3ae41a64dd
Upgrade for https://www.openssl.org/news/secadv_20140605.txt
Just in case - there is no vulnerability that affects ecdsa signing or
verification.
The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.
As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.
The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
Rebased-From: 6e7c4d1
87 lines
2.8 KiB
YAML
87 lines
2.8 KiB
YAML
---
|
|
name: "bitcoin"
|
|
suites:
|
|
- "precise"
|
|
architectures:
|
|
- "i386"
|
|
- "amd64"
|
|
packages:
|
|
- "g++"
|
|
- "git-core"
|
|
- "unzip"
|
|
- "pkg-config"
|
|
- "autoconf2.13"
|
|
- "libtool"
|
|
- "automake"
|
|
- "faketime"
|
|
- "bsdmainutils"
|
|
- "libqt4-core"
|
|
- "libqt4-gui"
|
|
- "libqt4-dbus"
|
|
- "libqt4-network"
|
|
- "libqt4-test"
|
|
reference_datetime: "2013-06-01 00:00:00"
|
|
remotes:
|
|
- "url": "https://github.com/bitcoin/bitcoin.git"
|
|
"dir": "bitcoin"
|
|
files:
|
|
- "bitcoin-deps-linux32-gitian-r6.zip"
|
|
- "bitcoin-deps-linux64-gitian-r6.zip"
|
|
- "boost-linux32-1.55.0-gitian-r1.zip"
|
|
- "boost-linux64-1.55.0-gitian-r1.zip"
|
|
- "qt-linux32-4.6.4-gitian-r1.tar.gz"
|
|
- "qt-linux64-4.6.4-gitian-r1.tar.gz"
|
|
script: |
|
|
STAGING="$HOME/install"
|
|
OPTFLAGS='-O2'
|
|
BINDIR="${OUTDIR}/bin/${GBUILD_BITS}" # 32/64 bit build specific output directory
|
|
TEMPDIR="$HOME/tempdir"
|
|
export TZ=UTC
|
|
export LIBRARY_PATH="$STAGING/lib"
|
|
export PATH="$STAGING/bin:$PATH"
|
|
mkdir -p ${BINDIR}
|
|
#
|
|
mkdir -p $STAGING
|
|
cd $STAGING
|
|
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r6.zip
|
|
unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
|
|
tar -zxf ../build/qt-linux${GBUILD_BITS}-4.6.4-gitian-r1.tar.gz
|
|
cd ../build
|
|
|
|
# Avoid exporting *any* symbols from the executable
|
|
# This avoids conflicts between the libraries statically linked into bitcoin and any
|
|
# libraries we may link dynamically (such as Qt and OpenSSL, see issue #4094).
|
|
# It also avoids start-up overhead to not export any unnecessary symbols.
|
|
# To do this, build a linker script that marks all symbols as local.
|
|
LINKER_SCRIPT=$HOME/build/linker_version_script
|
|
echo '
|
|
{
|
|
local: *;
|
|
};' > $LINKER_SCRIPT
|
|
function do_configure {
|
|
./configure "$@" --enable-upnp-default --prefix=$STAGING --with-protoc-bindir=$STAGING/host/bin --with-qt-bindir=$STAGING/bin --with-boost=$STAGING --disable-maintainer-mode --disable-dependency-tracking PKG_CONFIG_PATH="$STAGING/lib/pkgconfig" CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib -Wl,--version-script=$LINKER_SCRIPT ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}" BOOST_CHRONO_EXTRALIBS="-lrt" --enable-glibc-back-compat
|
|
}
|
|
#
|
|
cd bitcoin
|
|
./autogen.sh
|
|
do_configure
|
|
make dist
|
|
DISTNAME=`echo bitcoin-*.tar.gz`
|
|
|
|
# Build dynamic versions of everything
|
|
# (with static linking to boost and openssl as well a some non-OS deps)
|
|
mkdir -p distsrc
|
|
cd distsrc
|
|
tar --strip-components=1 -xf ../$DISTNAME
|
|
do_configure --bindir=$BINDIR
|
|
make $MAKEOPTS
|
|
make $MAKEOPTS install-strip
|
|
make $MAKEOPTS clean
|
|
|
|
# sort distribution tar file and normalize user/group/mtime information for deterministic output
|
|
mkdir -p $OUTDIR/src
|
|
rm -rf $TEMPDIR
|
|
mkdir -p $TEMPDIR
|
|
cd $TEMPDIR
|
|
tar -xvf $HOME/build/bitcoin/$DISTNAME | sort | tar --no-recursion -cT /dev/stdin --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 --mtime="$REFERENCE_DATETIME" | gzip -n > $OUTDIR/src/$DISTNAME
|