History

SomberNight b5900eae98 contrib: reformat most shell scripts Mostly just indentations. For consistency, to conform to .editorconfig.		2 years ago
..
gpg_keys	build-wine: don't use gpg keyservers	6 years ago
Dockerfile	Revert "wine build: build win-iconv-mingw-w64-dev, instead of using debian sid"	2 years ago
README.md	win build: add instructions to investigate reproducibility failure	3 years ago
README_windows.md	README: add Windows- & macOS-specific "how to run from source" readmes	3 years ago
apt.preferences	Revert "wine build: build win-iconv-mingw-w64-dev, instead of using debian sid"	2 years ago
apt.sources.list	win build: use of debian unstable snapshots needs check-valid-until=no	2 years ago
build-electrum-git.sh	contrib: reformat most shell scripts	2 years ago
build.sh	win build: clear $CONTRIB_WINE/dist between builds	2 years ago
deterministic.spec	build win/mac: do not pass custom args to pyinstaller; use envvars	2 years ago
electrum.nsi	qt+android: add lightning URI support	4 years ago
make_win.sh	Revert "wine build: build win-iconv-mingw-w64-dev, instead of using debian sid"	2 years ago
prepare-wine.sh	win build: force using source dist for some of our python dependencies	2 years ago
sign.sh	contrib: reformat most shell scripts	2 years ago
unsign.sh	contrib: reformat most shell scripts	2 years ago

README.md

Windows binaries

✓ These binaries should be reproducible, meaning you should be able to generate binaries that match the official releases.

This assumes an Ubuntu (x86_64) host, but it should not be too hard to adapt to another similar system.

Install Docker

See contrib/docker_notes.md.

Note: older versions of Docker might not work well (see #6971). If having problems, try to upgrade to at least docker 20.10.

Build Windows binaries

$ ./build.sh

If you want reproducibility, try instead e.g.:

$ ELECBUILD_COMMIT=HEAD ELECBUILD_NOCACHE=1 ./build.sh

The generated binaries are in ./contrib/build-wine/dist.

Code Signing

Electrum Windows builds are signed with a Microsoft Authenticode™ code signing certificate in addition to the GPG-based signatures.

The advantage of using Authenticode is that Electrum users won't receive a Windows SmartScreen warning when starting it.

The release signing procedure involves a signer (the holder of the certificate/key) and one or multiple trusted verifiers:

Signer	Verifier
Build .exe files using `make_win.sh`
Sign .exe with `./sign.sh`
Upload signed files to download server
	Build .exe files using `make_win.sh`
	Compare files using `unsign.sh`
	Sign .exe file using `gpg -b`

Signer and verifiers:
Upload signatures to 'electrum-signatures' repo, as `$version/$filename.$builder.asc`

Verify Integrity of signed binary

Every user can verify that the official binary was created from the source code in this repository. To do so, the Authenticode signature needs to be stripped since the signature is not reproducible.

This procedure removes the differences between the signed and unsigned binary:

Remove the signature from the signed binary using osslsigncode or signtool.
Set the COFF image checksum for the signed binary to 0x0. This is necessary because pyinstaller doesn't generate a checksum.
Append null bytes to the unsigned binary until the byte count is a multiple of 8.

The script unsign.sh performs these steps.

FAQ

How to investigate diff between binaries if reproducibility fails?

pyi-archive_viewer is needed, for that run $ pip install pyinstaller. As a first pass overview, run:

pyi-archive_viewer -l electrum-*.exe1 > f1
pyi-archive_viewer -l electrum-*.exe2 > f2
diff f1 f2 > d
cat d

Then investigate manually:

$ pyi-archive_viewer electrum-*.exe1
? help