| .. | ||
| build-electrum-git.sh | ||
| build-secp256k1.sh | ||
| build.sh | ||
| deterministic.spec | ||
| electrum.nsi | ||
| prepare-wine.sh | ||
| README.md | ||
| sign.sh | ||
Windows Binary Builds
These scripts can be used for cross-compilation of Windows Electrum executables from Linux/Wine. Produced binaries are deterministic, so you should be able to generate binaries that match the official releases.
Usage:
- Install the following dependencies:
- dirmngr
- gpg
- 7Zip
- Wine (>= v2)
- (and, for building libsecp256k1)
- mingw-w64
- autotools-dev
- autoconf
- libtool
For example:
$ sudo apt-get install wine-development dirmngr gnupg2 p7zip-full
$ sudo apt-get install mingw-w64 autotools-dev autoconf libtool
The binaries are also built by Travis CI, so if you are having problems, that script might help.
- Make sure
/optis writable by the current user. - Run
build.sh. - The generated binaries are in
./dist.
Code Signing
Electrum Windows builds are signed with a Microsoft Authenticode™ code signing certificate in addition to the GPG-based signatures.
The advantage of using Authenticode is that Electrum users won't receive a Windows SmartScreen warning when starting it.
The release signing procedure involves a signer (the holder of the certificate/key) and one or multiple trusted verifiers:
| Signer | Verifier |
|---|---|
Build .exe files using build.sh |
|
Build .exe files using build.sh |
|
Sign .exe files using gpg -b |
|
| Send signatures to signer | |
Place signatures as $filename.$builder.asc in ./dist |
|
Run ./sign.sh |
sign.sh will check if the signatures match the signer's files. This ensures that the signer's
build environment is not compromised and that the binaries can be reproduced by anyone.