[Passed] Proposal for creation of macosx builds

Likewise.

it is not possible to produce exactly same dmg file, because it contains timestamps of bundled files, generated from source and copied from frameworks and libraries.

what i meant by my comment is that user can confirm that nobody replaced my file, after I compiled it.

Yes sorry I figured that out after I posted that’s why I deleted my post. But other people seems to assume they can ask someone to verify your builds, which is not possible. That’s what I meant:

If the build is not deterministic it’s not possible to verify it. If you want the builds to be verifiable you must first allow others to produce the exact same build from the same source code. It may be just a how-to or something. The bitcoin documentation may give some good hints to achieve that, but we do not use the same build system yet so I’m not
sure: https://github.com/bitcoin/bitcoin/blob/master/doc/README_osx.txt

the only verification I can think of is running the binary through logging gateway or capturing and analysing tcpdump from the machine.

That’s not reliable.

i agree, there’s no reliable way current builds, be it osx or linux or windows, can be verified to contain no tampering. and changes to make them verifiable are too complex.

Current Linux and Windows builds are deterministic (thanks to the gitian process inherited from bitcoin) so their hash can be compared and it’s a reliable way to verify they contain no tampering.

I’ve installed the Mac v4.0, it works smoothly.

you are right, gitian builds are verifiable being deterministic. Although I do wonder how long it would take to setup macosx build process of these components through gitian.

Probably quite some time. But Gitian is just a way to automatically build inside a VM. You can probably make a deterministic build by hand and write a guide for other people. But it would probably require some time too.

Anyway I just wanted shareholders to be aware the builds cannot be reliably verified if they are not deterministic.

2 Likes

How do other development teams tackle that?
Are there no deterministic builds for MacOS, which can be verified, at other cryptocurrencies?
How is https://bitcoin.org/bin/bitcoin-core-0.12.1/bitcoin-0.12.1-osx.dmg being made?
Or do others just not care?
Sorry for those maybe silly questions, I just wonder…

bitcoin has done the work to setup macosx builds through gitian, we have not yet.

Ah, ok!
So MacOSX builds can be done through gitian.
It’s good to know that, because this could be a road to follow.

@backpacker, can you imagine supporting the setup of such a build system?
That might be “a little bit” more costly than what you are currently offering, but I think it’s required, if Nu wants to produce high quality builds.
As both Nu and Blocks&Chains Exchange profit from that, the might share the costs.

Is there a reason I’m not seeing this grant in NuExplorer so I can see the voting percentage? Is the explorer broken again?

http://blockexplorer.nu/votes

https://alix.coinerella.com/panel/#
3.5%

The last block on http://blockexplorer.nu is from 3 days ago.

If you have access to your Nu daemon on your Linux computer you can track the status with:

nud getcustodianvotes | grep BACKPAcVxFXfRXCmUBFWZjcAw79ZyJAAUA -A 5
    "BACKPAcVxFXfRXCmUBFWZjcAw79ZyJAAUA" : {
        "400.00" : {
            "blocks" : 359,
            "block_percentage" : 3.59,
            "sharedays" : 610778420,
            "shareday_percentage" : 10.84650367

I’ll check this gitian business more closely on the weekend, i’ll have to free up some space on my notebook first, as it needs a lot more than what I’ve got. I’ll document the setup in case it differs from available instructions.

2 Likes

Why not release official MacOS version now?

@JordanLee trusted builds require different process, not trusted developers. just like @sigmike said, gitian is the answer to that.

Will @woodstockmerkle be producing deterministic builds, so his builds can be reliably verified like @sigmike mentioned? If so, then there will be no real redundancy when both of us are doing it, as process of producing sound builds requires more than one person running the process independently to verify the build before releasing.

2 Likes

In that case I will add your proposal to my datafeed. Awaiting the answer…