Update tools.jar for deterministic builds

- Create hash of jar and copy it to deploy dir - Remove BC jars from -srcfiles - Remove commented out code for policy file
2024-11-20 02:12:00 +01:00 · 2018-05-25 22:03:42 +02:00 · 2018-05-25 22:03:42 +02:00 · 1570ec3e74
commit 1570ec3e74
parent 8d939f0f37
7 changed files with 14 additions and 51 deletions
--- a/package/linux/32bitBuild.sh
+++ b/package/linux/32bitBuild.sh
@ -26,21 +26,11 @@ $JAVA_HOME/bin/javapackager \
    -vendor Bisq \
    -outdir deploy \
    -srcfiles "$dir/Bisq-$version.jar" \
-    -srcfiles "$dir/bcpg-jdk15on-1.56.jar" \
-    -srcfiles "$dir/bcprov-jdk15on-1.56.jar" \
    -srcfiles package/linux/LICENSE \
    -appclass bisq.desktop.app.BisqAppMain \
    -BjvmOptions=-Xss1280k \
    -outfile Bisq

-# when we have support for security manager we use that
-#     \
-#    -BjvmOptions=-Djava.security.manager \
-#    -BjvmOptions=-Djava.security.debug=failure \
-#    -BjvmOptions=-Djava.security.policy=file:bisq.policy
-#     -srcfiles "core/src/main/resources/bisq.policy" \
-
-

 # sudo alien -r -c -k deploy/bundles/bisq-$version.deb

--- a/package/linux/64bitBuild.sh
+++ b/package/linux/64bitBuild.sh
@ -26,21 +26,11 @@ $JAVA_HOME/bin/javapackager \
    -vendor Bisq \
    -outdir deploy \
    -srcfiles "$dir/Bisq-$version.jar" \
-    -srcfiles "$dir/bcpg-jdk15on-1.56.jar" \
-    -srcfiles "$dir/bcprov-jdk15on-1.56.jar" \
    -srcfiles package/linux/LICENSE \
    -appclass bisq.desktop.app.BisqAppMain \
    -BjvmOptions=-Xss1280k \
    -outfile Bisq

-# when we have support for security manager we use that
-#     \
-#    -BjvmOptions=-Djava.security.manager \
-#    -BjvmOptions=-Djava.security.debug=failure \
-#    -BjvmOptions=-Djava.security.policy=file:bisq.policy
-#     -srcfiles "core/src/main/resources/bisq.policy" \
-
-
 # uncomment because the build VM does not support alien
 #sudo alien -r -c -k deploy/bundles/bisq-$version.deb

--- a/package/osx/create_app.sh
+++ b/package/osx/create_app.sh
@ -12,6 +12,16 @@ version="0.7.0"

 EXE_JAR=build/libs/bisq-desktop-0.7.0-all.jar

+echo SHA 256 before stripping jar file:
+shasum -a256 $EXE_JAR | awk '{print $1}'
+
+# We make a deterministic jar by stripping out comments with date, etc.
+java -jar ./package/osx/tools-1.0.jar $EXE_JAR
+
+echo SHA 256 after stripping jar file to get a deterministic jar:
+shasum -a256 $EXE_JAR | awk '{print $1}' | tee deploy/Bisq-$version.jar.txt
+
+
 linux32=build/vm/vm_shared_ubuntu14_32bit
 linux64=build/vm/vm_shared_ubuntu
 win32=build/vm/vm_shared_windows_32bit
@ -76,20 +86,9 @@ $JAVA_HOME/bin/javapackager \
    -vendor Bisq \
    -outdir deploy \
    -srcfiles "deploy/Bisq-$version.jar" \
-    -srcfiles "build/app/lib//$bc_lib1" \
-    -srcfiles "build/app/lib//$bc_lib2" \
    -appclass bisq.desktop.app.BisqAppMain \
    -outfile Bisq

