wine-build: clarify to use docker for reproducible builds. move parts of readme.

7 years ago · db834800c0
2 changed files with 51 additions and 47 deletions
--- a/contrib/build-wine/README.md
+++ b/contrib/build-wine/README.md
@ -2,7 +2,8 @@ Windows Binary Builds
 =====================

 These scripts can be used for cross-compilation of Windows Electrum executables from Linux/Wine.
-Produced binaries are deterministic, so you should be able to generate binaries that match the official releases. 
+
+For reproducible builds, see the `docker` folder.


 Usage:
@ -34,49 +35,3 @@ The binaries are also built by Travis CI, so if you are having problems,
 2. Make sure `/opt` is writable by the current user.
 3. Run `build.sh`.
 4. The generated binaries are in `./dist`.
-
-
-Code Signing
-============
-
-Electrum Windows builds are signed with a Microsoft Authenticode™ code signing
-certificate in addition to the GPG-based signatures.
-
-The advantage of using Authenticode is that Electrum users won't receive a 
-Windows SmartScreen warning when starting it.
-
-The release signing procedure involves a signer (the holder of the
-certificate/key) and one or multiple trusted verifiers:
-
-
-| Signer                                                    | Verifier                          |
-|-----------------------------------------------------------|-----------------------------------|
-| Build .exe files using `build.sh`                         |                                   |
-| Sign .exe with `./sign.sh`                                |                                   |
-| Upload signed files to download server                    |                                   |
-|                                                           | Build .exe files using `build.sh` |
-|                                                           | Compare files using `unsign.sh`   |
-|                                                           | Sign .exe file using `gpg -b`     |
-
-| Signer and verifiers:
-| Upload signatures to 'electrum-signatures' repo, as `$version/$filename.$builder.asc`         |
-
-
-
-
-Verify Integrity of signed binary
-=================================
-
-Every user can verify that the official binary was created from the source code in this 
-repository. To do so, the Authenticode signature needs to be stripped since the signature
-is not reproducible.
-
-This procedure removes the differences between the signed and unsigned binary:
-
-1. Remove the signature from the signed binary using osslsigncode or signtool.
-2. Set the COFF image checksum for the signed binary to 0x0. This is necessary
-   because pyinstaller doesn't generate a checksum.
-3. Append null bytes to the _unsigned_ binary until the byte count is a multiple
-   of 8.
-
-The script `unsign.sh` performs these steps.
--- a/contrib/build-wine/docker/README.md
+++ b/contrib/build-wine/docker/README.md
@ -1,6 +1,9 @@
 Deterministic Windows binaries with Docker
 ==========================================

+Produced binaries are deterministic, so you should be able to generate
+binaries that match the official releases.
+
 This assumes an Ubuntu host, but it should not be too hard to adapt to another
 similar system. The docker commands should be executed in the project's root
 folder.
@ -39,3 +42,49 @@ folder.


 Note: the `setup` binary (NSIS installer) is not deterministic yet.
+
+
+Code Signing
+============
+
+Electrum Windows builds are signed with a Microsoft Authenticode™ code signing
+certificate in addition to the GPG-based signatures.
+
+The advantage of using Authenticode is that Electrum users won't receive a 
+Windows SmartScreen warning when starting it.
+
+The release signing procedure involves a signer (the holder of the
+certificate/key) and one or multiple trusted verifiers:
+
+
+| Signer                                                    | Verifier                          |
+|-----------------------------------------------------------|-----------------------------------|
+| Build .exe files using `build.sh`                         |                                   |
+| Sign .exe with `./sign.sh`                                |                                   |
+| Upload signed files to download server                    |                                   |
+|                                                           | Build .exe files using `build.sh` |
+|                                                           | Compare files using `unsign.sh`   |
+|                                                           | Sign .exe file using `gpg -b`     |
+
+| Signer and verifiers:                                                                         |
+|-----------------------------------------------------------------------------------------------|
+| Upload signatures to 'electrum-signatures' repo, as `$version/$filename.$builder.asc`         |
+
+
+
+Verify Integrity of signed binary
+=================================
+
+Every user can verify that the official binary was created from the source code in this 
+repository. To do so, the Authenticode signature needs to be stripped since the signature
+is not reproducible.
+
+This procedure removes the differences between the signed and unsigned binary:
+
+1. Remove the signature from the signed binary using osslsigncode or signtool.
+2. Set the COFF image checksum for the signed binary to 0x0. This is necessary
+   because pyinstaller doesn't generate a checksum.
+3. Append null bytes to the _unsigned_ binary until the byte count is a multiple
+   of 8.
+
+The script `unsign.sh` performs these steps.