If there is a collision between a branch name and a commit hash, git
will choose the branch, even if the full 40-hex-long commit hash is
given. GitHub disallows branches/tags with such a name but git itself
does not. By adding the `^{commit}` syntax sugar after a ref name,
we can tell git that we want the commit hash to be preferred,
and hence we don't need to trust GitHub (only git).
see https://security.stackexchange.com/questions/225411/
the one in apt refused to install certain package versions (that were pinned by hash!!)
and installed different versions instead... e.g.:
Collecting wheel==0.34.2 (from -r /opt/electrum/contrib/build-linux/sdist/../../../contrib/deterministic-build/requirements.txt (line 112))
Downloading 521c6dc7feb90b06dc1d0b805b51ae/wheel-0.34.2.tar.gz (58kB)
100% |████████████████████████████████| 61kB 3.8MB/s
Requested wheel==0.34.2 from 521c6dc7feb90b06dc1d0b805b51ae/wheel-0.34.2.tar.gz#sha256=8788e9155fe14f54164c1b9eb0a319d98ef02c160725587ad60f14ddc57b6f96 (from -r /opt/electrum/contrib/build-linux/sdist/../../../contrib/deterministic-build/requirements.txt (line 112)), but installing version 0.30.0
All (incl indirect) dependencies are already listed in deterministic-build/requirements*.txt.
This option makes it easier to manually rm a dependency from that list for e.g. testing.
Slightly reduces file size, improves build speed and makes build more
reproducible.
The .comment section contained GCC version information which could cause
different build output from just a minor update in GCC. The information is not
needed so we strip this.
The strip command was invoked using xargs, spawning a new process for each file.
This is inefficient as xargs can correctly run the strip command with multiple
file names.
-----
taken from 43aaf9572f
On Ubuntu host, build succeeded; but e.g. on Manjaro host, it failed with:
```
./build.sh: line 233: /opt/electrum/contrib/build-linux/appimage/../../../contrib/build-linux/appimage/.cache/appimage/appimagetool: No such file or directory
```
This slightly increases the AppImage size but allows us to be more
compatible with older distributions.
-----
taken from Electron-Cash/Electron-Cash@96644acd6fd66f866a86613974bb68bb99f00d8c
It warns about scripts being installed in a location that is not on the
path, but that is inconsequential as they are not used.
-----
taken from Electron-Cash/Electron-Cash@9a29017c5d8906bb04f7e188bf483b0d3ff698f4
When building in docker on macOS, python builds with .exe extension
because the case insensitive file system of macOS leaks into docker.
This causes the build to result in a different output on macOS compared
to Linux. We simply patch sysconfigdata to remove the extension.
Some more info: https://bugs.python.org/issue27631
SomberNight
Jin Eguchi
ThomasV
Axel Gembe