Browse Source

gitian: Make linux build of OpenSSL deterministic

OpenSSL was embedding a timestamp causing its build to be
non-deterministic.
Change deps-linux to be deterministic by using FAKETIME
as needed and disabling it when it gets in the way.
0.10
Wladimir J. van der Laan 11 years ago
parent
commit
aa9348563c
  1. 22
      contrib/gitian-descriptors/deps-linux.yml
  2. 6
      contrib/gitian-descriptors/gitian-linux.yml

22
contrib/gitian-descriptors/deps-linux.yml

@ -24,6 +24,9 @@ files: @@ -24,6 +24,9 @@ files:
script: |
STAGING="$HOME/install"
OPTFLAGS='-O2'
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
export LIBRARY_PATH="$STAGING/lib"
# Integrity Check
echo "f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz" | sha256sum -c
@ -37,6 +40,7 @@ script: | @@ -37,6 +40,7 @@ script: |
cd openssl-1.0.1e
# need -fPIC to avoid relocation error in 64 bit builds
./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC
# need to build OpenSSL with faketime because a timestamp is embedded into cversion.o
make
make install_sw
cd ..
@ -48,18 +52,26 @@ script: | @@ -48,18 +52,26 @@ script: |
rm -f $STAGING/lib/libminiupnpc.so* # no way to skip shared lib build
cd ..
#
tar xjfm qrencode-3.4.3.tar.bz2
tar xjf qrencode-3.4.3.tar.bz2
cd qrencode-3.4.3
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
# need --with-pic to avoid relocation error in 64 bit builds
./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-maintainer-mode --disable-dependency-tracking
./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-dependency-tracking --without-zlib
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS install
cd ..
#
tar xjfm protobuf-2.5.0.tar.bz2
tar xjf protobuf-2.5.0.tar.bz2
cd protobuf-2.5.0
mkdir -p $STAGING/host/bin
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
# need --with-pic to avoid relocation error in 64 bit builds
./configure --prefix=$STAGING --bindir=$STAGING/host/bin --enable-static --disable-shared --with-pic
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS install
cd ..
#
@ -67,9 +79,11 @@ script: | @@ -67,9 +79,11 @@ script: |
cd db-4.8.30.NC/build_unix
# need --with-pic to avoid relocation error in 64 bit builds
../dist/configure --prefix=$STAGING --enable-cxx --disable-shared --with-pic
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
make $MAKEOPTS library_build
make install_lib install_include
cd ../..
#
cd $STAGING
zip -r $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip include lib bin host
find include lib bin host -type f | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip

6
contrib/gitian-descriptors/gitian-linux.yml

@ -21,8 +21,8 @@ remotes: @@ -21,8 +21,8 @@ remotes:
- "url": "https://github.com/bitcoin/bitcoin.git"
"dir": "bitcoin"
files:
- "bitcoin-deps-linux32-gitian-r2.zip"
- "bitcoin-deps-linux64-gitian-r2.zip"
- "bitcoin-deps-linux32-gitian-r3.zip"
- "bitcoin-deps-linux64-gitian-r3.zip"
- "boost-linux32-1.55.0-gitian-r1.zip"
- "boost-linux64-1.55.0-gitian-r1.zip"
script: |
@ -34,7 +34,7 @@ script: | @@ -34,7 +34,7 @@ script: |
#
mkdir -p $STAGING
cd $STAGING
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip
unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
cd ../build
#

Loading…
Cancel
Save