From aa9348563c88b984d9c42c41aa5d227145c8ac4b Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Mon, 3 Feb 2014 22:22:07 +0100 Subject: [PATCH] gitian: Make linux build of OpenSSL deterministic OpenSSL was embedding a timestamp causing its build to be non-deterministic. Change deps-linux to be deterministic by using FAKETIME as needed and disabling it when it gets in the way. --- contrib/gitian-descriptors/deps-linux.yml | 22 +++++++++++++++++---- contrib/gitian-descriptors/gitian-linux.yml | 6 +++--- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/contrib/gitian-descriptors/deps-linux.yml b/contrib/gitian-descriptors/deps-linux.yml index 12c3179ea..fc624d899 100644 --- a/contrib/gitian-descriptors/deps-linux.yml +++ b/contrib/gitian-descriptors/deps-linux.yml @@ -24,6 +24,9 @@ files: script: | STAGING="$HOME/install" OPTFLAGS='-O2' + export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 + export FAKETIME=$REFERENCE_DATETIME + export TZ=UTC export LIBRARY_PATH="$STAGING/lib" # Integrity Check echo "f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz" | sha256sum -c @@ -37,6 +40,7 @@ script: | cd openssl-1.0.1e # need -fPIC to avoid relocation error in 64 bit builds ./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC + # need to build OpenSSL with faketime because a timestamp is embedded into cversion.o make make install_sw cd .. @@ -48,18 +52,26 @@ script: | rm -f $STAGING/lib/libminiupnpc.so* # no way to skip shared lib build cd .. # - tar xjfm qrencode-3.4.3.tar.bz2 + tar xjf qrencode-3.4.3.tar.bz2 cd qrencode-3.4.3 + unset FAKETIME # unset fake time during configure, as it does some clock sanity tests # need --with-pic to avoid relocation error in 64 bit builds - ./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-maintainer-mode --disable-dependency-tracking + ./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-dependency-tracking --without-zlib + # Workaround to prevent re-configuring by make; make all files have a date in the past + find . -print0 | xargs -r0 touch -t 200001010000 + export FAKETIME=$REFERENCE_DATETIME make $MAKEOPTS install cd .. # - tar xjfm protobuf-2.5.0.tar.bz2 + tar xjf protobuf-2.5.0.tar.bz2 cd protobuf-2.5.0 mkdir -p $STAGING/host/bin + unset FAKETIME # unset fake time during configure, as it does some clock sanity tests # need --with-pic to avoid relocation error in 64 bit builds ./configure --prefix=$STAGING --bindir=$STAGING/host/bin --enable-static --disable-shared --with-pic + # Workaround to prevent re-configuring by make; make all files have a date in the past + find . -print0 | xargs -r0 touch -t 200001010000 + export FAKETIME=$REFERENCE_DATETIME make $MAKEOPTS install cd .. # @@ -67,9 +79,11 @@ script: | cd db-4.8.30.NC/build_unix # need --with-pic to avoid relocation error in 64 bit builds ../dist/configure --prefix=$STAGING --enable-cxx --disable-shared --with-pic + # Workaround to prevent re-configuring by make; make all files have a date in the past + find . -print0 | xargs -r0 touch -t 200001010000 make $MAKEOPTS library_build make install_lib install_include cd ../.. # cd $STAGING - zip -r $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip include lib bin host + find include lib bin host -type f | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index 329f4c6b4..763619280 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -21,8 +21,8 @@ remotes: - "url": "https://github.com/bitcoin/bitcoin.git" "dir": "bitcoin" files: -- "bitcoin-deps-linux32-gitian-r2.zip" -- "bitcoin-deps-linux64-gitian-r2.zip" +- "bitcoin-deps-linux32-gitian-r3.zip" +- "bitcoin-deps-linux64-gitian-r3.zip" - "boost-linux32-1.55.0-gitian-r1.zip" - "boost-linux64-1.55.0-gitian-r1.zip" script: | @@ -34,7 +34,7 @@ script: | # mkdir -p $STAGING cd $STAGING - unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip + unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip cd ../build #