Browse Source

gitian: Make linux build of OpenSSL deterministic

OpenSSL was embedding a timestamp causing its build to be
non-deterministic.
Change deps-linux to be deterministic by using FAKETIME
as needed and disabling it when it gets in the way.
0.10
Wladimir J. van der Laan 11 years ago
parent
commit
aa9348563c
  1. 22
      contrib/gitian-descriptors/deps-linux.yml
  2. 6
      contrib/gitian-descriptors/gitian-linux.yml

22
contrib/gitian-descriptors/deps-linux.yml

@ -24,6 +24,9 @@ files:
script: | script: |
STAGING="$HOME/install" STAGING="$HOME/install"
OPTFLAGS='-O2' OPTFLAGS='-O2'
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
export LIBRARY_PATH="$STAGING/lib" export LIBRARY_PATH="$STAGING/lib"
# Integrity Check # Integrity Check
echo "f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz" | sha256sum -c echo "f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz" | sha256sum -c
@ -37,6 +40,7 @@ script: |
cd openssl-1.0.1e cd openssl-1.0.1e
# need -fPIC to avoid relocation error in 64 bit builds # need -fPIC to avoid relocation error in 64 bit builds
./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC ./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC
# need to build OpenSSL with faketime because a timestamp is embedded into cversion.o
make make
make install_sw make install_sw
cd .. cd ..
@ -48,18 +52,26 @@ script: |
rm -f $STAGING/lib/libminiupnpc.so* # no way to skip shared lib build rm -f $STAGING/lib/libminiupnpc.so* # no way to skip shared lib build
cd .. cd ..
# #
tar xjfm qrencode-3.4.3.tar.bz2 tar xjf qrencode-3.4.3.tar.bz2
cd qrencode-3.4.3 cd qrencode-3.4.3
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
# need --with-pic to avoid relocation error in 64 bit builds # need --with-pic to avoid relocation error in 64 bit builds
./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-maintainer-mode --disable-dependency-tracking ./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-dependency-tracking --without-zlib
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS install make $MAKEOPTS install
cd .. cd ..
# #
tar xjfm protobuf-2.5.0.tar.bz2 tar xjf protobuf-2.5.0.tar.bz2
cd protobuf-2.5.0 cd protobuf-2.5.0
mkdir -p $STAGING/host/bin mkdir -p $STAGING/host/bin
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
# need --with-pic to avoid relocation error in 64 bit builds # need --with-pic to avoid relocation error in 64 bit builds
./configure --prefix=$STAGING --bindir=$STAGING/host/bin --enable-static --disable-shared --with-pic ./configure --prefix=$STAGING --bindir=$STAGING/host/bin --enable-static --disable-shared --with-pic
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS install make $MAKEOPTS install
cd .. cd ..
# #
@ -67,9 +79,11 @@ script: |
cd db-4.8.30.NC/build_unix cd db-4.8.30.NC/build_unix
# need --with-pic to avoid relocation error in 64 bit builds # need --with-pic to avoid relocation error in 64 bit builds
../dist/configure --prefix=$STAGING --enable-cxx --disable-shared --with-pic ../dist/configure --prefix=$STAGING --enable-cxx --disable-shared --with-pic
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
make $MAKEOPTS library_build make $MAKEOPTS library_build
make install_lib install_include make install_lib install_include
cd ../.. cd ../..
# #
cd $STAGING cd $STAGING
zip -r $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip include lib bin host find include lib bin host -type f | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip

6
contrib/gitian-descriptors/gitian-linux.yml

@ -21,8 +21,8 @@ remotes:
- "url": "https://github.com/bitcoin/bitcoin.git" - "url": "https://github.com/bitcoin/bitcoin.git"
"dir": "bitcoin" "dir": "bitcoin"
files: files:
- "bitcoin-deps-linux32-gitian-r2.zip" - "bitcoin-deps-linux32-gitian-r3.zip"
- "bitcoin-deps-linux64-gitian-r2.zip" - "bitcoin-deps-linux64-gitian-r3.zip"
- "boost-linux32-1.55.0-gitian-r1.zip" - "boost-linux32-1.55.0-gitian-r1.zip"
- "boost-linux64-1.55.0-gitian-r1.zip" - "boost-linux64-1.55.0-gitian-r1.zip"
script: | script: |
@ -34,7 +34,7 @@ script: |
# #
mkdir -p $STAGING mkdir -p $STAGING
cd $STAGING cd $STAGING
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip
unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
cd ../build cd ../build
# #

Loading…
Cancel
Save