hush
/
hush-gitian
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Update readme

master
Duke Leto 4 years ago
parent
40b1a2b756
commit
7c0b16c7f7
1 changed files with 14 additions and 20 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 34
      README.md

34
README.md
View File

@ -1,22 +1,20 @@
Hush deterministic builds
==========================
# Hush deterministic builds
This is a deterministic build environment for [Hush](https://github.com/MyHush/hush) that uses [Gitian](https://gitian.org/).
This is a deterministic build environment for [Hush](https://git.hush.is/hush/hush) that uses [Gitian](https://gitian.org/).
Gitian provides a way to be reasonably certain that the Hush executables are really built from the exact source on GitHub and have not been tampered with. It also makes sure that the same, tested dependencies are used and statically built into the executable.
Gitian provides a way to be reasonably certain that the Hush executables are really built from the exact source on Gitea (or GitHub backup mirror) and have not been tampered with. It also makes sure that the same, tested dependencies are used and statically built into the executable.
Multiple developers build from source code by following a specific descriptor ("recipe"), cryptographically sign the result, and upload the resulting signature. These results are compared and only if they match is the build is accepted.
More independent Gitian builders are needed, which is why this guide exists.
Requirements
------------
# Requirements
4GB of RAM, at least two cores
It relies upon [Vagrant](https://www.vagrantup.com/) and [VirtualBox](https://www.virtualbox.org/) plus [Ansible](https://www.ansible.com/).
#### VirtualBox
## VirtualBox
If you use Linux, we recommend obtaining VirtualBox through your package manager instead of the Oracle website.
@ -24,24 +22,23 @@ If you use Linux, we recommend obtaining VirtualBox through your package manager
Linux kernel headers are required to setup the `/dev/vboxdrv` device and VirtualBox kernel module via `virtualbox-dkms`.
#### Vagrant
## Vagrant
Download the latest version of Vagrant from [their website](https://www.vagrantup.com/downloads.html).
#### Ansible
## Ansible
Install prerequisites first: `sudo apt-get install build-essential libssl-dev libffi-dev python python-dev python-pip`. Then run:
sudo pip install -U ansible
How to get started
------------------
# How to get started
### Edit settings in gitian.yml
```yaml
# URL of repository containing Hush source code.
hush_git_repo_url: 'https://github.com/MyHush/hush'
hush_git_repo_url: 'https://git.hush.is/hush/hush'
# Specific tag or branch you want to build.
hush_version: 'master'
@ -68,8 +65,7 @@ This will provision a Gitian host virtual machine that uses a Linux container (L
Use `git stash` to save one's local customizations to `gitian.yml`.
Building Hush
--------------
# Building Hush
vagrant ssh hush-build
./gitian-build.sh
@ -80,17 +76,15 @@ Take a look at the variables near the top of `~/gitian-build.sh` and get familia
It's also a good idea to regularly `git pull` on this repository to obtain updates and re-run the entire VM provisioning for each release, to ensure current and consistent state for your builder.
Generating and uploading signatures
-----------------------------------
# Generating and uploading signatures
After the build successfully completes, `gsign` will be called. Commit and push your signatures (both the .assert and .assert.sig files) to the [MyHush/gitian.sigs](https://github.com/MyHush/gitian.sigs) repository, or if that's not possible then create a pull request.
After the build successfully completes, `gsign` will be called. Commit and push your signatures (both the .assert and .assert.sig files) to the [gitian.sigs](https://git.hush.is/hush/gitian.sigs) repository, or if that's not possible then create a pull request.
Signatures can be verified by running `gitian-build.sh --verify`, but set `build=false` in the script to skip building. Run a `git pull` beforehand on `gitian.sigs` so you have the latest. The provisioning includes a task which imports Hush developer public keys to the Vagrant user's keyring and sets them to ultimately trusted, but they can also be found at `contrib/gitian-downloader` within the Hush source repository.
Working with GPG and SSH
--------------------------
# Working with GPG and SSH
We provide two options for automatically importing keys into the VM, or you may choose to copy them manually. Keys are needed A) to sign the manifests which get pushed to [gitian.sigs](https://github.com/MyHush/gitian.sigs) and B) to interact with GitHub, if you choose to use an SSH instead of HTTPS remote. The latter would entail always providing your GitHub login and [access token](https://github.com/settings/tokens) in order to push from within the VM.
We provide two options for automatically importing keys into the VM, or you may choose to copy them manually. Keys are needed A) to sign the manifests which get pushed to [gitian.sigs](https://git.hush.is/hush/gitian.sigs) and B) to interact with Gitea, if you choose to use an SSH instead of HTTPS remote. The latter would entail always providing your GitHub login and [access token](https://github.com/settings/tokens) in order to push from within the VM.
Your local SSH agent is automatically forwarded into the VM via a configuration option. If you run ssh-agent, your keys should already be available.

Write Preview
Loading…
Cancel
Save