Merge pull request #3622
c13a13e
gitian: add -D flag to ar for deterministic output for linux deps (Wladimir J. van der Laan)1552145
gitian: Sort generated source distribution archive (Wladimir J. van der Laan)aabcd11
gitian: Make linux boost dependency completely deterministic (Wladimir J. van der Laan)aa93485
gitian: Make linux build of OpenSSL deterministic (Wladimir J. van der Laan)
This commit is contained in:
commit
d5fa3eff03
@ -19,12 +19,16 @@ files:
|
||||
- "boost_1_55_0.tar.bz2"
|
||||
script: |
|
||||
STAGING="$HOME/install"
|
||||
TEMPDIR="$HOME/tmp"
|
||||
export LIBRARY_PATH="$STAGING/lib"
|
||||
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
|
||||
export FAKETIME=$REFERENCE_DATETIME
|
||||
export TZ=UTC
|
||||
# Input Integrity Check
|
||||
echo "fff00023dd79486d444c8e29922f4072e1d451fc5a4d2b6075852ead7f2b7b52 boost_1_55_0.tar.bz2" | shasum -c
|
||||
|
||||
mkdir -p "$STAGING"
|
||||
tar xjf boost_1_55_0.tar.bz2
|
||||
tar --warning=no-timestamp -xjf boost_1_55_0.tar.bz2
|
||||
cd boost_1_55_0
|
||||
GCCVERSION=$(g++ -E -dM $(mktemp --suffix=.h) | grep __VERSION__ | cut -d ' ' -f 3 | cut -d '"' -f 2)
|
||||
# note: bjam with -d+2 reveals that -O3 is implied by default, no need to provide it in cxxflags
|
||||
@ -35,9 +39,16 @@ script: |
|
||||
|
||||
./bootstrap.sh --without-icu
|
||||
|
||||
./bjam toolset=gcc threadapi=pthread threading=multi variant=release link=static runtime-link=shared --user-config=user-config.jam --without-mpi --without-python -sNO_BZIP2=1 --layout=tagged --build-type=complete --prefix="$STAGING" $MAKEOPTS install
|
||||
./bjam toolset=gcc threadapi=pthread threading=multi variant=release link=static runtime-link=shared --user-config=user-config.jam --without-mpi --without-python -sNO_BZIP2=1 --layout=tagged --build-type=complete --prefix="$STAGING" $MAKEOPTS -d+2 install
|
||||
|
||||
# post-process all generated libraries to be deterministic
|
||||
# extract them to a temporary directory then re-build them deterministically
|
||||
for LIB in $(find $STAGING -name \*.a); do
|
||||
rm -rf $TEMPDIR && mkdir $TEMPDIR && cd $TEMPDIR
|
||||
ar xv $LIB | cut -b5- > /tmp/list.txt
|
||||
rm $LIB
|
||||
ar crsD $LIB $(cat /tmp/list.txt)
|
||||
done
|
||||
#
|
||||
cd "$STAGING"
|
||||
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
|
||||
export FAKETIME=$REFERENCE_DATETIME
|
||||
zip -r $OUTDIR/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip *
|
||||
find | sort | zip -X@ $OUTDIR/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
|
||||
|
@ -23,7 +23,11 @@ files:
|
||||
- "db-4.8.30.NC.tar.gz"
|
||||
script: |
|
||||
STAGING="$HOME/install"
|
||||
TEMPDIR="$HOME/tmp"
|
||||
OPTFLAGS='-O2'
|
||||
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
|
||||
export FAKETIME=$REFERENCE_DATETIME
|
||||
export TZ=UTC
|
||||
export LIBRARY_PATH="$STAGING/lib"
|
||||
# Integrity Check
|
||||
echo "f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz" | sha256sum -c
|
||||
@ -37,6 +41,7 @@ script: |
|
||||
cd openssl-1.0.1e
|
||||
# need -fPIC to avoid relocation error in 64 bit builds
|
||||
./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC
|
||||
# need to build OpenSSL with faketime because a timestamp is embedded into cversion.o
|
||||
make
|
||||
make install_sw
|
||||
cd ..
|
||||
@ -48,18 +53,26 @@ script: |
|
||||
rm -f $STAGING/lib/libminiupnpc.so* # no way to skip shared lib build
|
||||
cd ..
|
||||
#
|
||||
tar xjfm qrencode-3.4.3.tar.bz2
|
||||
tar xjf qrencode-3.4.3.tar.bz2
|
||||
cd qrencode-3.4.3
|
||||
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
|
||||
# need --with-pic to avoid relocation error in 64 bit builds
|
||||
./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-maintainer-mode --disable-dependency-tracking
|
||||
./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-dependency-tracking
|
||||
# Workaround to prevent re-configuring by make; make all files have a date in the past
|
||||
find . -print0 | xargs -r0 touch -t 200001010000
|
||||
export FAKETIME=$REFERENCE_DATETIME
|
||||
make $MAKEOPTS install
|
||||
cd ..
