Skip to content

Update signapple for platform identifier fix #24573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 16, 2022
Merged

Update signapple for platform identifier fix #24573

merged 1 commit into from
Mar 16, 2022

Conversation

achow101
Copy link
Member

Apparently #23134 is caused by the platform identifier field being set to the incorrect value in our code signatures. The problem has been resolved in signapple, and so guix should point to the latest commit containing the fix.

I suppose guix does not strictly need to have this; only the macOS code signer will need to have the fix.

Fixes #23134

hebasto
hebasto approved these changes Mar 16, 2022
View reviewed changes
Copy link
Member

@hebasto hebasto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 286db58, I have reviewed the code and it looks OK, I agree it can be merged.

I've verified that changes in the achow101/signapple@8a945a2 follow documentation. Did not test that #23134 is fixed.

@fanquake
Copy link
Member

Concept ACK, but can you correct the expected hash so this will Guix build:

INFO: Building 286db5882d13 for platform triple x86_64-apple-darwin:
      ...using reference timestamp: 1647367347
      ...running at most 8 jobs
      ...from worktree directory: '/bitcoin'
          ...bind-mounted in container to: '/bitcoin'
      ...in build directory: '/bitcoin/guix-build-286db5882d13/distsrc-286db5882d13-x86_64-apple-darwin'
          ...bind-mounted in container to: '/distsrc-base/distsrc-286db5882d13-x86_64-apple-darwin'
      ...outputting in: '/bitcoin/guix-build-286db5882d13/output/x86_64-apple-darwin'
          ...bind-mounted in container to: '/outdir-base/x86_64-apple-darwin'
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... 100.0%
The following derivations will be built:
   /gnu/store/lmcnfma47i4xpwsahycxy9kbmjs6l442-python-signapple-0.1-1.8a945a2.drv
   /gnu/store/rafvaq89shi8kmgqlnlmvdh48q0g7ig6-python-signapple-8a945a2e7583be2665cf3a6a89d665b70ecd1ab6-checkout.drv

building /gnu/store/rafvaq89shi8kmgqlnlmvdh48q0g7ig6-python-signapple-8a945a2e7583be2665cf3a6a89d665b70ecd1ab6-checkout.drv...
-r:sha256 hash mismatch for /gnu/store/d6fiz6vh16c7aadszhfprhkvy39hzwiw-python-signapple-8a945a2e7583be2665cf3a6a89d665b70ecd1ab6-checkout:
  expected hash: 1mxk4g60zdvfsby2v5drqxwjd3nc4azihgc9dkfr0rpanigjafc0
  actual hash:   0fr1hangvfyiwflca6jg5g8zvg3jc9qr7vd2c12ff89pznf38dlg
hash mismatch for store item '/gnu/store/d6fiz6vh16c7aadszhfprhkvy39hzwiw-python-signapple-8a945a2e7583be2665cf3a6a89d665b70ecd1ab6-checkout'
build of /gnu/store/rafvaq89shi8kmgqlnlmvdh48q0g7ig6-python-signapple-8a945a2e7583be2665cf3a6a89d665b70ecd1ab6-checkout.drv failed
View build log at '/var/log/guix/drvs/ra/fvaq89shi8kmgqlnlmvdh48q0g7ig6-python-signapple-8a945a2e7583be2665cf3a6a89d665b70ecd1ab6-checkout.drv.gz'.
note: keeping build directory `/tmp/guix-build-python-signapple-8a945a2e7583be2665cf3a6a89d665b70ecd1ab6-checkout.drv-0'
cannot build derivation `/gnu/store/lmcnfma47i4xpwsahycxy9kbmjs6l442-python-signapple-0.1-1.8a945a2.drv': 1 dependencies couldn't be built
guix environment: error: build of `/gnu/store/lmcnfma47i4xpwsahycxy9kbmjs6l442-python-signapple-0.1-1.8a945a2.drv' failed
bash-5.1# git rev-parse HEAD
8a945a2e7583be2665cf3a6a89d665b70ecd1ab6
bash-5.1# guix hash -rx .
0fr1hangvfyiwflca6jg5g8zvg3jc9qr7vd2c12ff89pznf38dlg

gruve-p
gruve-p reviewed Mar 16, 2022
View reviewed changes
@achow101 achow101 force-pushed the signapple-correct-platform branch from 286db58 to 3c74f77 Compare March 16, 2022 13:11
@achow101
Copy link
Member Author

Grr. guix hash didn't ignore things that were in my gitignore. Fixed the hash.

hebasto
hebasto approved these changes Mar 16, 2022
View reviewed changes
Copy link
Member

@hebasto hebasto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

re-ACK 3c74f77

GUIX builds on x86_64:

