Prevent the setting of more than one environment variable for the `gitian-builder` (an alternative to bitcoin#13999). E.g., USE_LXC being set shadows USE_DOCKER; for details see [`gitian-builder/libexec/make-clean-vm`](https://github.com/devrandom/gitian-builder/blob/93a62c7d7d018c66c02a19bac3d751144043cfec/libexec/make-clean-vm#L7): ```sh VMSW=KVM if [ -n "$USE_LXC" ]; then VMSW=LXC elif [ -n "$USE_VBOX" ]; then VMSW=VBOX elif [ -n "$USE_DOCKER" ]; then VMSW=DOCKER fi ``` 4. The [`gitian-builder/bin/gverify`](https://github.com/devrandom/gitian-builder/blob/master/bin/gverify) script returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design. This PR allows to see the verification results for all signatures without a premature fail of the `gitian-build.py` script. Ref: bitcoin#14014. ACKs for commit 0f22a0: Tree-SHA512: 55f8a5cffa20d0c745f51a687f3199cea015fa616e56a0aee4c25b5ca0985036c61e8cf1922515338d8c6a85f873674ebe7a9a56a5069d65a187e383150f1a83
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Sep 2, 2021
…and corrections 0f22a0c Fix gitian-build.py --verify option (Hennadii Stepanov) 4c56a79 Set/unset USE_LXC, USE_VBOX, USE_DOCKER explicitly (Hennadii Stepanov) cbbd988 Fix Docker related issues for gitian-build.py (Hennadii Stepanov) Pull request description: 1. The Docker does not depend on `apt-cacher-ng` package. Ref: bitcoin#14002. 2. Do not try to install the Docker if `docker.service` is detected on the system (e.g., the Docker was installed manually). Fix bitcoin#13623 (comment) by **Sjors**. 3. Prevent the setting of more than one environment variable for the `gitian-builder` (an alternative to bitcoin#13999). E.g., USE_LXC being set shadows USE_DOCKER; for details see [`gitian-builder/libexec/make-clean-vm`](https://github.com/devrandom/gitian-builder/blob/93a62c7d7d018c66c02a19bac3d751144043cfec/libexec/make-clean-vm#L7): ```sh VMSW=KVM if [ -n "$USE_LXC" ]; then VMSW=LXC elif [ -n "$USE_VBOX" ]; then VMSW=VBOX elif [ -n "$USE_DOCKER" ]; then VMSW=DOCKER fi ``` 4. The [`gitian-builder/bin/gverify`](https://github.com/devrandom/gitian-builder/blob/master/bin/gverify) script returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design. This PR allows to see the verification results for all signatures without a premature fail of the `gitian-build.py` script. Ref: bitcoin#14014. ACKs for commit 0f22a0: Tree-SHA512: 55f8a5cffa20d0c745f51a687f3199cea015fa616e56a0aee4c25b5ca0985036c61e8cf1922515338d8c6a85f873674ebe7a9a56a5069d65a187e383150f1a83
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The Docker does not depend on
apt-cacher-ngpackage. Ref: Scripts and tools: fixed Docker dependencies #14002.Do not try to install the Docker if
docker.serviceis detected on the system (e.g., the Docker was installed manually). Fix Migrate gitian-build.sh to python #13623 (comment) by Sjors.Prevent the setting of more than one environment variable for the
gitian-builder(an alternative to Scripts and tools: Dedicated --virtualization option #13999). E.g., USE_LXC being set shadows USE_DOCKER; for details seegitian-builder/libexec/make-clean-vm:gitian-builder/bin/gverifyscript returns the exit code 1 if a signature verification ends with 'BAD SIGNATURE' or 'MISMATCH' by design. This PR allows to see the verification results for all signatures without a premature fail of thegitian-build.pyscript. Ref: Scripts and tools: fix gitian-build.py --verify option #14014.