Browse Source

Merge pull request #3622

c13a13e gitian: add -D flag to ar for deterministic output for linux deps (Wladimir J. van der Laan)
1552145 gitian: Sort generated source distribution archive (Wladimir J. van der Laan)
aabcd11 gitian: Make linux boost dependency completely deterministic (Wladimir J. van der Laan)
aa93485 gitian: Make linux build of OpenSSL deterministic (Wladimir J. van der Laan)
0.10
Wladimir J. van der Laan 11 years ago
parent
commit
d5fa3eff03
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
  1. 21
      contrib/gitian-descriptors/boost-linux.yml
  2. 33
      contrib/gitian-descriptors/deps-linux.yml
  3. 19
      contrib/gitian-descriptors/gitian-linux.yml

21
contrib/gitian-descriptors/boost-linux.yml

@ -19,12 +19,16 @@ files:
- "boost_1_55_0.tar.bz2" - "boost_1_55_0.tar.bz2"
script: | script: |
STAGING="$HOME/install" STAGING="$HOME/install"
TEMPDIR="$HOME/tmp"
export LIBRARY_PATH="$STAGING/lib" export LIBRARY_PATH="$STAGING/lib"
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
# Input Integrity Check # Input Integrity Check
echo "fff00023dd79486d444c8e29922f4072e1d451fc5a4d2b6075852ead7f2b7b52 boost_1_55_0.tar.bz2" | shasum -c echo "fff00023dd79486d444c8e29922f4072e1d451fc5a4d2b6075852ead7f2b7b52 boost_1_55_0.tar.bz2" | shasum -c
mkdir -p "$STAGING" mkdir -p "$STAGING"
tar xjf boost_1_55_0.tar.bz2 tar --warning=no-timestamp -xjf boost_1_55_0.tar.bz2
cd boost_1_55_0 cd boost_1_55_0
GCCVERSION=$(g++ -E -dM $(mktemp --suffix=.h) | grep __VERSION__ | cut -d ' ' -f 3 | cut -d '"' -f 2) GCCVERSION=$(g++ -E -dM $(mktemp --suffix=.h) | grep __VERSION__ | cut -d ' ' -f 3 | cut -d '"' -f 2)
# note: bjam with -d+2 reveals that -O3 is implied by default, no need to provide it in cxxflags # note: bjam with -d+2 reveals that -O3 is implied by default, no need to provide it in cxxflags
@ -35,9 +39,16 @@ script: |
./bootstrap.sh --without-icu ./bootstrap.sh --without-icu
./bjam toolset=gcc threadapi=pthread threading=multi variant=release link=static runtime-link=shared --user-config=user-config.jam --without-mpi --without-python -sNO_BZIP2=1 --layout=tagged --build-type=complete --prefix="$STAGING" $MAKEOPTS install ./bjam toolset=gcc threadapi=pthread threading=multi variant=release link=static runtime-link=shared --user-config=user-config.jam --without-mpi --without-python -sNO_BZIP2=1 --layout=tagged --build-type=complete --prefix="$STAGING" $MAKEOPTS -d+2 install
# post-process all generated libraries to be deterministic
# extract them to a temporary directory then re-build them deterministically
for LIB in $(find $STAGING -name \*.a); do
rm -rf $TEMPDIR && mkdir $TEMPDIR && cd $TEMPDIR
ar xv $LIB | cut -b5- > /tmp/list.txt
rm $LIB
ar crsD $LIB $(cat /tmp/list.txt)
done
#
cd "$STAGING" cd "$STAGING"
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 find | sort | zip -X@ $OUTDIR/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
export FAKETIME=$REFERENCE_DATETIME
zip -r $OUTDIR/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip *

33
contrib/gitian-descriptors/deps-linux.yml

@ -23,7 +23,11 @@ files:
- "db-4.8.30.NC.tar.gz" - "db-4.8.30.NC.tar.gz"
script: | script: |
STAGING="$HOME/install" STAGING="$HOME/install"
TEMPDIR="$HOME/tmp"
OPTFLAGS='-O2' OPTFLAGS='-O2'
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
export LIBRARY_PATH="$STAGING/lib" export LIBRARY_PATH="$STAGING/lib"
# Integrity Check # Integrity Check
echo "f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz" | sha256sum -c echo "f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz" | sha256sum -c
@ -37,6 +41,7 @@ script: |
cd openssl-1.0.1e cd openssl-1.0.1e
# need -fPIC to avoid relocation error in 64 bit builds # need -fPIC to avoid relocation error in 64 bit builds
./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC ./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC
# need to build OpenSSL with faketime because a timestamp is embedded into cversion.o
make make
make install_sw make install_sw
cd .. cd ..
@ -48,18 +53,26 @@ script: |
rm -f $STAGING/lib/libminiupnpc.so* # no way to skip shared lib build rm -f $STAGING/lib/libminiupnpc.so* # no way to skip shared lib build
cd .. cd ..
# #
tar xjfm qrencode-3.4.3.tar.bz2 tar xjf qrencode-3.4.3.tar.bz2
cd qrencode-3.4.3 cd qrencode-3.4.3
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
# need --with-pic to avoid relocation error in 64 bit builds # need --with-pic to avoid relocation error in 64 bit builds
./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-maintainer-mode --disable-dependency-tracking ./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-dependency-tracking
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS install make $MAKEOPTS install
cd .. cd ..
# #
tar xjfm protobuf-2.5.0.tar.bz2 tar xjf protobuf-2.5.0.tar.bz2
cd protobuf-2.5.0 cd protobuf-2.5.0
mkdir -p $STAGING/host/bin mkdir -p $STAGING/host/bin
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
# need --with-pic to avoid relocation error in 64 bit builds # need --with-pic to avoid relocation error in 64 bit builds
./configure --prefix=$STAGING --bindir=$STAGING/host/bin --enable-static --disable-shared --with-pic ./configure --prefix=$STAGING --bindir=$STAGING/host/bin --enable-static --disable-shared --with-pic --without-zlib
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS install make $MAKEOPTS install
cd .. cd ..
# #
@ -67,9 +80,19 @@ script: |
cd db-4.8.30.NC/build_unix cd db-4.8.30.NC/build_unix
# need --with-pic to avoid relocation error in 64 bit builds # need --with-pic to avoid relocation error in 64 bit builds
../dist/configure --prefix=$STAGING --enable-cxx --disable-shared --with-pic ../dist/configure --prefix=$STAGING --enable-cxx --disable-shared --with-pic
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
make $MAKEOPTS library_build make $MAKEOPTS library_build
make install_lib install_include make install_lib install_include
cd ../.. cd ../..
# post-process all generated libraries to be deterministic
# extract them to a temporary directory then re-build them deterministically
for LIB in $(find $STAGING -name \*.a); do
rm -rf $TEMPDIR && mkdir $TEMPDIR && cd $TEMPDIR
ar xv $LIB | cut -b5- > /tmp/list.txt
rm $LIB
ar crsD $LIB $(cat /tmp/list.txt)
done
# #
cd $STAGING cd $STAGING
zip -r $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip include lib bin host find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip

