neobytes/contrib/gitian-descriptors/gitian-linux.yml
Wladimir J. van der Laan 6e7c4d17d8 gitian: upgrade OpenSSL to 1.0.1h
Upgrade for https://www.openssl.org/news/secadv_20140605.txt

Just in case - there is no vulnerability that affects ecdsa signing or
verification.

The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.

As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.

The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
2014-06-05 17:24:38 +02:00

87 lines
2.8 KiB
YAML

---
name: "bitcoin"
suites:
- "precise"
architectures:
- "i386"
- "amd64"
packages:
- "g++"
- "git-core"
- "unzip"
- "pkg-config"
- "autoconf2.13"
- "libtool"
- "automake"
- "faketime"
- "bsdmainutils"
- "libqt4-core"
- "libqt4-gui"
- "libqt4-dbus"
- "libqt4-network"
- "libqt4-test"
reference_datetime: "2013-06-01 00:00:00"
remotes:
- "url": "https://github.com/bitcoin/bitcoin.git"
"dir": "bitcoin"
files:
- "bitcoin-deps-linux32-gitian-r6.zip"
- "bitcoin-deps-linux64-gitian-r6.zip"
- "boost-linux32-1.55.0-gitian-r1.zip"
- "boost-linux64-1.55.0-gitian-r1.zip"
- "qt-linux32-4.6.4-gitian-r1.tar.gz"
- "qt-linux64-4.6.4-gitian-r1.tar.gz"
script: |
STAGING="$HOME/install"
OPTFLAGS='-O2'
BINDIR="${OUTDIR}/bin/${GBUILD_BITS}" # 32/64 bit build specific output directory
TEMPDIR="$HOME/tempdir"
export TZ=UTC
export LIBRARY_PATH="$STAGING/lib"
export PATH="$STAGING/bin:$PATH"
mkdir -p ${BINDIR}
#
mkdir -p $STAGING
cd $STAGING
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r6.zip
unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
tar -zxf ../build/qt-linux${GBUILD_BITS}-4.6.4-gitian-r1.tar.gz
cd ../build
# Avoid exporting *any* symbols from the executable
# This avoids conflicts between the libraries statically linked into bitcoin and any
# libraries we may link dynamically (such as Qt and OpenSSL, see issue #4094).
# It also avoids start-up overhead to not export any unnecessary symbols.
# To do this, build a linker script that marks all symbols as local.
LINKER_SCRIPT=$HOME/build/linker_version_script
echo '
{
local: *;
};' > $LINKER_SCRIPT
function do_configure {
./configure "$@" --enable-upnp-default --prefix=$STAGING --with-protoc-bindir=$STAGING/host/bin --with-qt-bindir=$STAGING/bin --with-boost=$STAGING --disable-maintainer-mode --disable-dependency-tracking PKG_CONFIG_PATH="$STAGING/lib/pkgconfig" CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib -Wl,--version-script=$LINKER_SCRIPT ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}" BOOST_CHRONO_EXTRALIBS="-lrt" --enable-glibc-back-compat
}
#
cd bitcoin
./autogen.sh
do_configure
make dist
DISTNAME=`echo bitcoin-*.tar.gz`
# Build dynamic versions of everything
# (with static linking to boost and openssl as well a some non-OS deps)
mkdir -p distsrc
cd distsrc
tar --strip-components=1 -xf ../$DISTNAME
do_configure --bindir=$BINDIR
make $MAKEOPTS
make $MAKEOPTS install-strip
make $MAKEOPTS clean
# sort distribution tar file and normalize user/group/mtime information for deterministic output
mkdir -p $OUTDIR/src
rm -rf $TEMPDIR
mkdir -p $TEMPDIR
cd $TEMPDIR
tar -xvf $HOME/build/bitcoin/$DISTNAME | sort | tar --no-recursion -cT /dev/stdin --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 --mtime="$REFERENCE_DATETIME" | gzip -n > $OUTDIR/src/$DISTNAME