From 3bae7dfd903f86f8637ea185adca2a24d520205b Mon Sep 17 00:00:00 2001
From: SomberNight <somber.night@protonmail.com>
Date: Wed, 6 Apr 2022 17:49:57 +0200
Subject: [PATCH] mac build: git clone pyinstaller to allow using custom
 commits

This allows more freedom than using releases from PyPI.
(atm there is no released version that fixes https://github.com/pyinstaller/pyinstaller/pull/6701 )
Also, we now build the pyinstaller bootloader, just like in the windows build:
one fewer binary blob to trust.
---
 .../requirements-build-mac.txt                |  8 ++--
 contrib/osx/make_osx                          | 43 +++++++++++++++++--
 .../requirements/requirements-build-mac.txt   | 11 ++---
 3 files changed, 47 insertions(+), 15 deletions(-)

diff --git a/contrib/deterministic-build/requirements-build-mac.txt b/contrib/deterministic-build/requirements-build-mac.txt
index c30f8451b..d328b88b7 100644
--- a/contrib/deterministic-build/requirements-build-mac.txt
+++ b/contrib/deterministic-build/requirements-build-mac.txt
@@ -44,14 +44,12 @@ macholib==1.16 \
 pip==22.0.4 \
     --hash=sha256:b3a9de2c6ef801e9247d1527a4b16f92f2cc141cd1489f3fffaf6a9e96729764 \
     --hash=sha256:c6aca0f2f081363f689f041d90dab2a07a9a07fb840284db2218117a52da800b
-pyinstaller==4.2 \
-    --hash=sha256:f5c0eeb2aa663cce9a5404292c0195011fa500a6501c873a466b2e8cad3c950c
 pyinstaller-hooks-contrib==2022.3 \
     --hash=sha256:9765e68552803327d58f6c5eca970bb245b7cdf073e2f912a2a3cb50360bc2d8 \
     --hash=sha256:9fa4ca03d058cba676c3cc16005076ce6a529f144c08b87c69998625fbd84e0a
-setuptools==49.6.0 \
-    --hash=sha256:46bd862894ed22c2edff033c758c2dc026324788d758e96788e8f7c11f4e9707 \
-    --hash=sha256:4dd5bb0a0a0cff77b46ca5dd3a84857ee48c83e8223886b556613c724994073f
+setuptools==61.3.1 \
+    --hash=sha256:41aface2e85b517c3a466b4689b8055c02cd2e623461f09af7d93f3da65c4709 \
+    --hash=sha256:88fafba4abc2f047e08a188fd4bbc10b0e464592c37b514c19f8f8f88d94450b
 wheel==0.37.1 \
     --hash=sha256:4bdcd7d840138086126cd09254dc6195fb4fc6f01c050a1d7236f2630db1d22a \
     --hash=sha256:e9a504e793efbca1b8e0e9cb979a249cf4a0a7b5b8c9e8b65a5e39d49529c1c4
diff --git a/contrib/osx/make_osx b/contrib/osx/make_osx
index c85904c5d..3d7e02ca3 100755
--- a/contrib/osx/make_osx
+++ b/contrib/osx/make_osx
@@ -100,6 +100,46 @@ python3 -m pip install --no-build-isolation --no-dependencies --no-warn-script-l
     -Ir ./contrib/deterministic-build/requirements-build-mac.txt \
     || fail "Could not install build dependencies (mac)"
 
+info "Installing some build-time deps for compilation..."
+brew install autoconf automake libtool gettext coreutils pkgconfig
+
+info "Building PyInstaller."
+PYINSTALLER_REPO="https://github.com/pyinstaller/pyinstaller.git"
+PYINSTALLER_COMMIT="40c9abce2d8de879e414fd377c933dccaab1e156"
+# ^ tag "4.2"
+# TODO test newer versions of pyinstaller for build-reproducibility.
+#      we are using this version for now due to change in code-signing behaviour
+#      (https://github.com/pyinstaller/pyinstaller/pull/5581)
+(
+    if [ -f "$CACHEDIR/pyinstaller/PyInstaller/bootloader/Darwin-64bit/runw" ]; then
+        info "pyinstaller already built, skipping"
+        exit 0
+    fi
+    cd "$PROJECT_ROOT"
+    ELECTRUM_COMMIT_HASH=$(git rev-parse HEAD)
+    cd "$CACHEDIR"
+    rm -rf pyinstaller
+    mkdir pyinstaller
+    cd pyinstaller
+    # Shallow clone
+    git init
+    git remote add origin $PYINSTALLER_REPO
+    git fetch --depth 1 origin $PYINSTALLER_COMMIT
+    git checkout -b pinned "${PYINSTALLER_COMMIT}^{commit}"
+    rm -fv PyInstaller/bootloader/Darwin-*/run* || true
+    # add reproducible randomness. this ensures we build a different bootloader for each commit.
+    # if we built the same one for all releases, that might also get anti-virus false positives
+    echo "const char *electrum_tag = \"tagged by Electrum@$ELECTRUM_COMMIT_HASH\";" >> ./bootloader/src/pyi_main.c
+    pushd bootloader
+    # compile bootloader
+    python3 ./waf all CFLAGS="-static"
+    popd
+    # sanity check bootloader is there:
+    [[ -e "PyInstaller/bootloader/Darwin-64bit/runw" ]] || fail "Could not find runw in target dir!"
+) || fail "PyInstaller build failed"
+info "Installing PyInstaller."
+python3 -m pip install --no-build-isolation --no-dependencies --no-warn-script-location "$CACHEDIR/pyinstaller"
+
 info "Using these versions for building $PACKAGE:"
 sw_vers
 python3 --version
@@ -130,9 +170,6 @@ info "generating locale"
 ) || fail "failed generating locale"
 
 
-info "Installing some build-time deps for compilation..."
-brew install autoconf automake libtool gettext coreutils pkgconfig
-
 if [ ! -f "$PROJECT_ROOT"/electrum/libsecp256k1.0.dylib ]; then
     info "Building libsecp256k1 dylib..."
     "$CONTRIB"/make_libsecp256k1.sh || fail "Could not build libsecp"
diff --git a/contrib/requirements/requirements-build-mac.txt b/contrib/requirements/requirements-build-mac.txt
index fbdf6ab0a..5d7135ae5 100644
--- a/contrib/requirements/requirements-build-mac.txt
+++ b/contrib/requirements/requirements-build-mac.txt
@@ -1,14 +1,11 @@
 pip
-setuptools<50.0.0   # 50.0.0 might break pyinstaller. see https://github.com/pyinstaller/pyinstaller/commit/e9f9d79d6b23c767512156323d0a5d28c6386a57
+setuptools
 wheel
 
-# TODO test newer versions of pyinstaller for build-reproducibility.
-#      upper bound is there due to change in code-signing behaviour
-#      (https://github.com/pyinstaller/pyinstaller/pull/5581)
-pyinstaller>=3.6,<4.3
-
 # needed by pyinstaller:
-macholib
+macholib>=1.8
+altgraph
+pyinstaller-hooks-contrib>=2020.6
 
 # Note: hidapi requires Cython at build-time (not needed at runtime).
 # For reproducible builds, the version of Cython must be pinned down.