Browse Source

Merge pull request #3622

c13a13e gitian: add -D flag to ar for deterministic output for linux deps (Wladimir J. van der Laan)
1552145 gitian: Sort generated source distribution archive (Wladimir J. van der Laan)
aabcd11 gitian: Make linux boost dependency completely deterministic (Wladimir J. van der Laan)
aa93485 gitian: Make linux build of OpenSSL deterministic (Wladimir J. van der Laan)
0.10
Wladimir J. van der Laan 11 years ago
parent
commit
d5fa3eff03
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
  1. 21
      contrib/gitian-descriptors/boost-linux.yml
  2. 33
      contrib/gitian-descriptors/deps-linux.yml
  3. 19
      contrib/gitian-descriptors/gitian-linux.yml

21
contrib/gitian-descriptors/boost-linux.yml

@ -19,12 +19,16 @@ files: @@ -19,12 +19,16 @@ files:
- "boost_1_55_0.tar.bz2"
script: |
STAGING="$HOME/install"
TEMPDIR="$HOME/tmp"
export LIBRARY_PATH="$STAGING/lib"
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
# Input Integrity Check
echo "fff00023dd79486d444c8e29922f4072e1d451fc5a4d2b6075852ead7f2b7b52 boost_1_55_0.tar.bz2" | shasum -c
mkdir -p "$STAGING"
tar xjf boost_1_55_0.tar.bz2
tar --warning=no-timestamp -xjf boost_1_55_0.tar.bz2
cd boost_1_55_0
GCCVERSION=$(g++ -E -dM $(mktemp --suffix=.h) | grep __VERSION__ | cut -d ' ' -f 3 | cut -d '"' -f 2)
# note: bjam with -d+2 reveals that -O3 is implied by default, no need to provide it in cxxflags
@ -35,9 +39,16 @@ script: | @@ -35,9 +39,16 @@ script: |
./bootstrap.sh --without-icu
./bjam toolset=gcc threadapi=pthread threading=multi variant=release link=static runtime-link=shared --user-config=user-config.jam --without-mpi --without-python -sNO_BZIP2=1 --layout=tagged --build-type=complete --prefix="$STAGING" $MAKEOPTS install
./bjam toolset=gcc threadapi=pthread threading=multi variant=release link=static runtime-link=shared --user-config=user-config.jam --without-mpi --without-python -sNO_BZIP2=1 --layout=tagged --build-type=complete --prefix="$STAGING" $MAKEOPTS -d+2 install
# post-process all generated libraries to be deterministic
# extract them to a temporary directory then re-build them deterministically
for LIB in $(find $STAGING -name \*.a); do
rm -rf $TEMPDIR && mkdir $TEMPDIR && cd $TEMPDIR
ar xv $LIB | cut -b5- > /tmp/list.txt
rm $LIB
ar crsD $LIB $(cat /tmp/list.txt)
done
#
cd "$STAGING"
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
zip -r $OUTDIR/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip *
find | sort | zip -X@ $OUTDIR/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip

