News:

Are you new to Groestlcoin and have questions you are afraid to ask?
Check out the New Users board and post there.
Welcome to all newcomers.

Main Menu

How to build Groestlcoin Core with Guix

Started by jackielove4u, September 06, 2021, 11:21:06 AM

Previous topic - Next topic

jackielove4u

The following were tested in Debian 10.2, some dependencies can be different in other distros.
If you have issues make sure:
     - HyperVM is enabled in bios (to enable 64bit in virtualbox)
     - Hyper V is uninstalled on Windows
     - Disable mcafee anti-virus, Malwarebytes and roquekiller
     - Disable sleep/hibernate mode on windows

Create a Debian VM as a building environment (it will be accessed via SSH) Follow the instructions at: https://github.com/Groestlcoin/docs/blob/master/gitian-building/gitian-building-create-vm-debian.md however use Debian 10.2 instead of Debian 8.
Also change memory to 10240MB and the File location and size: at least 80GB

(below as root) Note: When sudo asks for a password, enter the password for the user gitianuser not for root
ssh root@localhost -p 22222
sudo -s
sudo apt-get install git ruby apt-cacher-ng qemu-utils lxc python-cheetah parted kpartx bridge-utils make ubuntu-archive-keyring curl firewalld -y
echo '#!/bin/sh -e' > /etc/rc.local
echo 'brctl addbr br0' >> /etc/rc.local
echo 'ip addr add 10.0.3.1/24 broadcast 10.0.3.255 dev br0' >> /etc/rc.local
echo 'ip link set br0 up' >> /etc/rc.local
echo 'firewall-cmd --zone=trusted --add-interface=br0' >> /etc/rc.local
echo 'exit 0' >> /etc/rc.local
chmod +x /etc/rc.local

cd /tmp
wget https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh
chmod +x guix-install.sh
./guix-install.sh
reboot

(below as gitianuser) Note: When sudo asks for a password, enter the password for the user gitianuser not for root
ssh gitianuser@localhost -p 22222
#Export your key (or export private key on Kleopatra):
gpg --export-secret-keys $ID > my-private-key.asc
# Copy the key to the VM. To copy the exported secret-keys you can use SFTP client on portnumber 22222
#To import the key, run:
gpg --import my-private-key.asc.
#Setup a passphrase for the secret key when asked
gpg --edit-key $ID
passwd #Enter existing passphrase then press enter twice and consider the warnings from the tool and its implications before proceeding.
quit

#Install osslsigncode to sign windows binaries
sudo apt-get -y install osslsigncode

#Export code signing certificate from PFX to PEM format without bag attributes
#And update https://github.com/Groestlcoin/groestlcoin/blob/master/contrib/windeploy/win-codesign.cert if needed
openssl pkcs12 -in groestlcoin_developers_llc.p12 -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > win-codesign.cert

#Export code signing private key from PFX to PEM format without bag attributes
openssl pkcs12 -in groestlcoin_developers_llc.p12 -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > groestlcoin_developers_llc.pem

#Install signapple
sudo apt-get install python3-setuptools python3-pip
git clone https://github.com/achow101/signapple/
cd signapple
sudo pip3 install -e .
sudo python3 setup.py install

#Replace SIGNER with your signing name
export SIGNER="jackielove4u"
# enter the branch name below.
export VERSION=24.0.1
# enter the version name below.
export FORCE_VERSION=24.0

git clone https://github.com/groestlcoin/guix.sigs.git
git clone https://github.com/groestlcoin/groestlcoin-detached-sigs.git
git clone https://github.com/groestlcoin/groestlcoin.git && cd groestlcoin
git checkout $VERSION

export GUIX_SIGS_REPO="/home/gitianuser/guix.sigs"
export DETACHED_SIGS_REPO="/home/gitianuser/groestlcoin-detached-sigs"

# Create input folder
mkdir -p depends/SDKs && cd depends/SDKs
#Fetch Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz
wget --no-check-certificate https://bitcoincore.org/depends-sources/sdks/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz
#Extract tarball
tar -xaf Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz
#Return to build directory
cd ../..

sudo sysctl -w kernel.unprivileged_userns_clone=1

#This command will build Groestlcoin Core for all platforms. First time it will take 1 or 2 full days, after first run it will take couple of hours. Make sure to close Malwarebytes otherwise it will fail (Malwarebytes blocks bitcoin-core.org URL)
./contrib/guix/guix-build

