Wladimir J. van der Laan 4a811b0053
gitian: upgrade openssl to 1.0.1g for both win and linux
OpenSSL 1.0.1g fixes CVE-2014-0160.

Also bump dependency versions.
2014-04-08 08:40:02 +02:00

129 lines
4.4 KiB
YAML

---
name: "bitcoin-deps"
suites:
- "precise"
architectures:
- "amd64"
packages:
- "mingw-w64"
- "g++-mingw-w64"
- "git-core"
- "zip"
- "faketime"
- "psmisc"
reference_datetime: "2011-01-30 00:00:00"
remotes: []
files:
- "openssl-1.0.1g.tar.gz"
- "db-4.8.30.NC.tar.gz"
- "miniupnpc-1.8.tar.gz"
- "zlib-1.2.8.tar.gz"
- "libpng-1.6.8.tar.gz"
- "qrencode-3.4.3.tar.bz2"
script: |
#
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
INDIR=$HOME/build
TEMPDIR=$HOME/tmp
# Input Integrity Check
echo "53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 openssl-1.0.1g.tar.gz" | sha256sum -c
echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c
echo "bc5f73c7b0056252c1888a80e6075787a1e1e9112b808f863a245483ff79859c miniupnpc-1.8.tar.gz" | sha256sum -c
echo "36658cb768a54c1d4dec43c3116c27ed893e88b02ecfcb44f2166f9c0b7f2a0d zlib-1.2.8.tar.gz" | sha256sum -c
echo "32c7acf1608b9c8b71b743b9780adb7a7b347563dbfb4a5263761056da44cc96 libpng-1.6.8.tar.gz" | sha256sum -c
echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c
for BITS in 32 64; do # for architectures
#
INSTALLPREFIX=$HOME/staging${BITS}
BUILDDIR=$HOME/build${BITS}
if [ "$BITS" == "32" ]; then
HOST=i686-w64-mingw32
else
HOST=x86_64-w64-mingw32
fi
#
mkdir -p $INSTALLPREFIX $BUILDDIR
cd $BUILDDIR
#
tar xzf $INDIR/openssl-1.0.1g.tar.gz
cd openssl-1.0.1g
if [ "$BITS" == "32" ]; then
OPENSSL_TGT=mingw
else
OPENSSL_TGT=mingw64
fi
./Configure --cross-compile-prefix=$HOST- ${OPENSSL_TGT} no-shared no-dso --openssldir=$INSTALLPREFIX
make
make install_sw
cd ..
#
tar xzf $INDIR/db-4.8.30.NC.tar.gz
cd db-4.8.30.NC/build_unix
../dist/configure --prefix=$INSTALLPREFIX --enable-mingw --enable-cxx --host=$HOST --disable-shared
make $MAKEOPTS library_build
make install_lib install_include
cd ../..
#
tar xzf $INDIR/miniupnpc-1.8.tar.gz
cd miniupnpc-1.8
echo "
--- miniupnpc-1.8/Makefile.mingw.orig 2013-09-29 18:52:51.014087958 -1000
+++ miniupnpc-1.8/Makefile.mingw 2013-09-29 19:09:29.663318691 -1000
@@ -67,8 +67,8 @@
wingenminiupnpcstrings.o: wingenminiupnpcstrings.c
-miniupnpcstrings.h: miniupnpcstrings.h.in wingenminiupnpcstrings
- wingenminiupnpcstrings \$< \$@
+miniupnpcstrings.h: miniupnpcstrings.h.in
+ sed -e 's|OS/version|MSWindows/5.1.2600|' -e 's|MINIUPNPC_VERSION_STRING \"version\"|MINIUPNPC_VERSION_STRING \"VERSIONHERE\"|' \$< > \$@
minixml.o: minixml.c minixml.h miniupnpcstrings.h
" | sed "s/VERSIONHERE/$(cat VERSION)/" | patch -p1
mkdir -p dll
make -f Makefile.mingw CC=$HOST-gcc AR=$HOST-ar libminiupnpc.a
install -d $INSTALLPREFIX/include/miniupnpc
install *.h $INSTALLPREFIX/include/miniupnpc
install libminiupnpc.a $INSTALLPREFIX/lib
cd ..
#
tar xzf $INDIR/zlib-1.2.8.tar.gz
cd zlib-1.2.8
CROSS_PREFIX=$HOST- ./configure --prefix=$INSTALLPREFIX --static
make
make install
cd ..
#
tar xzf $INDIR/libpng-1.6.8.tar.gz
cd libpng-1.6.8
OPT="-O2"
CPPFLAGS="${OPT} -I$INSTALLPREFIX/include" CFLAGS="${OPT} -I$INSTALLPREFIX/include" LDFLAGS="${OPT} -L$INSTALLPREFIX/lib" ./configure --disable-shared --prefix=$INSTALLPREFIX --host=$HOST
make $MAKEOPTS
make install
cd ..
#
tar xjf $INDIR/qrencode-3.4.3.tar.bz2
cd qrencode-3.4.3
png_CFLAGS="-I$INSTALLPREFIX/include" png_LIBS="-L$INSTALLPREFIX/lib -lpng" ./configure --prefix=$INSTALLPREFIX --host=$HOST --enable-static --disable-shared --without-tools --disable-dependency-tracking
# Workaround to prevent re-configuring by make (resulting in missing m4 error); make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
make
make install
cd ..
# post-process all generated libraries to be deterministic
# extract them to a temporary directory then re-build them deterministically
for LIB in $(find $INSTALLPREFIX -name \*.a); do
rm -rf $TEMPDIR && mkdir $TEMPDIR && cd $TEMPDIR
$HOST-ar xv $LIB | cut -b5- > /tmp/list.txt
rm $LIB
$HOST-ar crsD $LIB $(cat /tmp/list.txt)
done
#
cd $INSTALLPREFIX
find include lib | sort | zip -X@ $OUTDIR/bitcoin-deps-win$BITS-gitian-r11.zip
done # for BITS in