[Passed] Proposal for creation of macosx builds

ChrisS 2016-05-13 02:56:53 UTC #41

Likewise.

backpacker 2016-05-13 08:08:23 UTC #43

it is not possible to produce exactly same dmg file, because it contains timestamps of bundled files, generated from source and copied from frameworks and libraries.

what i meant by my comment is that user can confirm that nobody replaced my file, after I compiled it.

sigmike 2016-05-13 08:11:52 UTC #45

Yes sorry I figured that out after I posted that’s why I deleted my post. But other people seems to assume they can ask someone to verify your builds, which is not possible. That’s what I meant:

If the build is not deterministic it’s not possible to verify it. If you want the builds to be verifiable you must first allow others to produce the exact same build from the same source code. It may be just a how-to or something. The bitcoin documentation may give some good hints to achieve that, but we do not use the same build system yet so I’m not
sure: https://github.com/bitcoin/bitcoin/blob/master/doc/README_osx.txt

backpacker 2016-05-13 08:13:54 UTC #46

the only verification I can think of is running the binary through logging gateway or capturing and analysing tcpdump from the machine.

sigmike 2016-05-13 08:18:21 UTC #47

That’s not reliable.

backpacker 2016-05-13 08:21:58 UTC #48

i agree, there’s no reliable way current builds, be it osx or linux or windows, can be verified to contain no tampering. and changes to make them verifiable are too complex.

sigmike 2016-05-13 08:33:28 UTC #49

Current Linux and Windows builds are deterministic (thanks to the gitian process inherited from bitcoin) so their hash can be compared and it’s a reliable way to verify they contain no tampering.

Sabreiib 2016-05-13 08:48:36 UTC #50

I’ve installed the Mac v4.0, it works smoothly.

backpacker 2016-05-13 08:50:28 UTC #51

you are right, gitian builds are verifiable being deterministic. Although I do wonder how long it would take to setup macosx build process of these components through gitian.

sigmike 2016-05-13 09:13:10 UTC #52

Probably quite some time. But Gitian is just a way to automatically build inside a VM. You can probably make a deterministic build by hand and write a guide for other people. But it would probably require some time too.

Anyway I just wanted shareholders to be aware the builds cannot be reliably verified if they are not deterministic.

masterOfDisaster 2016-05-13 09:16:42 UTC #53

How do other development teams tackle that?
Are there no deterministic builds for MacOS, which can be verified, at other cryptocurrencies?
How is https://bitcoin.org/bin/bitcoin-core-0.12.1/bitcoin-0.12.1-osx.dmg being made?
Or do others just not care?
Sorry for those maybe silly questions, I just wonder…

backpacker 2016-05-13 09:20:14 UTC #54

bitcoin has done the work to setup macosx builds through gitian, we have not yet.

masterOfDisaster 2016-05-13 09:24:14 UTC #55

Ah, ok!
So MacOSX builds can be done through gitian.
It’s good to know that, because this could be a road to follow.

@backpacker, can you imagine supporting the setup of such a build system?
That might be “a little bit” more costly than what you are currently offering, but I think it’s required, if Nu wants to produce high quality builds.
As both Nu and Blocks&Chains Exchange profit from that, the might share the costs.

Sentinelrv 2016-05-13 20:16:43 UTC #56

Is there a reason I’m not seeing this grant in NuExplorer so I can see the voting percentage? Is the explorer broken again?

http://blockexplorer.nu/votes

Nagalim 2016-05-13 20:23:08 UTC #57

https://alix.coinerella.com/panel/#
3.5%

masterOfDisaster 2016-05-13 20:26:28 UTC #58

The last block on http://blockexplorer.nu is from 3 days ago.

If you have access to your Nu daemon on your Linux computer you can track the status with:

nud getcustodianvotes | grep BACKPAcVxFXfRXCmUBFWZjcAw79ZyJAAUA -A 5
    "BACKPAcVxFXfRXCmUBFWZjcAw79ZyJAAUA" : {
        "400.00" : {
            "blocks" : 359,
            "block_percentage" : 3.59,
            "sharedays" : 610778420,
            "shareday_percentage" : 10.84650367

backpacker 2016-05-14 04:53:15 UTC #59

I’ll check this gitian business more closely on the weekend, i’ll have to free up some space on my notebook first, as it needs a lot more than what I’ve got. I’ll document the setup in case it differs from available instructions.

Sabreiib 2016-05-15 01:05:08 UTC #60

Why not release official MacOS version now?

backpacker 2016-05-15 16:02:43 UTC #61

@JordanLee trusted builds require different process, not trusted developers. just like @sigmike said, gitian is the answer to that.

Will @woodstockmerkle be producing deterministic builds, so his builds can be reliably verified like @sigmike mentioned? If so, then there will be no real redundancy when both of us are doing it, as process of producing sound builds requires more than one person running the process independently to verify the build before releasing.

Cybnate 2016-05-15 21:54:15 UTC #62

In that case I will add your proposal to my datafeed. Awaiting the answer…