|
||||
#
|
||||
tar xjfm protobuf-2.5.0.tar.bz2
|
||||
tar xjf protobuf-2.5.0.tar.bz2
|
||||
cd protobuf-2.5.0
|
||||
mkdir -p $STAGING/host/bin
|
||||
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
|
||||
# need --with-pic to avoid relocation error in 64 bit builds
|
||||
./configure --prefix=$STAGING --bindir=$STAGING/host/bin --enable-static --disable-shared --with-pic
|
||||
./configure --prefix=$STAGING --bindir=$STAGING/host/bin --enable-static --disable-shared --with-pic --without-zlib
|
||||
# Workaround to prevent re-configuring by make; make all files have a date in the past
|
||||
find . -print0 | xargs -r0 touch -t 200001010000
|
||||
export FAKETIME=$REFERENCE_DATETIME
|
||||
make $MAKEOPTS install
|
||||
cd ..
|
||||
#
|
||||
@ -67,9 +80,19 @@ script: |
|
||||
cd db-4.8.30.NC/build_unix
|
||||
# need --with-pic to avoid relocation error in 64 bit builds
|
||||
../dist/configure --prefix=$STAGING --enable-cxx --disable-shared --with-pic
|
||||
# Workaround to prevent re-configuring by make; make all files have a date in the past
|
||||
find . -print0 | xargs -r0 touch -t 200001010000
|
||||
make $MAKEOPTS library_build
|
||||
make install_lib install_include
|
||||
cd ../..
|
||||
# post-process all generated libraries to be deterministic
|
||||
# extract them to a temporary directory then re-build them deterministically
|
||||
for LIB in $(find $STAGING -name \*.a); do
|
||||
rm -rf $TEMPDIR && mkdir $TEMPDIR && cd $TEMPDIR
|
||||
ar xv $LIB | cut -b5- > /tmp/list.txt
|
||||
rm $LIB
|
||||
ar crsD $LIB $(cat /tmp/list.txt)
|
||||
done
|
||||
#
|
||||
cd $STAGING
|
||||
zip -r $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip include lib bin host
|
||||
find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip
|
||||
|
@ -21,33 +21,40 @@ remotes:
|
||||
- "url": "https://github.com/bitcoin/bitcoin.git"
|
||||
"dir": "bitcoin"
|
||||
files:
|
||||
- "bitcoin-deps-linux32-gitian-r2.zip"
|
||||
- "bitcoin-deps-linux64-gitian-r2.zip"
|
||||
- "bitcoin-deps-linux32-gitian-r3.zip"
|
||||
- "bitcoin-deps-linux64-gitian-r3.zip"
|
||||
- "boost-linux32-1.55.0-gitian-r1.zip"
|
||||
- "boost-linux64-1.55.0-gitian-r1.zip"
|
||||
script: |
|
||||
STAGING="$HOME/install"
|
||||
OPTFLAGS='-O2'
|
||||
BINDIR="${OUTDIR}/bin/${GBUILD_BITS}" # 32/64 bit build specific output directory
|
||||
TEMPDIR="$HOME/tempdir"
|
||||
export TZ=UTC
|
||||
export LIBRARY_PATH="$STAGING/lib"
|
||||
mkdir -p ${BINDIR}
|
||||
#
|
||||
mkdir -p $STAGING
|
||||
cd $STAGING
|
||||
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip
|
||||
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip
|
||||
unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
|
||||
cd ../build
|
||||
#
|
||||
cd bitcoin
|
||||
export TAR_OPTIONS=--mtime=`echo $REFERENCE_DATETIME | awk '{ print $1 }'`
|
||||
./autogen.sh
|
||||
./configure --prefix=$STAGING --bindir=$BINDIR --with-protoc-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --disable-dependency-tracking PKG_CONFIG_PATH="$STAGING/lib/pkgconfig" CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}" BOOST_CHRONO_EXTRALIBS="-lrt"
|
||||
make dist
|
||||
DISTNAME=`echo bitcoin-*.tar.gz`
|
||||
mkdir -p distsrc
|
||||
cd distsrc
|
||||
tar --strip-components=1 -xf ../bitcoin-*.tar.*
|
||||
tar --strip-components=1 -xf ../$DISTNAME
|
||||
./configure --prefix=$STAGING --bindir=$BINDIR --with-protoc-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --disable-dependency-tracking PKG_CONFIG_PATH="$STAGING/lib/pkgconfig" CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}" BOOST_CHRONO_EXTRALIBS="-lrt"
|
||||
make $MAKEOPTS
|
||||
make $MAKEOPTS install-strip
|
||||
|
||||
# sort distribution tar file and normalize user/group/mtime information for deterministic output
|
||||
mkdir -p $OUTDIR/src
|
||||
cp ../bitcoin-*.tar.* $OUTDIR/src
|
||||
rm -rf $TEMPDIR
|
||||
mkdir -p $TEMPDIR
|
||||
cd $TEMPDIR
|
||||
tar -xvf $HOME/build/bitcoin/$DISTNAME | sort | tar --no-recursion -cT /dev/stdin --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 --mtime="$REFERENCE_DATETIME" | gzip -n > $OUTDIR/src/$DISTNAME
|
||||
|
Loading…
Reference in New Issue
Block a user