LBRYCommunity/lbrycrd
1
0
Fork 0
Code Issues 29 Pull requests 1 Projects Releases 32 Packages Wiki Activity
lbrycrd/contrib/gitian-descriptors/deps-linux.yml
Wladimir J. van der Laan 6e7c4d17d8 gitian: upgrade OpenSSL to 1.0.1h 
Upgrade for https://www.openssl.org/news/secadv_20140605.txt

Just in case - there is no vulnerability that affects ecdsa signing or
verification.

The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.

As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.

The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
2014-06-05 17:24:38 +02:00

98 lines
3.6 KiB
YAML
Raw Blame History

---
name: "bitcoin"
suites:
- "precise"
architectures:
- "i386"
- "amd64"
packages:
- "g++"
- "unzip"
- "zip"
- "pkg-config"
- "libtool"
- "faketime"
- "bsdmainutils"
reference_datetime: "2013-06-01 00:00:00"
remotes: []
files:
- "openssl-1.0.1h.tar.gz"
- "miniupnpc-1.9.tar.gz"
- "qrencode-3.4.3.tar.bz2"
- "protobuf-2.5.0.tar.bz2"
- "db-4.8.30.NC.tar.gz"
script: |
STAGING="$HOME/install"
TEMPDIR="$HOME/tmp"
OPTFLAGS='-O2'
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
export LIBRARY_PATH="$STAGING/lib"
# Integrity Check
echo "9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 openssl-1.0.1h.tar.gz" | sha256sum -c
echo "2923e453e880bb949e3d4da9f83dd3cb6f08946d35de0b864d0339cf70934464 miniupnpc-1.9.tar.gz" | sha256sum -c
echo "dfd71487513c871bad485806bfd1fdb304dedc84d2b01a8fb8e0940b50597a98 qrencode-3.4.3.tar.bz2" | sha256sum -c
echo "13bfc5ae543cf3aa180ac2485c0bc89495e3ae711fc6fab4f8ffe90dfb4bb677 protobuf-2.5.0.tar.bz2" | sha256sum -c
echo "12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz" | sha256sum -c
#
tar xzf openssl-1.0.1h.tar.gz
cd openssl-1.0.1h
# need -fPIC to avoid relocation error in 64 bit builds
./config no-shared no-zlib no-dso no-krb5 --openssldir=$STAGING -fPIC
# need to build OpenSSL with faketime because a timestamp is embedded into cversion.o
make
make install_sw
cd ..
#
tar xzfm miniupnpc-1.9.tar.gz
cd miniupnpc-1.9
# miniupnpc is always built with -fPIC
INSTALLPREFIX=$STAGING make $MAKEOPTS install
rm -f $STAGING/lib/libminiupnpc.so* # no way to skip shared lib build
cd ..
#
tar xjf qrencode-3.4.3.tar.bz2
cd qrencode-3.4.3
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
# need --with-pic to avoid relocation error in 64 bit builds
./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-dependency-tracking
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS install
cd ..
#
tar xjf protobuf-2.5.0.tar.bz2
cd protobuf-2.5.0
mkdir -p $STAGING/host/bin
unset FAKETIME # unset fake time during configure, as it does some clock sanity tests
# need --with-pic to avoid relocation error in 64 bit builds
./configure --prefix=$STAGING --bindir=$STAGING/host/bin --enable-static --disable-shared --with-pic --without-zlib
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS install
cd ..
#
tar xzf db-4.8.30.NC.tar.gz
cd db-4.8.30.NC/build_unix
# need --with-pic to avoid relocation error in 64 bit builds
../dist/configure --prefix=$STAGING --enable-cxx --disable-shared --with-pic
# Workaround to prevent re-configuring by make; make all files have a date in the past
find . -print0 | xargs -r0 touch -t 200001010000
make $MAKEOPTS library_build
make install_lib install_include
cd ../..
# post-process all generated libraries to be deterministic
# extract them to a temporary directory then re-build them deterministically
for LIB in $(find $STAGING -name \*.a); do
rm -rf $TEMPDIR && mkdir $TEMPDIR && cd $TEMPDIR
ar xv $LIB | cut -b5- > /tmp/list.txt
rm $LIB
ar crsD $LIB $(cat /tmp/list.txt)
done
#
cd $STAGING
find include lib bin host | sort | zip -X@ $OUTDIR/bitcoin-deps-linux${GBUILD_BITS}-gitian-r6.zip
Reference in a new issue View git blame Copy permalink