$ find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
36a2a3376356e52991667e14c39280a519fcdab97d3230f0c9d68821cae5d49d  guix-build-3c74f775ac95/output/arm64-apple-darwin/SHA256SUMS.part
8e23d4fd7b2da372c5c0d4e407b26d0f46ed01d44f158361420180e3799ab151  guix-build-3c74f775ac95/output/arm64-apple-darwin/bitcoin-3c74f775ac95-arm64-apple-darwin.tar.gz
b7a12f6488f6715aaa792b6f4080462ff2090b67200b07f0cae67db9673f7065  guix-build-3c74f775ac95/output/arm64-apple-darwin/bitcoin-3c74f775ac95-osx-unsigned.dmg
cdbf19f870d23762170c1cd5f47c3d9b86a4c0b9d9bd5b0c32b8500286128e62  guix-build-3c74f775ac95/output/arm64-apple-darwin/bitcoin-3c74f775ac95-osx-unsigned.tar.gz
10ca455f10bc4e0a122c7d6c83970cf2ec57831d7fad879753a8275422153fb4  guix-build-3c74f775ac95/output/dist-archive/bitcoin-3c74f775ac95.tar.gz
4ecf2eb1c3dc838c23671e4a2765e2ad6ec151a328a7c976ad058f920dad777a  guix-build-3c74f775ac95/output/x86_64-apple-darwin/SHA256SUMS.part
8429f2426675807d14d77f17369b416bcaf49f645837a8d4db0d831a6c92a28b  guix-build-3c74f775ac95/output/x86_64-apple-darwin/bitcoin-3c74f775ac95-osx-unsigned.dmg
78f7b9803a322ce3089bcd19ea993c16b76d4266ba930019109710b5dd3f7bd0  guix-build-3c74f775ac95/output/x86_64-apple-darwin/bitcoin-3c74f775ac95-osx-unsigned.tar.gz
43dc210e5c31e0579f8a4e707ddf3b847b4a93ea3937131473f22cd2df257ef7  guix-build-3c74f775ac95/output/x86_64-apple-darwin/bitcoin-3c74f775ac95-osx64.tar.gz

@prusnak
Copy link
Contributor

prusnak commented Mar 16, 2022

Let's add to 23.0 Milestone and apply the Needs backport (23.x) label.

@fanquake fanquake added this to the 23.0 milestone Mar 16, 2022
@gruve-p
Copy link
Contributor

gruve-p commented Mar 16, 2022

ACK 3c74f77

fanquake
fanquake approved these changes Mar 16, 2022
View reviewed changes
Copy link
Member

@fanquake fanquake left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 3c74f77

Guix Build:

bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
36a2a3376356e52991667e14c39280a519fcdab97d3230f0c9d68821cae5d49d  guix-build-3c74f775ac95/output/arm64-apple-darwin/SHA256SUMS.part
8e23d4fd7b2da372c5c0d4e407b26d0f46ed01d44f158361420180e3799ab151  guix-build-3c74f775ac95/output/arm64-apple-darwin/bitcoin-3c74f775ac95-arm64-apple-darwin.tar.gz
b7a12f6488f6715aaa792b6f4080462ff2090b67200b07f0cae67db9673f7065  guix-build-3c74f775ac95/output/arm64-apple-darwin/bitcoin-3c74f775ac95-osx-unsigned.dmg
cdbf19f870d23762170c1cd5f47c3d9b86a4c0b9d9bd5b0c32b8500286128e62  guix-build-3c74f775ac95/output/arm64-apple-darwin/bitcoin-3c74f775ac95-osx-unsigned.tar.gz
10ca455f10bc4e0a122c7d6c83970cf2ec57831d7fad879753a8275422153fb4  guix-build-3c74f775ac95/output/dist-archive/bitcoin-3c74f775ac95.tar.gz
4ecf2eb1c3dc838c23671e4a2765e2ad6ec151a328a7c976ad058f920dad777a  guix-build-3c74f775ac95/output/x86_64-apple-darwin/SHA256SUMS.part
8429f2426675807d14d77f17369b416bcaf49f645837a8d4db0d831a6c92a28b  guix-build-3c74f775ac95/output/x86_64-apple-darwin/bitcoin-3c74f775ac95-osx-unsigned.dmg
78f7b9803a322ce3089bcd19ea993c16b76d4266ba930019109710b5dd3f7bd0  guix-build-3c74f775ac95/output/x86_64-apple-darwin/bitcoin-3c74f775ac95-osx-unsigned.tar.gz
43dc210e5c31e0579f8a4e707ddf3b847b4a93ea3937131473f22cd2df257ef7  guix-build-3c74f775ac95/output/x86_64-apple-darwin/bitcoin-3c74f775ac95-osx64.tar.gz