#This command will attest Groestlcoin Core non-codesigned for all platforms.
./contrib/guix/guix-attest

#Update signapple with every guix build
cd signapple
git pull
sudo pip3 install -e .
sudo python3 setup.py install

#Sign osx binaries
#If new macOS codesigner has been appointed then: To use the code signing certificate with signapple, the Developer ID Application Certificate must be exported. The Developer ID Application Certificate should be accessible through the Keychain Access app.
#Find Developer ID Application Certificate, Control click (or right click) it, and choose the option to export the certificate. Export the certificate as core-installer.p12 (Personal Information Exchange file aka .p12 extension) and move it to the guix host.
cd ~/groestlcoin/guix-build-$FORCE_VERSION/output/x86_64-apple-darwin
tar xf groestlcoin-$FORCE_VERSION-x86_64-apple-darwin-unsigned.tar.gz
./detached-sig-create.sh "/home/gitianuser/core-installer.p12"
cd ~/groestlcoin/guix-build-$FORCE_VERSION/output/arm64-apple-darwin
tar xf groestlcoin-$FORCE_VERSION-arm64-apple-darwin-unsigned.tar.gz
./detached-sig-create.sh "/home/gitianuser/core-installer.p12"

#Sign windows binaries
# Make sure the p12 certificate has been converted to a pem file
cd ~/groestlcoin/guix-build-$FORCE_VERSION/output/x86_64-w64-mingw32
tar xf groestlcoin-$FORCE_VERSION-win64-unsigned.tar.gz
./detached-sig-create.sh -key "/home/gitianuser/groestlcoin_developers_llc.pem"

#Push signatures to groestlcoin-detached-sigs
tar xf signature-osx-x86_64.tar.gz
tar xf signature-osx-arm64.tar.gz
tar xf signature-win.tar.gz
#create new branch on https://github.com/Groestlcoin/groestlcoin-detached-sigs/ with v$FORCE_VERSION naming
#push the extracted folder to https://github.com/Groestlcoin/groestlcoin-detached-sigs/ v$FORCE_VERSION branch
#tag it with v$FORCE_VERSION

#Sign binaries
cd $DETACHED_SIGS_REPO
git pull
git checkout $FORCE_VERSION
cd ~
cd groestlcoin
#For 23.0 and higher use:
export HOSTS="arm64-apple-darwin x86_64-apple-darwin x86_64-w64-mingw32"
./contrib/guix/guix-codesign

#This command will attest Groestlcoin Core codesigned for all platforms.
./contrib/guix/guix-attest

#Create SHA256SUMS and SHA256SUMS.asc and put them in the $FORCE_VERSION folder
cd ~/guix.sigs
mkdir /home/gitianuser/$FORCE_VERSION
#Combine the all.SHA256SUMS.asc file from all signers into SHA256SUMS.asc (only needed if there are more than 1 signers): cat "$FORCE_VERSION"/*/all.SHA256SUMS.asc > SHA256SUMS.asc
cp "$FORCE_VERSION"/*/all.* /home/gitianuser/$FORCE_VERSION
cd /home/gitianuser/$FORCE_VERSION
mv all.SHA256SUMS SHA256SUMS
mv all.SHA256SUMS.asc SHA256SUMS.asc

#Create SHA256SUMS.ots
Drop the SHA256SUMS file on https://opentimestamps.org/

#Copy the release files to the $FORCE_VERSION folder
find ~/groestlcoin/guix-build-${FORCE_VERSION}/output/ -maxdepth 2 -type f -not -name "SHA256SUMS.part" -and -not -name "*debug*" -and -not -name "*sig*" -and -not -name "*volname*" -exec cp {} /home/gitianuser/$FORCE_VERSION \;

#Copy the release files, SHA256SUMS andSHA256SUMS.asc
#Alternatively you can use SFTP client like WINSCP and connect to localhost with portnumber 22222 and copy the created tarballs from  /home/gitianuser/$FORCE_VERSION
scp -P 22222 -r /home/gitianuser/$FORCE_VERSION [email protected]:~/Desktop/

#Cleaning intermediate work directories
./contrib/guix/guix-clean

commit new created folders on /home/gitianuser/guix.sigs/$FORCE_VERSION to https://github.com/Groestlcoin/guix.sigs