Jeremy Spilman [ARCHIVE] on Nostr: 📅 Original date posted:2014-01-01 📝 Original message:So I looked into gitian, ...
📅 Original date posted:2014-01-01
📝 Original message:So I looked into gitian, the first thing I noticed was the hashes that
people were signing, for example:
https://github.com/bitcoin/gitian.sigs/blob/master/0.8.6-win32/gavinandresen/bitcoin-build.assert
don't match the hash of the file 'bitcoin-0.8.6-win32-setup.exe' actually
hosted by sourceforce. That was a bit alarming at first, but I talked to
BlueMatt and maaku on IRC and the difference is due to Gavin Authenticode
signing the executable for windows.
BlueMatt asked if someone could implement in gitian-downloader a way to
strip off the signature so that we could get back to the raw binary with a
hash that matches what everyone is producing from gitian. I found:
http://blog.didierstevens.com/programs/disitool/
which is a Python script which can strip the signature nicely, but the
hashes still don't match.
I couldn't find a gitian build of 0.8.6 so I built my own, and after
verifying the hash for v0.8.6 was '49547ff9...' as expected I looked at
the hex diff between that and the sig-stripped .exe from sourceforge, and
the only two differences are:
- At offset D8 the stripped file has '5D E2 B2' versus 'F9 F4 00' in the
gitian build
- The sig-stripped file has an extra byte '00' at the end
I started to look at the file spec for windows PE files and quickly
thought better of it. Maybe someone better informed can chime in on what
those three bytes at offset D8 specify.
I'm not sure if we want to patch the signature onto the gitian build, or
strip the signature off of the Gavin-signed build, but something of the
sort is necessary if you want get gitian-downloader to match the official
distro (for Windows at least).
In any case, I think wallet users want to know when an upgrade is
available, and ability to click an 'update' button get a binary they can
trust. It's not a problem unique to bitcoind, deterministic builds are
awesome, but I don't think fully solve it.
Thanks,
Jeremy
On Tue, 31 Dec 2013 13:33:54 -0800, Matt Corallo
<bitcoin-list at bluematt.me> wrote:
> We already have a wonderful system for secure updating -
> gitian-downloader. We just neither use it >not bother making actual
> gitian releases so anyone can use it to verify signatures of downloads.
📝 Original message:So I looked into gitian, the first thing I noticed was the hashes that
people were signing, for example:
https://github.com/bitcoin/gitian.sigs/blob/master/0.8.6-win32/gavinandresen/bitcoin-build.assert
don't match the hash of the file 'bitcoin-0.8.6-win32-setup.exe' actually
hosted by sourceforce. That was a bit alarming at first, but I talked to
BlueMatt and maaku on IRC and the difference is due to Gavin Authenticode
signing the executable for windows.
BlueMatt asked if someone could implement in gitian-downloader a way to
strip off the signature so that we could get back to the raw binary with a
hash that matches what everyone is producing from gitian. I found:
http://blog.didierstevens.com/programs/disitool/
which is a Python script which can strip the signature nicely, but the
hashes still don't match.
I couldn't find a gitian build of 0.8.6 so I built my own, and after
verifying the hash for v0.8.6 was '49547ff9...' as expected I looked at
the hex diff between that and the sig-stripped .exe from sourceforge, and
the only two differences are:
- At offset D8 the stripped file has '5D E2 B2' versus 'F9 F4 00' in the
gitian build
- The sig-stripped file has an extra byte '00' at the end
I started to look at the file spec for windows PE files and quickly
thought better of it. Maybe someone better informed can chime in on what
those three bytes at offset D8 specify.
I'm not sure if we want to patch the signature onto the gitian build, or
strip the signature off of the Gavin-signed build, but something of the
sort is necessary if you want get gitian-downloader to match the official
distro (for Windows at least).
In any case, I think wallet users want to know when an upgrade is
available, and ability to click an 'update' button get a binary they can
trust. It's not a problem unique to bitcoind, deterministic builds are
awesome, but I don't think fully solve it.
Thanks,
Jeremy
On Tue, 31 Dec 2013 13:33:54 -0800, Matt Corallo
<bitcoin-list at bluematt.me> wrote:
> We already have a wonderful system for secure updating -
> gitian-downloader. We just neither use it >not bother making actual
> gitian releases so anyone can use it to verify signatures of downloads.