@fanquake fanquake merged commit 4bdc990 into bitcoin:master Mar 16, 2022
fanquake pushed a commit to fanquake/bitcoin that referenced this pull request Mar 16, 2022
@achow101 @fanquake
Update signapple for platform identifier fix
de52879 
Github-Pull: bitcoin#24573
Rebased-From: 3c74f77
@fanquake fanquake mentioned this pull request Mar 16, 2022
Merged
@fanquake
Copy link
Member

Backported in #24593.

sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Mar 16, 2022
@fanquake
Merge bitcoin#24573: Update signapple for platform identifier fix
e39d71c 
3c74f77 Update signapple for platform identifier fix (Andrew Chow)

Pull request description:

  Apparently bitcoin#23134 is caused by the platform identifier field being set to the incorrect value in our code signatures. The problem has been resolved in signapple, and so guix should point to the latest commit containing the fix.

  I suppose guix does not strictly need to have this; only the macOS code signer will need to have the fix.

  Fixes bitcoin#23134

ACKs for top commit:
  gruve-p:
    ACK bitcoin@3c74f77
  hebasto:
    re-ACK 3c74f77
  fanquake:
    ACK 3c74f77

Tree-SHA512: 7df844793fa77be4ddc4ef02f26980d6368b50421b7bd9a15f7d6a0c3b5c5f4f0cc0889e065689956583a2173875d33406dbe3a52a72c75a7f23a33c733c2378
laanwj added a commit that referenced this pull request Mar 17, 2022
@laanwj
Merge #24593: [23.x] macOS / build backports
55a60b9 
61c0216 doc, guix: Include arm64-apple-darwin into codesigned archs (Hennadii Stepanov)
f541a25 doc: Drop a note about Intel-based Macs (Hennadii Stepanov)
dd2c7f7 guix: Use "win64" for Windows artifacts consistently (Hennadii Stepanov)
2e7cde8 guix: Drop "-signed" suffix for signed macOS .dmg files (Hennadii Stepanov)
7f6420c guix: Use $HOST instead of generic osx{64} for macOS artifacts (Hennadii Stepanov)
de52879 Update signapple for platform identifier fix (Andrew Chow)

Pull request description:

  Backports:
  * #24549
  * #24573
  * #24588
  * #24597

ACKs for top commit:
  laanwj:
    Code review ACK 61c0216

Tree-SHA512: 023bfe6f1a31cec66f0255fb8e9c186f44a50a900a9f22c65b2da672b413fec7570f0f11626317344b6f91e74610006ffe0e35243af510de1eb8a3ceb8e8d37f
kwvg added a commit to kwvg/dash that referenced this pull request Jun 11, 2023
@kwvg
merge bitcoin#24573: Update signapple for platform identifier fix
99f1877
kwvg added a commit to kwvg/dash that referenced this pull request Jun 11, 2023
@kwvg
merge bitcoin#24573: Update signapple for platform identifier fix
b9d1804
PastaPastaPasta pushed a commit to kwvg/dash that referenced this pull request Jun 18, 2023
@kwvg @PastaPastaPasta
merge bitcoin#24573: Update signapple for platform identifier fix
cc9f59d
PastaPastaPasta added a commit to dashpay/dash that referenced this pull request Jun 18, 2023
@PastaPastaPasta
Merge pull request #5408 from kittywhiskers/guix_p2
d159340 
backport: merge bitcoin#23909, bitcoin#23778, bitcoin#24495,bitcoin#25313, bitcoin#24042, bitcoin#24057, bitcoin#24348, bitcoin#24484, bitcoin#24489, bitcoin#24599, bitcoin#24503, bitcoin#24506, bitcoin#24573, bitcoin#25779, bitcoin#24736, bitcoin#24842, bitcoin#25006, bitcoin#25076, bitcoin#25490, bitcoin#25558 (guix backports: part 2)
delta1 added a commit to delta1/elements that referenced this pull request Oct 16, 2023
@delta1
Merge 4bdc990 into merged_master (Bitcoin PR bitcoin/bitcoin#24573)
5255689
@bitcoin bitcoin locked and limited conversation to collaborators Feb 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@fanquake fanquake fanquake approved these changes

@hebasto hebasto hebasto approved these changes

+1 more reviewer

@gruve-p gruve-p gruve-p left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
Scripts and tools
Projects
None yet
Milestone
23.0
Development

Successfully merging this pull request may close these issues.

macOS Monterey deleting bitcoin core after updates (M1)
6 participants
@achow101 @fanquake @prusnak @gruve-p @hebasto @DrahtBot