33
contrib/gitian-descriptors/deps-linux.yml

@ -23,7 +23,11 @@ files: @@ -23,7 +23,11 @@ files:
- "db-4.8.30.NC.tar.gz"
script: |
STAGING="$HOME/install"
TEMPDIR="$HOME/tmp"
OPTFLAGS='-O2'
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
export LIBRARY_PATH="$STAGING/lib"
# Integrity Check
echo "f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz" | sha256sum -c
@ -37,6 +41,7 @@ script: | @@ -37,6 +41,7 @@ script: |
cd openssl-1.0.1e
# need -fPIC to avoid relocation error in 64 bit builds
./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC
# need to build OpenSSL with faketime because a timestamp is embedded into cversion.o
make
make install_sw
cd ..
@ -48,18 +53,26 @@ script: | @@ -48,18 +53,26 @@ script: |
rm -f $STAGING/lib/libminiupnpc.so* # no way to skip shared lib build
cd ..
#
tar xjfm qrencode-3.4.3.tar.bz2
tar xjf qrencode-3.4.3.tar.bz2
cd qrencode-3.4.3
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
# need --with-pic to avoid relocation error in 64 bit builds
./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-maintainer-mode --disable-dependency-tracking
./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-dependency-tracking
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS install
cd ..
#
tar xjfm protobuf-2.5.0.tar.bz2
tar xjf protobuf-2.5.0.tar.bz2
cd protobuf-2.5.0
mkdir -p $STAGING/host/bin
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
# need --with-pic to avoid relocation error in 64 bit builds
./configure --prefix=$STAGING --bindir=$STAGING/host/bin --enable-static --disable-shared --with-pic
./configure --prefix=$STAGING --bindir=$STAGING/host/bin --enable-static --disable-shared --with-pic --without-zlib
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS install
cd ..
#
@ -67,9 +80,19 @@ script: | @@ -67,9 +80,19 @@ script: |
cd db-4.8.30.NC/build_unix
# need --with-pic to avoid relocation error in 64 bit builds
../dist/configure --prefix=$STAGING --enable-cxx --disable-shared --with-pic
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
make $MAKEOPTS library_build
make install_lib install_include
cd ../..
# post-process all generated libraries to be deterministic
# extract them to a temporary directory then re-build them deterministically
for LIB in $(find $STAGING -name \*.a); do
rm -rf $TEMPDIR && mkdir $TEMPDIR && cd $TEMPDIR
ar xv $LIB | cut -b5- > /tmp/list.txt
rm $LIB
ar crsD $LIB $(cat /tmp/list.txt)
done
#
cd $STAGING
zip -r $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip include lib bin host
find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip

19
contrib/gitian-descriptors/gitian-linux.yml

@ -21,33 +21,40 @@ remotes: @@ -21,33 +21,40 @@ remotes:
- "url": "https://github.com/bitcoin/bitcoin.git"
"dir": "bitcoin"
files:
- "bitcoin-deps-linux32-gitian-r2.zip"
- "bitcoin-deps-linux64-gitian-r2.zip"
- "bitcoin-deps-linux32-gitian-r3.zip"
- "bitcoin-deps-linux64-gitian-r3.zip"
- "boost-linux32-1.55.0-gitian-r1.zip"
- "boost-linux64-1.55.0-gitian-r1.zip"
script: |
STAGING="$HOME/install"
OPTFLAGS='-O2'
BINDIR="${OUTDIR}/bin/${GBUILD_BITS}" # 32/64 bit build specific output directory
TEMPDIR="$HOME/tempdir"
export TZ=UTC
export LIBRARY_PATH="$STAGING/lib"
mkdir -p ${BINDIR}
#
mkdir -p $STAGING
cd $STAGING
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip
unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
cd ../build
#
cd bitcoin
export TAR_OPTIONS=--mtime=`echo $REFERENCE_DATETIME | awk '{ print $1 }'`
./autogen.sh
./configure --prefix=$STAGING --bindir=$BINDIR --with-protoc-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --disable-dependency-tracking PKG_CONFIG_PATH="$STAGING/lib/pkgconfig" CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}" BOOST_CHRONO_EXTRALIBS="-lrt"
make dist
DISTNAME=`echo bitcoin-*.tar.gz`
mkdir -p distsrc
cd distsrc
tar --strip-components=1 -xf ../bitcoin-*.tar.*
tar --strip-components=1 -xf ../$DISTNAME
./configure --prefix=$STAGING --bindir=$BINDIR --with-protoc-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --disable-dependency-tracking PKG_CONFIG_PATH="$STAGING/lib/pkgconfig" CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}" BOOST_CHRONO_EXTRALIBS="-lrt"
make $MAKEOPTS
make $MAKEOPTS install-strip
# sort distribution tar file and normalize user/group/mtime information for deterministic output
mkdir -p $OUTDIR/src
cp ../bitcoin-*.tar.* $OUTDIR/src
rm -rf $TEMPDIR
mkdir -p $TEMPDIR
cd $TEMPDIR
tar -xvf $HOME/build/bitcoin/$DISTNAME | sort | tar --no-recursion -cT /dev/stdin --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 --mtime="$REFERENCE_DATETIME" | gzip -n > $OUTDIR/src/$DISTNAME

Loading…
Cancel
Save