lbrycrd/contrib/gitian-descriptors/gitian-win.yml
Wladimir J. van der Laan 4a811b0053
gitian: upgrade openssl to 1.0.1g for both win and linux
OpenSSL 1.0.1g fixes CVE-2014-0160.

Also bump dependency versions.
2014-04-08 08:40:02 +02:00

97 lines
3.7 KiB
YAML

---
name: "bitcoin"
suites:
- "precise"
architectures:
- "amd64"
packages:
- "mingw-w64"
- "g++-mingw-w64"
- "git-core"
- "unzip"
- "nsis"
- "faketime"
- "autoconf2.13"
- "libtool"
- "automake"
- "pkg-config"
- "bsdmainutils"
reference_datetime: "2013-06-01 00:00:00"
remotes:
- "url": "https://github.com/bitcoin/bitcoin.git"
"dir": "bitcoin"
files:
- "qt-win32-5.2.0-gitian-r2.zip"
- "qt-win64-5.2.0-gitian-r2.zip"
- "boost-win32-1.55.0-gitian-r6.zip"
- "boost-win64-1.55.0-gitian-r6.zip"
- "bitcoin-deps-win32-gitian-r11.zip"
- "bitcoin-deps-win64-gitian-r11.zip"
- "protobuf-win32-2.5.0-gitian-r4.zip"
- "protobuf-win64-2.5.0-gitian-r4.zip"
script: |
# Defines
export TZ=UTC
INDIR=$HOME/build
OPTFLAGS='-O2'
TEMPDIR="$HOME/tempdir"
NEEDDIST=1
# Qt: workaround for determinism in resource ordering
# Qt5's rcc uses a QHash to store the files for the resource.
# A security fix in QHash makes the ordering of keys to be different on every run
# (https://qt.gitorious.org/qt/qtbase/commit/c01eaa438200edc9a3bbcd8ae1e8ded058bea268).
# This is good in general but qrc shouldn't be doing a traversal over a randomized container.
# The thorough solution would be to use QMap instead of QHash, but this requires patching Qt.
# For now luckily there is a test mode that forces a fixed seed.
export QT_RCC_TEST=1
for BITS in 32 64; do # for architectures
#
STAGING=$HOME/staging${BITS}
BUILDDIR=$HOME/build${BITS}
BINDIR=$OUTDIR/$BITS
if [ "$BITS" == "32" ]; then
HOST=i686-w64-mingw32
else
HOST=x86_64-w64-mingw32
fi
export PATH=$STAGING/host/bin:$PATH
mkdir -p $STAGING $BUILDDIR $BINDIR
#
cd $STAGING
unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r2.zip
unzip $INDIR/boost-win${BITS}-1.55.0-gitian-r6.zip
unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r11.zip
unzip $INDIR/protobuf-win${BITS}-2.5.0-gitian-r4.zip
if [ "$NEEDDIST" == "1" ]; then
# Make source code archive which is architecture independent so it only needs to be done once
cd $HOME/build/bitcoin
./autogen.sh
./configure --bindir=$OUTDIR --prefix=$STAGING --host=$HOST --with-qt-plugindir=$STAGING/plugins --with-qt-incdir=$STAGING/include --with-qt-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --with-protoc-bindir=$STAGING/host/bin --disable-dependency-tracking CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}"
make dist
DISTNAME=`echo bitcoin-*.tar.gz`
NEEDDIST=0
fi
# Build platform-dependent executables from source archive
cd $BUILDDIR
mkdir -p distsrc
cd distsrc
tar --strip-components=1 -xf $HOME/build/bitcoin/$DISTNAME
./configure --enable-upnp-default --bindir=$BINDIR --prefix=$STAGING --host=$HOST --with-qt-plugindir=$STAGING/plugins --with-qt-incdir=$STAGING/include --with-qt-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --with-protoc-bindir=$STAGING/host/bin --disable-dependency-tracking CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=bitcoin ${OPTFLAGS}"
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
make $MAKEOPTS
make deploy
make install-strip
cp -f bitcoin-*setup*.exe $BINDIR/
unset LD_PRELOAD
unset FAKETIME
done # for BITS in
# sort distribution tar file and normalize user/group/mtime information for deterministic output
mkdir -p $OUTDIR/src
rm -rf $TEMPDIR
mkdir -p $TEMPDIR
cd $TEMPDIR
tar -xvf $HOME/build/bitcoin/$DISTNAME | sort | tar --no-recursion -cT /dev/stdin --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 --mtime="$REFERENCE_DATETIME" | gzip -n > $OUTDIR/src/$DISTNAME