19
contrib/gitian-descriptors/gitian-linux.yml

@ -21,33 +21,40 @@ remotes:
- "url": "https://github.com/bitcoin/bitcoin.git" - "url": "https://github.com/bitcoin/bitcoin.git"
"dir": "bitcoin" "dir": "bitcoin"
files: files:
- "bitcoin-deps-linux32-gitian-r2.zip" - "bitcoin-deps-linux32-gitian-r3.zip"
- "bitcoin-deps-linux64-gitian-r2.zip" - "bitcoin-deps-linux64-gitian-r3.zip"
- "boost-linux32-1.55.0-gitian-r1.zip" - "boost-linux32-1.55.0-gitian-r1.zip"
- "boost-linux64-1.55.0-gitian-r1.zip" - "boost-linux64-1.55.0-gitian-r1.zip"
script: | script: |
STAGING="$HOME/install" STAGING="$HOME/install"
OPTFLAGS='-O2' OPTFLAGS='-O2'
BINDIR="${OUTDIR}/bin/${GBUILD_BITS}" # 32/64 bit build specific output directory BINDIR="${OUTDIR}/bin/${GBUILD_BITS}" # 32/64 bit build specific output directory
TEMPDIR="$HOME/tempdir"
export TZ=UTC
export LIBRARY_PATH="$STAGING/lib" export LIBRARY_PATH="$STAGING/lib"
mkdir -p ${BINDIR} mkdir -p ${BINDIR}
# #
mkdir -p $STAGING mkdir -p $STAGING
cd $STAGING cd $STAGING
unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r2.zip unzip ../build/bitcoin-deps-linux${GBUILD_BITS}-gitian-r3.zip
unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
cd ../build cd ../build
# #
cd bitcoin cd bitcoin
export TAR_OPTIONS=--mtime=`echo $REFERENCE_DATETIME | awk '{ print $1 }'`
./autogen.sh ./autogen.sh
./configure --prefix=$STAGING --bindir=$BINDIR --with-protoc-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --disable-dependency-tracking PKG_CONFIG_PATH="$STAGING/lib/pkgconfig" CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}" BOOST_CHRONO_EXTRALIBS="-lrt" ./configure --prefix=$STAGING --bindir=$BINDIR --with-protoc-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --disable-dependency-tracking PKG_CONFIG_PATH="$STAGING/lib/pkgconfig" CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}" BOOST_CHRONO_EXTRALIBS="-lrt"
make dist make dist
DISTNAME=`echo bitcoin-*.tar.gz`
mkdir -p distsrc mkdir -p distsrc
cd distsrc cd distsrc
tar --strip-components=1 -xf ../bitcoin-*.tar.* tar --strip-components=1 -xf ../$DISTNAME
./configure --prefix=$STAGING --bindir=$BINDIR --with-protoc-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --disable-dependency-tracking PKG_CONFIG_PATH="$STAGING/lib/pkgconfig" CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}" BOOST_CHRONO_EXTRALIBS="-lrt" ./configure --prefix=$STAGING --bindir=$BINDIR --with-protoc-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --disable-dependency-tracking PKG_CONFIG_PATH="$STAGING/lib/pkgconfig" CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}" BOOST_CHRONO_EXTRALIBS="-lrt"
make $MAKEOPTS make $MAKEOPTS
make $MAKEOPTS install-strip make $MAKEOPTS install-strip
# sort distribution tar file and normalize user/group/mtime information for deterministic output
mkdir -p $OUTDIR/src mkdir -p $OUTDIR/src
cp ../bitcoin-*.tar.* $OUTDIR/src rm -rf $TEMPDIR
mkdir -p $TEMPDIR
cd $TEMPDIR
tar -xvf $HOME/build/bitcoin/$DISTNAME | sort | tar --no-recursion -cT /dev/stdin --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 --mtime="$REFERENCE_DATETIME" | gzip -n > $OUTDIR/src/$DISTNAME

Loading…
Cancel
Save