Flagged by flake8 v3.6.0, as W605, plus a few others identified
incidentally, e.g. 59ffecf66cf4d08c4b431e457b083878d66a3fd6.
Note that r"\n" matches to "\n" under re.match/search.
09fe2d9 release: update docs to show basic codesigning procedure (Cory Fields)
f642753 release: create a bundle for the new signing script (Cory Fields)
0068361 release: add win detached sig creator and our cert chain (Cory Fields)
Tree-SHA512: 032ad84697c70faaf857b9187f548282722cffca95d658e36413dc048ff02d9183253373254ffcc1158afb71140753f35abfc9fc8781ea5329c04d13c98759c0
Also change the mac filename to match
The procedure remains the same, but now there's a nifty script to automate
the signing process.
Future steps:
- Build osslsigncode in the gitian-win descriptor so that the signer itself is
deterministic.
- Verify in the gitian-win-signer descriptor that the expected cert chain was
used.
Ubuntu 16.04 "xenial xerus" does not come with Python 2.x by default.
It is possible to install a python-2.7 package, but this has its own
problem: no `python` or `python2` symlink (see #7717).
This fixes the following scripts to work with python 3:
- `make check` (bctest,py, bitcoin-util-test.py)
- `make translate` (extract_strings_qt.py)
- `make symbols-check` (symbol-check.py)
- `make security-check` (security-check.py)
Explicitly call the python commands using $(PYTHON) instead
of relying on the interpreter line at the top of the scripts.
Rather than fetching a signature.tar.gz from somewhere on the net, instruct
Gitian to use a signature from a tag in the bitcoin-detached-sigs repository
which corresponds to the tag of the release being built.
This changes detached-sig-apply.sh to take a dirname rather than a tarball as
an argument, though detached-sig-create.sh still outputs a tarball for
convenience.
Code signing failed for me on OSX 10.9.5 because the
Versions/Current symbolic links were being replaced
with a duplicate copy of the frameworks' code.
Releases were bigger than they needed to be, for the
same reason.
The approach from 65f3fa8d1 worked for signing on 10.9.4, but not newer
versions. 10.9.5 (and up) want each framework to stand alone.
Now in addition to copying the plist's from Qt for each framework, we put them
in per-version dirs and only symlink to the latest, rather than using symlinks
for any contents.
Starting with 10.9, Framework versions must be signed individually, rather
than as a single bundle version, in order to be properly codesigned. This
change ensures that the proper plist files and symlinks are present prior to
packaging.
When QT is linked statically, macdeploy can't infer its paths. While plugins
and frameworks don't need to be packaged, translations still do (for now).
For qt5.2 on osx, the qcocoa plugin is mandatory. However, it fails to load
when qt.conf specifies the "plugin" path instead of the expected "Plugin". This
is in line with the documentation:
https://qt-project.org/doc/qt-5.0/qtdoc/qt-conf.html
I'm not sure how the plugins were loading before, unless the case-sensitivity
for OSX is new.
The current default URL doesn't seem to exist.
Unsure wether this should be updated to point to 0.7.2 now or wether
just to wait untill 0.8.0 is out and point there?
Commit also fixes a minor typo in the macdeploy notes.txt
Use 'osascript' to run AppleScript, instead of using (broken-in-10.8)
python appscript package.
And added support for code-signing the .app bundle, to make OSX's
GateKeeper happy.
* My patch for miniupnpc has made it into the latest MacPorts release: https://trac.macports.org/ticket/31354
* Documentation has been changed appropriately
* New pure-Python macdeployqt; leverages all problems with the stock macdeployqt