electrum

Electrum Bitcoin wallet
git clone https://git.parazyd.org/electrum
Log | Files | Refs | Submodules
commit 0119ab9ee1c4b07255442c7c91a7119ca989b64c
parent d467a5a8ec9353d9ccf0fea980a4fc44eef1d475
Author: ThomasV <thomasv@electrum.org>
Date:   Sat, 30 Jun 2018 13:22:46 +0200

winbuilds: update README. Do not sign in unsign.sh

Diffstat:

Mcontrib/build-wine/README.md | 13+++++++------


Mcontrib/build-wine/unsign.sh | 10++++------


2 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/contrib/build-wine/README.md b/contrib/build-wine/README.md
@@ -52,15 +52,16 @@ certificate/key) and one or multiple trusted verifiers:
 | Signer                                                    | Verifier                          |
 |-----------------------------------------------------------|-----------------------------------|
 | Build .exe files using `build.sh`                         |                                   |
+| Sign .exe with `./sign.sh`                                |                                   |
+| Upload signed files to download server                    |                                   |
 |                                                           | Build .exe files using `build.sh` |
-|                                                           | Sign .exe files using `gpg -b`    |
-|                                                           | Send signatures to signer         |
-| Place signatures as `$filename.$builder.asc` in `./dist`  |                                   |
-| Run `./sign.sh`                                           |                                   |
+|                                                           | Compare files using `unsign.sh`   |
+|                                                           | Sign .exe file using `gpg -b`     |
+
+| Signer and verifiers:
+| Upload signatures to 'electrum-signatures' repo, as `$version/$filename.$builder.asc`         |
 
 
-`sign.sh` will check if the signatures match the signer's files. This ensures that the signer's
-build environment is not compromised and that the binaries can be reproduced by anyone.
 
 
 Verify Integrity of signed binary
diff --git a/contrib/build-wine/unsign.sh b/contrib/build-wine/unsign.sh
@@ -17,12 +17,11 @@ cd signed
 
 echo "Found $(ls *.exe | wc -w) files to verify."
 for signed in $(ls *.exe); do
-    echo $signed
     mine="../dist/$signed"
     out="../stripped/$signed"
     size=$( wc -c < $mine )
     # Step 1: Remove PE signature from signed binary
-    osslsigncode remove-signature -in $signed -out $out
+    osslsigncode remove-signature -in $signed -out $out > /dev/null 2>&1
     # Step 2: Remove checksum and padding from signed binary
     python3 <<EOF
 pe_file = "$out"
@@ -37,16 +36,15 @@ l = len(binary)
 n = l - size
 if n > 0:
    assert binary[-n:] == bytearray(n)
-   print("removing %d null bytes"% n)
    binary = binary[:size]
 with open(pe_file, "wb") as f:
     f.write(binary)
 EOF
     chmod +x $out
     if [ ! $(diff $out $mine) ]; then
-	echo "Success!"
-	gpg --sign --armor --detach $signed
+	echo "Success: $signed"
+	#gpg --sign --armor --detach $signed
     else
-	echo "failure"
+	echo "Failure: $signed"
     fi
 done