Topic: Building Armory with Gitian (Read 940 times)

Sounds like it's possible then. I think it's probably best to do bitcoin Core first, seeing as those builds exist now for comparison. Thanks again everyone

The kernel version has absolutely no effect on the build output (as long as it supports LXC, which has been around for several years).


Both.... Bitcoin Core hasn't always used Gitian, but I was guessing (tbh) that it would be possible to find an older version that was using Gitian but wouldn't be easy to reproduce today.


I know he's discussed it in an issue on GH at least once as a desirable feature, but I've no idea if it's under serious consideration. (He is happy accepting pull requests, tho )

There's a possible issue, the best I can do is kernel 3.12, although I think there may be a version of something later in the repo for the spin of Xen setup I use. Does the kernel affect the build?


So new versions of Bitcoin Core are following some kind of Gitian guidelines, or just that the old builds weren't produced using gitian?


Perhaps that could be improved, tighter control of the source/updates for the build OS sounds desirable for the purpose, but this is pretty idle speculation tbh. No doubt devrandom has their priorities straight with regard to the development.

Yeah, it's all pretty confusing, even for those of us working on it. I've never touched LXC/KVM myself, although I wouldn't mind learning how to deploy them.

As for the process not being 100% deterministic, that is correct. Maybe we'll get there someday. For now, the knowledge base is pretty limited. There's devrandom, Cory/theuni, and perhaps a small handful of people who have figured out how to deploy Gitian for their projects. I'd love to dive deeper into the process and figure out how to make things better. Alas, there are only so many hours in a day.

The terminology gets confusing because I think you and I are use the word "guest" in different contexts.... but yes that all sounds right. The "guest" of the hypervisor can be anything that you can run Gitian on, including Debian, Gentoo, etc. If this guest machine is a Linux machine, the build machine which runs underneath it can be an LXC container (otherwise it needs to be an "inner" KVM or VirtualBox). If using LXC, these two machines share the same kernel.

The build machine's OS must be whatever the project says it is.


Perhaps you're right, it shouldn't, but it does. When you first run make-base-vm, it does the equivalent of an 'apt-get dist-upgrade' on the build (innermost) machine. Each time you run gbuild after that, a new clone of the base-vm is created (and not updated again) and used for that build.

Builds are reproducible, and multiple people, if they run make-base-vm within a reasonable amount of time of one another, will generally see the same results. However builds are not completely deterministic—if you try to build today a particularly old version of, say, Bitcoin-Qt, you may end up with a different result than is available for download. It's unfortunate, but it's just the way it currently is.

This is partly vmbuilder's fault, which creates VM images by downloading and installing (via debbootstrap) .deb files from the package archives (as opposed to say using .deb files from an ISO), and perhaps partly the fault of Canonical who doesn't guarantee that old versions of updated packages will always be available in the archives.

On the plus side, builds from newly created base-vms will pick up security fixes pushed out by Ubuntu.

My apologies, I misunderstood the LXC comments (i.e. I now know what an LXC is  ). I've got a clearer idea of how this can be done with my setup thanks to the guide you linked to, and I think I understand the rationale: as long as you've got a Linux guest running, the hypervisor doesn't matter if you can create a working LXC container for Ubuntu 14.04 using that guest.

I think this may be answering another question for me: it seems like the 14.04 container gitian uses shouldn't be getting package updates in order to preserve the build determinism, and the setup script for LXC suggests the same. Or package versions need to be specified by the group of builders whose builds you're attempting to replicate. Either way, likely a better way of working than using the VM directly. I'll clone my Wheezy template and try this out.

Perhaps you missed something above? You can use Wheezy as the Gitian host, you just need a workaround as mentioned above by josephbisch.

The instructions for building Bitcoin Core contain two very relevant sections:

• Setting up Debian for gitian building
• Installing gitian (includes the mentioned workaround)

After that, gitian handles downloading and creating the Ubuntu guest LXC, which runs fine on Wheezy.

All good informative responses, thanks everybody.

So I'm getting now that Gitian is all very new, even to those most accustomed to it (just Bitcoin Core devs?). I'm definitely interested in participating in some pre-testing type stuff, but it sounds like I may need to at least wait until I can get a 14.04 template for my host (apparently very imminent now they have Wheezy working. I can't say I'm sad to see the back of Fedora...)

It'd be great to get this working, right now everyone's relying possibly a little too much on just a few build machines to verify Armory builds. Even if this yields nothing more substantive than an extra margin of trust in the product, it'd be worth having.

The gitian-builder tools only support KVM, LXC, and maybe VirtualBox (apparently make-base-vm can't actually make VirtualBox VMs). I think Xen support is something that devrandom (https://github.com/devrandom) would know more about.

As for the Ubuntu choice, the gitian-builder tools only support Ubuntu VMs (at least right now). I don't think there is anything preventing Debian VM support other than the fact that no one seems to have tried it. But that would be something that has to be changed with gitian-builder (https://github.com/devrandom/gitian-builder) rather than Armory. I'm not sure what ATI would want to go with if there was a choice between Debian and Ubuntu.

You could try Xen -> Debian/Ubuntu host -> LXC guest

Thanks Joseph & Doug, I really should have mentioned I was referring only to the build OS.

I'm using Xen as a host, and according to the gitian documentation I found, only KVM and VirtualBox are known to work. Could this be a massive job to configure?

Also, Ubuntu is a strange choice for build machine, why something office/consumer focused and not Debian? (i.e. developer focused) Everything added to 14.04 that isn't present in it's Wheezy base is unnecessary, as well as a potential source of trouble. Why Ubuntu, there seems to be no compelling reason at all. Or is there something I'm glossing over?

What Joseph said. In theory, the base distro doesn't matter. In practice, there are odd quirks that can affect the outcome, tools that have to be ported/patched, etc. You may just have to run it and see what happens. If you uncover issues, devrandom (the Gitian developer) seems pretty responsive. Joseph uncovered a couple of bugs when he used Trusty as his target build environment. The bugs were fixed within a couple of days. In any event, the build OS does matter. Nobody should change it, otherwise I guarantee their results won't match ours.

If people want to experiment with Gitian, the dev branch has the initial set of commits that should allow you to create a deterministic Linux build. (Windows and OS X are being worked on but will have to wait a little while. Also, dev has the new DB changes and crashes consistently for me at the moment, so be careful. Back up your current DB before letting Armory build a new one.) I don't know yet if we're going to officially deploy Gitian for 0.94. We may let people play with it and confirm that everything's hunky dory before rolling out an official Gitian build process in 0.9X. That's what I'm envisioning, anyway. You know how it goes.

Hi, Doug (doug_armory) and I are the people working on Gitian builds.

There are two OSes: the base OS and the build OS that runs in a VM. The base OS hosts the build OS VM and the build OS VM is where the actual building of Armory takes place.

It is important that the OS of the VM be consistent so that everyone gets the same results from the build. In Armory's case that is Ubuntu 14.04. The OS of the VM is specified in the descriptor under suites.

So when you create the VM for Armory, you want to run something like:

It should be possible for the base OS to be any OS that has the prerequisite programs for gitian-builder. I personally use Debian Jessie. The only prerequisite not available from Debian is python-vm-builder, so I downloaded the .tar.gz from Ubuntu and installed it.

I know it's not finished yet, but I figured someone from ATI may know this: how essential is the OS to the process? I'm getting contradictory indications from reading up that it either doesn't matter/base Debian distro will do, or that everyone must use the same build of OS (Ubuntu 14.04?) to satisfy what Gitian needs to work?