-
-# TODO <Class-Path>lib/bcpg-jdk15on.jar lib/bcprov-jdk15on.jar</Class-Path> not included in build
-# when we have support for security manager we use that
-#     \
-#    -BjvmOptions=-Djava.security.manager \
-#    -BjvmOptions=-Djava.security.debug=failure \
-#    -BjvmOptions=-Djava.security.policy=file:bisq.policy
-#     -srcfiles "core/src/main/resources/bisq.policy" \
-
 rm "deploy/Bisq.html"
 rm "deploy/Bisq.jnlp"

--- a/package/osx/finalize.sh
+++ b/package/osx/finalize.sh
@ -28,6 +28,8 @@ cp "$target_dir/../../package/5BC5ED73.asc" "$target_dir/"
 cp "$target_dir/../../package/29CDFD3B.asc" "$target_dir/"
 # signing key
 cp "$target_dir/../../package/signingkey.asc" "$target_dir/"
+# hash of jar file
+cp "deploy/Bisq-$version.jar.txt" "$target_dir/"

 dmg="Bisq-$version.dmg"
 cp "$macOS/$dmg" "$target_dir/"
@ -54,13 +56,14 @@ cp "$win64/bundles/$exe" "$target_dir/$exe64"

 cd "$target_dir"

-
+echo Create signatures
 gpg --digest-algo SHA256 --local-user $BISQ_GPG_USER --output $dmg.asc --detach-sig --armor $dmg
 gpg --digest-algo SHA256 --local-user $BISQ_GPG_USER --output $deb64.asc --detach-sig --armor $deb64
 gpg --digest-algo SHA256 --local-user $BISQ_GPG_USER --output $deb32.asc --detach-sig --armor $deb32
 gpg --digest-algo SHA256 --local-user $BISQ_GPG_USER --output $exe64.asc --detach-sig --armor $exe64
 gpg --digest-algo SHA256 --local-user $BISQ_GPG_USER --output $exe32.asc --detach-sig --armor $exe32

+echo Verify signatures
 gpg --digest-algo SHA256 --verify $dmg{.asc*,}
 gpg --digest-algo SHA256 --verify $deb64{.asc*,}
 gpg --digest-algo SHA256 --verify $deb32{.asc*,}
--- a/package/osx/tools-1.0.jar
+++ b/package/osx/tools-1.0.jar
--- a/package/windows/32bitBuild.bat
+++ b/package/windows/32bitBuild.bat
@ -21,15 +21,5 @@ call "%JAVA_HOME%\bin\javapackager.exe" -deploy ^
 -outdir %outdir% ^
 -appclass bisq.desktop.app.BisqAppMain ^
 -srcfiles %outdir%\Bisq.jar ^
-srcfiles %outdir%\bcpg-jdk15on-1.56.jar ^
-srcfiles %outdir%\bcprov-jdk15on-1.56.jar ^
 -outfile Bisq ^
 -Bruntime="%JAVA_HOME%\jre"
-
-:: when we have support for security manager we use that
-:: -BjvmOptions=-Djava.security.manager ^
-:: -BjvmOptions=-Djava.security.debug=failure ^
-:: -BjvmOptions=-Djava.security.policy=file:bisq.policy ^
-
-:: -srcfiles "core/src/main/resources/bisq.policy" ^
-
--- a/package/windows/64bitBuild.bat
+++ b/package/windows/64bitBuild.bat
@ -21,14 +21,5 @@ call "%JAVA_HOME%\bin\javapackager.exe" -deploy ^
 -outdir %outdir% ^
 -appclass bisq.desktop.app.BisqAppMain ^
 -srcfiles %outdir%\Bisq.jar ^
-srcfiles %outdir%\bcpg-jdk15on-1.56.jar ^
-srcfiles %outdir%\bcprov-jdk15on-1.56.jar ^
 -outfile Bisq ^
 -Bruntime="%JAVA_HOME%\jre"
-
-:: when we have support for security manager we use that
-:: -BjvmOptions=-Djava.security.manager ^
-:: -BjvmOptions=-Djava.security.debug=failure ^
-:: -BjvmOptions=-Djava.security.policy=file:bisq.policy ^
-
-:: -srcfiles "core/src/main/resources/bisq.policy" ^