Wladimir J. van der Laan 3ae41a64dd
gitian: upgrade OpenSSL to 1.0.1h
Upgrade for https://www.openssl.org/news/secadv_20140605.txt

Just in case - there is no vulnerability that affects ecdsa signing or
verification.

The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.

As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.

The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.

Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
Rebased-From: 6e7c4d1
2014-06-06 18:59:56 +02:00

98 lines
3.7 KiB
YAML

---
name: "bitcoin"
suites:
- "precise"
architectures:
- "amd64"
packages:
- "mingw-w64"
- "g++-mingw-w64"
- "git-core"
- "unzip"
- "nsis"
- "faketime"
- "autoconf2.13"
- "libtool"
- "automake"
- "pkg-config"
- "bsdmainutils"
reference_datetime: "2013-06-01 00:00:00"
remotes:
- "url": "https://github.com/bitcoin/bitcoin.git"
"dir": "bitcoin"
files:
- "qt-win32-5.2.0-gitian-r3.zip"
- "qt-win64-5.2.0-gitian-r3.zip"
- "boost-win32-1.55.0-gitian-r6.zip"
- "boost-win64-1.55.0-gitian-r6.zip"
- "bitcoin-deps-win32-gitian-r13.zip"
- "bitcoin-deps-win64-gitian-r13.zip"
- "protobuf-win32-2.5.0-gitian-r4.zip"
- "protobuf-win64-2.5.0-gitian-r4.zip"
script: |
# Defines
export TZ=UTC
INDIR=$HOME/build
OPTFLAGS='-O2'
TEMPDIR="$HOME/tempdir"
NEEDDIST=1
# Qt: workaround for determinism in resource ordering
# Qt5's rcc uses a QHash to store the files for the resource.
# A security fix in QHash makes the ordering of keys to be different on every run
# (https://qt.gitorious.org/qt/qtbase/commit/c01eaa438200edc9a3bbcd8ae1e8ded058bea268).
# This is good in general but qrc shouldn't be doing a traversal over a randomized container.
# The thorough solution would be to use QMap instead of QHash, but this requires patching Qt.
# For now luckily there is a test mode that forces a fixed seed.
export QT_RCC_TEST=1
for BITS in 32 64; do # for architectures
#
STAGING=$HOME/staging${BITS}
BUILDDIR=$HOME/build${BITS}
BINDIR=$OUTDIR/$BITS
if [ "$BITS" == "32" ]; then
HOST=i686-w64-mingw32
else
HOST=x86_64-w64-mingw32
fi
export PATH=$STAGING/host/bin:$PATH
mkdir -p $STAGING $BUILDDIR $BINDIR
#
cd $STAGING
unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r3.zip
unzip $INDIR/boost-win${BITS}-1.55.0-gitian-r6.zip
unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r13.zip
unzip $INDIR/protobuf-win${BITS}-2.5.0-gitian-r4.zip
if [ "$NEEDDIST" == "1" ]; then
# Make source code archive which is architecture independent so it only needs to be done once
cd $HOME/build/bitcoin
./autogen.sh
./configure --bindir=$OUTDIR --prefix=$STAGING --host=$HOST --with-qt-plugindir=$STAGING/plugins --with-qt-incdir=$STAGING/include --with-qt-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --with-protoc-bindir=$STAGING/host/bin --disable-dependency-tracking CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}"
make dist
DISTNAME=`echo bitcoin-*.tar.gz`
NEEDDIST=0
fi
# Build platform-dependent executables from source archive
cd $BUILDDIR
mkdir -p distsrc
cd distsrc
tar --strip-components=1 -xf $HOME/build/bitcoin/$DISTNAME
./configure --enable-upnp-default --bindir=$BINDIR --prefix=$STAGING --host=$HOST --with-qt-plugindir=$STAGING/plugins --with-qt-incdir=$STAGING/include --with-qt-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --with-protoc-bindir=$STAGING/host/bin --disable-dependency-tracking CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}"
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS
make deploy
make install-strip
cp -f bitcoin-*setup*.exe $BINDIR/
unset LD_PRELOAD
unset FAKETIME
done # for BITS in
# sort distribution tar file and normalize user/group/mtime information for deterministic output
mkdir -p $OUTDIR/src
rm -rf $TEMPDIR
mkdir -p $TEMPDIR
cd $TEMPDIR
tar -xvf $HOME/build/bitcoin/$DISTNAME | sort | tar --no-recursion -cT /dev/stdin --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 --mtime="$REFERENCE_DATETIME" | gzip -n > $OUTDIR/src/$DISTNAME