--- Log opened Tue Feb 18 00:00:44 2020 03:06 -!- Elizabeth1Kling [~Elizabeth@ns334669.ip-5-196-64.eu] has joined #bitcoin-builds 04:54 < jonasschnelli> new nighly gitian builds server is up and running: 04:54 < jonasschnelli> https://bitcoin.jonasschnelli.ch/gitian/ 05:04 < fanquake> jonasschnelli: looks good 05:04 < jonasschnelli> sams same but different 05:04 < fanquake> The link to the "special key" at the bottom of the page seems broken 05:05 < jonasschnelli> oh. Yes. Good point. It's a new one. 05:05 < jonasschnelli> thanks 05:09 < jonasschnelli> fanquake: I going to open a PR that adds "--options runtime" to the codesign part... 05:10 < fanquake> ok. I'm about to open one with the entitlements.xml 05:10 < jonasschnelli> Have you started looking into it? Otherwise I just open the PR and start testing it further 05:10 < jonasschnelli> fanquake: Okay. Fine. Let me don't interfere then. 05:10 < jonasschnelli> I think L26 in detached-sig-create.sh needs to be: 05:10 < jonasschnelli> ${CODESIGN} -f --options runtime --file-list ${TEMPLIST} "$@" "${BUNDLE}" 05:10 < jonasschnelli> (+--options runtime) 05:11 < jonasschnelli> I could think that this allone fixes it 05:11 < jonasschnelli> The entitlements seems to be for exceptions for the hardening (like just in time compiler) 05:12 < fanquake> I think the com.apple.security.get-task-allow key is potentially required. 05:12 < fanquake> I'll open this now (just the file), and we can discuss there. I was thinking we could be explicit about our entitlements. 05:14 < jonasschnelli> "f you use a custom workflow and fail to remove the com.apple.security.get-task-allow entitlement, notarization fails with the following message:" 05:15 < jonasschnelli> So "com.apple.security.get-task-allow" should be removed. I think we already have that removed/not set to true? 05:15 < fanquake> Yea I've got it set to false 05:15 < fanquake> https://github.com/bitcoin/bitcoin/pull/18171 05:15 < jonasschnelli> Okay. Looks good. 05:15 < fanquake> We don't necessarily have to have all of those keys, but I don't think it can hurt to be explicit. 05:16 < jonasschnelli> Can you also add the "--options runtime" to the code sign step in PR #18171? 05:16 < jonasschnelli> I think that's necesarry 05:16 < fanquake> Ok 05:17 < jonasschnelli> Also, the warning we get from apple is only about the hardening (not about the get-task-allow key). 05:18 < jonasschnelli> https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087724 05:27 < jonatack> jonasschnelli: nice! 05:27 < jonasschnelli> though gitian builds are currently failing... :( 05:31 -!- Elizabeth1Kling [~Elizabeth@ns334669.ip-5-196-64.eu] has quit [Ping timeout: 260 seconds] 06:14 < jonasschnelli> fanquake: should the Entitlements.xml file end up in the .app Info.plist or so? 06:14 < jonasschnelli> Or how can I verify that the Entitlements.xml has been "used" (when only having the dmg in the end)? 06:15 < jonasschnelli> I could sucessfully notarize 18171 (I manually added --options runtime to detached-sig-create.sh). 06:16 < jonasschnelli> Now testing master with manual added --options runtime 08:08 -!- jb55 [~jb55@gateway/tor-sasl/jb55] has quit [Quit: jb55] 09:52 -!- jb55 [~jb55@gateway/tor-sasl/jb55] has joined #bitcoin-builds 11:15 < jonasschnelli> master failes on bitcoinbuilds.org: https://bitcoinbuilds.org/?job=cda0e018-8437-4dea-80b8-283fd445ec8a 11:15 < jonasschnelli> fatal error: in "scheduler_tests/mockforward": signal: SIGABRT (application abort requested) 11:16 < jonasschnelli> MarcoFalke: ^ any idea? 11:45 < dongcarl> testing: #18151 13:17 -!- alko89 [~alko@cpe-85-10-28-138.static.amis.net] has joined #bitcoin-builds 14:46 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 265 seconds] 14:47 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-builds 15:28 < fanquake> dongcarl: let me know how you go. I've played around with the compression, by calling xorriso directly, and it seems that it "works", but macOS doesn't seem to decompress the dmg correctly 15:29 < dongcarl> ah sorry I was just testing the gribble bot, but I will test that PR sometime this week too 15:29 < fanquake> oh hah, fair enough 15:30 < fanquake> Did you manage to download my Windows Guix binaries before anyone else did 15:30 < dongcarl> I'm quite confused by the discrepancies in the mingw binaries... I'm building it in docker and getting another set of different hashes 15:30 < dongcarl> so it differs system by system... but not on the same system? 15:30 < fanquake> Two builds are deterministic but just not matching anything else? 15:31 < fanquake> Yea, that's what I've been seeing 15:31 < fanquake> It's not very obvious from diffing the binaries what it might be either 15:31 < dongcarl> Yeah... this kind of diff last time was caused by $PWD 15:31 < dongcarl> but Guix should map PWD to /bitcoin in all cases... 15:31 < dongcarl> :-/ 15:31 < dongcarl> Weird 15:32 < fanquake> Yea 15:32 < fanquake> Will have another look 15:32 < dongcarl> I should diff the distsrc tho 15:32 < dongcarl> That might have clues 15:32 < dongcarl> like anything intermediate 15:34 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Ping timeout: 240 seconds] 15:49 < fanquake> I'm torn on this .zip vs .dmg debate 15:52 < fanquake> On the one hand. It'd greatly simplify the macOS deployment pipeline, and remove a bunch of dependencies. On the other, I don't quite buy the "everything is moving to .zip" argument. The 3 programs I just checked (Google Chrome, Firefox, Tor) all still use .dmgs 15:54 < fanquake> So does Virtualbox, Transmission, VLC 15:56 < fanquake> I think that any user that "really don't know that .apps should go in Applications/." is not likely to be running (or will quickly lose the patience to run) Bitcoin Core. 15:57 -!- nanotube [~nanotube@unaffiliated/nanotube] has joined #bitcoin-builds 15:59 < nanotube> test #17800 15:59 < gribble> https://github.com/bitcoin/bitcoin/issues/17800 | random: dont special case clock usage on macOS by fanquake . Pull Request #17800 . bitcoin/bitcoin . GitHub 15:59 < dongcarl> Thanks nanotube! 15:59 < nanotube> o/ :) 20:25 -!- alko89 [~alko@cpe-85-10-28-138.static.amis.net] has quit [Ping timeout: 248 seconds] 21:25 -!- ghost43 [~daer@gateway/tor-sasl/daer] has quit [Remote host closed the connection] 23:08 -!- hebasto [~hebasto@95.164.65.194] has quit [Ping timeout: 265 seconds] 23:08 -!- hebasto [~hebasto@95.164.65.194] has joined #bitcoin-builds --- Log closed Wed Feb 19 00:00:45 2020