neobytes/contrib/gitian-descriptors/deps-win.yml
Wladimir J. van der Laan 6e7c4d17d8 gitian: upgrade OpenSSL to 1.0.1h
Upgrade for https://www.openssl.org/news/secadv_20140605.txt

Just in case - there is no vulnerability that affects ecdsa signing or
verification.

The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.

As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.

The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
2014-06-05 17:24:38 +02:00

129 lines
4.4 KiB
YAML

---
name: "bitcoin-deps"
suites:
- "precise"
architectures:
- "amd64"
packages:
- "mingw-w64"
- "g++-mingw-w64"
- "git-core"
- "zip"
- "faketime"
- "psmisc"
reference_datetime: "2011-01-30 00:00:00"
remotes: []
files:
- "openssl-1.0.1h.tar.gz"
- "db-4.8.30.NC.tar.gz"
- "miniupnpc-1.9.tar.gz"
- "zlib-1.2.8.tar.gz"
- "libpng-1.6.8.tar.gz"
- "qrencode-3.4.3.tar.bz2"
script: |
#
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
INDIR=$HOME/build
TEMPDIR=$HOME/tmp
# Input Integrity Check
echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 openssl-1.0.1h.tar.gz" | sha256sum -c
echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c
echo "2923e453e880bb949e3d4da9f83dd3cb6f08946d35de0b864d0339cf70934464 miniupnpc-1.9.tar.gz" | sha256sum -c
echo "36658cb768a54c1d4dec43c3116c27ed893e88b02ecfcb44f2166f9c0b7f2a0d zlib-1.2.8.tar.gz" | sha256sum -c
echo "32c7acf1608b9c8b71b743b9780adb7a7b347563dbfb4a5263761056da44cc96 libpng-1.6.8.tar.gz" | sha256sum -c
echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c
for BITS in 32 64; do # for architectures
#
INSTALLPREFIX=$HOME/staging${BITS}
BUILDDIR=$HOME/build${BITS}
if [ "$BITS" == "32" ]; then
HOST=i686-w64-mingw32
else
HOST=x86_64-w64-mingw32
fi
#
mkdir -p $INSTALLPREFIX $BUILDDIR
cd $BUILDDIR
#
tar xzf $INDIR/openssl-1.0.1h.tar.gz
cd openssl-1.0.1h
if [ "$BITS" == "32" ]; then
OPENSSL_TGT=mingw
else
OPENSSL_TGT=mingw64
fi
./Configure --cross-compile-prefix=$HOST- ${OPENSSL_TGT} no-shared no-dso --openssldir=$INSTALLPREFIX
make
make install_sw
cd ..
#
tar xzf $INDIR/db-4.8.30.NC.tar.gz
cd db-4.8.30.NC/build_unix
../dist/configure --prefix=$INSTALLPREFIX --enable-mingw --enable-cxx --host=$HOST --disable-shared
make $MAKEOPTS library_build
make install_lib install_include
cd ../..
#
tar xzf $INDIR/miniupnpc-1.9.tar.gz
cd miniupnpc-1.9
echo "
--- miniupnpc-1.9/Makefile.mingw.orig 2013-09-29 18:52:51.014087958 -1000
+++ miniupnpc-1.9/Makefile.mingw 2013-09-29 19:09:29.663318691 -1000
@@ -67,8 +67,8 @@
wingenminiupnpcstrings.o: wingenminiupnpcstrings.c
-miniupnpcstrings.h: miniupnpcstrings.h.in wingenminiupnpcstrings
- wingenminiupnpcstrings \$< \$@
+miniupnpcstrings.h: miniupnpcstrings.h.in
+ sed -e 's|OS/version|MSWindows/5.1.2600|' -e 's|MINIUPNPC_VERSION_STRING \"version\"|MINIUPNPC_VERSION_STRING \"VERSIONHERE\"|' \$< > \$@
minixml.o: minixml.c minixml.h miniupnpcstrings.h
" | sed "s/VERSIONHERE/$(cat VERSION)/" | patch -p1
mkdir -p dll
make -f Makefile.mingw CC=$HOST-gcc AR=$HOST-ar libminiupnpc.a
install -d $INSTALLPREFIX/include/miniupnpc
install *.h $INSTALLPREFIX/include/miniupnpc
install libminiupnpc.a $INSTALLPREFIX/lib
cd ..
#
tar xzf $INDIR/zlib-1.2.8.tar.gz
cd zlib-1.2.8
CROSS_PREFIX=$HOST- ./configure --prefix=$INSTALLPREFIX --static
make
make install
cd ..
#
tar xzf $INDIR/libpng-1.6.8.tar.gz
cd libpng-1.6.8
OPT="-O2"
CPPFLAGS="${OPT} -I$INSTALLPREFIX/include" CFLAGS="${OPT} -I$INSTALLPREFIX/include" LDFLAGS="${OPT} -L$INSTALLPREFIX/lib" ./configure --disable-shared --prefix=$INSTALLPREFIX --host=$HOST
make $MAKEOPTS
make install
cd ..
#
tar xjf $INDIR/qrencode-3.4.3.tar.bz2
cd qrencode-3.4.3
png_CFLAGS="-I$INSTALLPREFIX/include" png_LIBS="-L$INSTALLPREFIX/lib -lpng" ./configure --prefix=$INSTALLPREFIX --host=$HOST --enable-static --disable-shared --without-tools --disable-dependency-tracking
# Workaround to prevent re-configuring by make (resulting in missing m4 error); make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
make
make install
cd ..
# post-process all generated libraries to be deterministic
# extract them to a temporary directory then re-build them deterministically
for LIB in $(find $INSTALLPREFIX -name \*.a); do
rm -rf $TEMPDIR && mkdir $TEMPDIR && cd $TEMPDIR
$HOST-ar xv $LIB | cut -b5- > /tmp/list.txt
rm $LIB
$HOST-ar crsD $LIB $(cat /tmp/list.txt)
done
#
cd $INSTALLPREFIX
find include lib | sort | zip -X@ $OUTDIR/bitcoin-deps-win$BITS-gitian-r13.zip
done # for BITS in