3ae41a64dd
Upgrade for https://www.openssl.org/news/secadv_20140605.txt
Just in case - there is no vulnerability that affects ecdsa signing or
verification.
The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.
As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.
The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
Rebased-From: 6e7c4d1
98 lines
3.7 KiB
YAML
98 lines
3.7 KiB
YAML
---
|
|
name: "bitcoin"
|
|
suites:
|
|
- "precise"
|
|
architectures:
|
|
- "amd64"
|
|
packages:
|
|
- "mingw-w64"
|
|
- "g++-mingw-w64"
|
|
- "git-core"
|
|
- "unzip"
|
|
- "nsis"
|
|
- "faketime"
|
|
- "autoconf2.13"
|
|
- "libtool"
|
|
- "automake"
|
|
- "pkg-config"
|
|
- "bsdmainutils"
|
|
|
|
reference_datetime: "2013-06-01 00:00:00"
|
|
remotes:
|
|
- "url": "https://github.com/bitcoin/bitcoin.git"
|
|
"dir": "bitcoin"
|
|
files:
|
|
- "qt-win32-5.2.0-gitian-r3.zip"
|
|
- "qt-win64-5.2.0-gitian-r3.zip"
|
|
- "boost-win32-1.55.0-gitian-r6.zip"
|
|
- "boost-win64-1.55.0-gitian-r6.zip"
|
|
- "bitcoin-deps-win32-gitian-r13.zip"
|
|
- "bitcoin-deps-win64-gitian-r13.zip"
|
|
- "protobuf-win32-2.5.0-gitian-r4.zip"
|
|
- "protobuf-win64-2.5.0-gitian-r4.zip"
|
|
script: |
|
|
# Defines
|
|
export TZ=UTC
|
|
INDIR=$HOME/build
|
|
OPTFLAGS='-O2'
|
|
TEMPDIR="$HOME/tempdir"
|
|
NEEDDIST=1
|
|
# Qt: workaround for determinism in resource ordering
|
|
# Qt5's rcc uses a QHash to store the files for the resource.
|
|
# A security fix in QHash makes the ordering of keys to be different on every run
|
|
# (https://qt.gitorious.org/qt/qtbase/commit/c01eaa438200edc9a3bbcd8ae1e8ded058bea268).
|
|
# This is good in general but qrc shouldn't be doing a traversal over a randomized container.
|
|
# The thorough solution would be to use QMap instead of QHash, but this requires patching Qt.
|
|
# For now luckily there is a test mode that forces a fixed seed.
|
|
export QT_RCC_TEST=1
|
|
for BITS in 32 64; do # for architectures
|
|
#
|
|
STAGING=$HOME/staging${BITS}
|
|
BUILDDIR=$HOME/build${BITS}
|
|
BINDIR=$OUTDIR/$BITS
|
|
if [ "$BITS" == "32" ]; then
|
|
HOST=i686-w64-mingw32
|
|
else
|
|
HOST=x86_64-w64-mingw32
|
|
fi
|
|
export PATH=$STAGING/host/bin:$PATH
|
|
mkdir -p $STAGING $BUILDDIR $BINDIR
|
|
#
|
|
cd $STAGING
|
|
unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r3.zip
|
|
unzip $INDIR/boost-win${BITS}-1.55.0-gitian-r6.zip
|
|
unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r13.zip
|
|
unzip $INDIR/protobuf-win${BITS}-2.5.0-gitian-r4.zip
|
|
if [ "$NEEDDIST" == "1" ]; then
|
|
# Make source code archive which is architecture independent so it only needs to be done once
|
|
cd $HOME/build/bitcoin
|
|
./autogen.sh
|
|
./configure --bindir=$OUTDIR --prefix=$STAGING --host=$HOST --with-qt-plugindir=$STAGING/plugins --with-qt-incdir=$STAGING/include --with-qt-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --with-protoc-bindir=$STAGING/host/bin --disable-dependency-tracking CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}"
|
|
make dist
|
|
DISTNAME=`echo bitcoin-*.tar.gz`
|
|
NEEDDIST=0
|
|
fi
|
|
# Build platform-dependent executables from source archive
|
|
cd $BUILDDIR
|
|
mkdir -p distsrc
|
|
cd distsrc
|
|
tar --strip-components=1 -xf $HOME/build/bitcoin/$DISTNAME
|
|
./configure --enable-upnp-default --bindir=$BINDIR --prefix=$STAGING --host=$HOST --with-qt-plugindir=$STAGING/plugins --with-qt-incdir=$STAGING/include --with-qt-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --with-protoc-bindir=$STAGING/host/bin --disable-dependency-tracking CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}"
|
|
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
|
|
export FAKETIME=$REFERENCE_DATETIME
|
|
make $MAKEOPTS
|
|
make deploy
|
|
make install-strip
|
|
cp -f bitcoin-*setup*.exe $BINDIR/
|
|
unset LD_PRELOAD
|
|
unset FAKETIME
|
|
done # for BITS in
|
|
|
|
# sort distribution tar file and normalize user/group/mtime information for deterministic output
|
|
mkdir -p $OUTDIR/src
|
|
rm -rf $TEMPDIR
|
|
mkdir -p $TEMPDIR
|
|
cd $TEMPDIR
|
|
tar -xvf $HOME/build/bitcoin/$DISTNAME | sort | tar --no-recursion -cT /dev/stdin --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 --mtime="$REFERENCE_DATETIME" | gzip -n > $OUTDIR/src/$DISTNAME
|
|
|