Release version strings were broken in Gitian by 7522. This is a minimal fix
suitable for 0.15.
After this, we should fix up version handling for good so that gitian packages
the correct string in the release tarball, so that git is not required to get
the tag name.
C_INCLUDE_PATH and CPLUS_INCLUDE_PATH work globally as though -isystem was used
for each invocation.
Since that changes the build results, force a rebuild of x86 depends by adding
the value to $HOST_ID_SALT.
- create a script to handle split debug. This will also eventually need to check
targets, and use dsymutil for osx.
- update config.guess/config.sub for bdb for aarch64.
- temporarily disable symbol checks for arm/aarch64
- quit renaming to linux32/linux64 and use the host directly
This also adds a hack to work around an Ubuntu bug in the gcc-multilib package:
https://bugs.launchpad.net/ubuntu/+source/gcc-defaults-armhf-cross/+bug/1347820
The problem is that gcc-multilib conflicts with the aarch toolchain.
gcc-multilib installs a symlink that points
/usr/include/asm -> /usr/include/x86_64-linux-gnu/asm.
Without this link, gcc -m32 can't find asm/errno.h (and others), since
/usr/include/x86_64-linux-gnu isn't in its default include path. But
/usr/include/i386-linux-gnu is (though it doesn't exist on disk).
So work around the problem by linking
/usr/include/i386-linux-gnu/asm -> /usr/include/x86_64-linux-gnu/asm.
The symlink fix is actually quite reasonable, but echoing the password into
sudo is nasty, and should probably be addressed in gitian itself. It makes more
sense to enable passwordless sudo for the build user by default.
The -debug tarballs/zips contain detached debugging symbols. To use them, place
in the same dir as the target binary, and invoke gdb as usual.
Also, because the debug symbols add a substantial space requirement, the build
dirs are now deleted when they're no longer needed.
This removes the following executables from the binary gitian release:
- test_bitcoin-qt[.exe]
- bench_bitcoin[.exe]
@jonasschnelli and me discussed this on IRC a few days ago - unlike the
normal `bitcoin_tests` which is useful to see if it is safe to run
bitcoin on a certain OS/environment combination, there is no good reason
to include these. Better to leave them out to reduce the download
size.
Sizes from the 0.12 release:
```
2.4M bitcoin-0.12.0/bin/bench_bitcoin.exe
22M bitcoin-0.12.0/bin/test_bitcoin-qt.exe
```
Common sentiment is that the miniupnpc codebase likely contains further
vulnerabilities.
I'd prefer to get rid of the dependency completely, but a compromise for
now is to at least disable it by default.
For Gitian releases:
- Windows builds remain unchanged. libstdc++ was already linked statically.
- OSX builds remain unchanged. libstdc++ is tied to the SDK and not worth
messing with.
- Linux builds now statically link libstdc++.
For Travis:
- Match the previous behavior by adding --enable-reduce-exports as
necessary.
- Use static libstdc++ for the full Linux build.
Since permissions and timestamps are changed for the sake of determinism,
. must not be added to the archive. Otherwise, tar may try to modify pwd when
extracting.
Descriptors now make use of the dependencies builder, so results are cached.
A very new version (>= e9741525c) of Gitian should be used in order to take
advantage of caching.
Upgrade for https://www.openssl.org/news/secadv_20140605.txt
Just in case - there is no vulnerability that affects ecdsa signing or
verification.
The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.
As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.
The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
If the `libqt4-dev` package is installed it picks the moc executable
from the system instead of our custom-built one. This results in
compatibility errors.
This commit convinces configure to pick the right one.
This avoids conflicts between the libraries statically linked into bitcoin and any
libraries we may link dynamically (such as Qt and OpenSSL, see issue #4094).
It also avoids start-up overhead to not export any unnecessary symbols.
To do this, build a linker script that marks all symbols as local.
Should make it possible to run the resulting GUI executable on
Linux distributions that use Qt 4.6, such as Debian Wheezy and Tails.
Builds a mini-SDK for building against Qt 4.6. This includes the headers
as well as host utilities such as `lrelease`, `qrc` and `moc`.
This speeds up the gitian build a bit - libqt4-dev pulled in a lot of packages,
and is no longer needed as this provides a replacement of our own.
Note: This does not replace the Qt build with at static library. After this
commit we still build dynamically against the system Qt library. The only
difference is that compatibility with an older version is maintained. This
loses minor GUI functionality (such as setPlaceholderText) but still
allows integration into the window management of the host OS, unlike
when statically linking.
Bumps deps-linux, deps-win dependency versions as well.
qt-win does not need to be bumped, as although it depends on deps-win,
Qt doesn't use miniupnp. I verified this by rebuilding the dependency
and checking the the output is the same. Not having to rebuild Qt is a
good thing as it is huge.
IIRC this was the case with 0.8.6, so let's keep this to avoid the risk
of losing connectable nodes with 0.9 release.
Also our miniupnpc library was recently updated and I've heard
reports that it works better than before now.
OpenSSL was embedding a timestamp causing its build to be
non-deterministic.
Change deps-linux to be deterministic by using FAKETIME
as needed and disabling it when it gets in the way.
- Add 'g++' package (virtualbox images don't have this by default)
- Workaround for determinism in Qt5 resources
- Pass --disable-maintainer-mode --disable-dependency-tracking to
configure for libqrencode to avoid random errors about missing m4
directory
- Fix typo -with-pic -> --with-pic
It is not necessary to rebuild dependencies after this commit.
Fixes#3610 and #3612.
Instead of using the boost provided by Ubuntu 12.04, build our own
dependency like we do for Windows.
This allows using a much newer version (1.55 versus 1.46) as well as
building with `-fPIC` so that `-pie` can be used in the x86-64 build.