lbrycrd/contrib/gitian-descriptors/qt-win.yml
Wladimir J. van der Laan 4a811b0053
gitian: upgrade openssl to 1.0.1g for both win and linux
OpenSSL 1.0.1g fixes CVE-2014-0160.

Also bump dependency versions.
2014-04-08 08:40:02 +02:00

92 lines
4.5 KiB
YAML

---
name: "qt"
suites:
- "precise"
architectures:
- "amd64"
packages:
- "mingw-w64"
- "g++-mingw-w64"
- "zip"
- "unzip"
- "faketime"
- "libz-dev"
reference_datetime: "2011-01-30 00:00:00"
remotes: []
files:
- "qt-everywhere-opensource-src-5.2.0.tar.gz"
- "bitcoin-deps-win32-gitian-r11.zip"
- "bitcoin-deps-win64-gitian-r11.zip"
script: |
# Defines
export TZ=UTC
INDIR=$HOME/build
TEMPDIR=$HOME/tmp
# Qt: workaround for determinism in resource ordering
# Qt5's rcc uses a QHash to store the files for the resource.
# A security fix in QHash makes the ordering of keys to be different on every run
# (https://qt.gitorious.org/qt/qtbase/commit/c01eaa438200edc9a3bbcd8ae1e8ded058bea268).
# This is good in general but qrc shouldn't be doing a traversal over a randomized container.
# The thorough solution would be to use QMap instead of QHash, but this requires patching Qt.
# For now luckily there is a test mode that forces a fixed seed.
export QT_RCC_TEST=1
# Integrity Check
echo "395ec72277c5786c65b8163ef5817fd03d0a1f524a6d47f53624baf8056f1081 qt-everywhere-opensource-src-5.2.0.tar.gz" | sha256sum -c
for BITS in 32 64; do # for architectures
#
INSTALLPREFIX=$HOME/staging${BITS}
BUILDDIR=$HOME/build${BITS}
DEPSDIR=$HOME/deps${BITS}
if [ "$BITS" == "32" ]; then
HOST=i686-w64-mingw32
else
HOST=x86_64-w64-mingw32
fi
#
mkdir -p $INSTALLPREFIX $INSTALLPREFIX/host/bin $DEPSDIR $BUILDDIR
#
# Need mingw-compiled openssl from bitcoin-deps:
cd $DEPSDIR
unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r11.zip
#
cd $BUILDDIR
#
tar xzf $INDIR/qt-everywhere-opensource-src-5.2.0.tar.gz
cd qt-everywhere-opensource-src-5.2.0
SPECNAME="win32-g++"
SPECFILE="qtbase/mkspecs/${SPECNAME}/qmake.conf"
sed 's/qt_instdate=`date +%Y-%m-%d`/qt_instdate=2011-01-30/' -i qtbase/configure
sed --posix "s|QMAKE_CFLAGS = -pipe -fno-keep-inline-dllexport|QMAKE_CFLAGS\t\t= -pipe -fno-keep-inline-dllexport -isystem /usr/$HOST/include/ -frandom-seed=qtbuild -I$DEPSDIR/include|" -i ${SPECFILE}
sed --posix "s|QMAKE_LFLAGS =|QMAKE_LFLAGS\t\t= -L$DEPSDIR/lib|" -i ${SPECFILE}
# Before we tried to pass arguments to ar (static linking) in using QMAKE_LIB, however
# qt removes the arguments for ar and provides a script which makes it impossible to pass the determinism flag -
# so rather than try to replace ar, post-process all libraries and plugins at the end.
#
# Don't load faketime while compiling Qt, qmake will get stuck in nearly infinite loops
#export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
#export FAKETIME=$REFERENCE_DATETIME
#
# Compile static libraries, and use statically linked openssl (-openssl-linked):
OPENSSL_LIBS="-L$DEPSDIR/lib -lssl -lcrypto -lgdi32" ./configure -prefix $INSTALLPREFIX -bindir $INSTALLPREFIX/host/bin -confirm-license -release -opensource -static -xplatform $SPECNAME -device-option CROSS_COMPILE="$HOST-" -no-audio-backend -no-javascript-jit -no-sql-sqlite -no-sql-odbc -no-nis -no-cups -no-iconv -no-dbus -no-gif -no-opengl -no-compile-examples -no-feature-style-windowsce -no-feature-style-windowsmobile -no-qml-debug -openssl-linked -skip qtsvg -skip qtwebkit -skip qtwebkit-examples -skip qtserialport -skip qtdeclarative -skip qtmultimedia -skip qtimageformats -skip qtlocation -skip qtsensors -skip qtquick1 -skip qtquickcontrols -skip qtactiveqt -skip qtconnectivity -skip qtwinextras -skip qtxmlpatterns -skip qtscript -skip qtdoc -system-libpng -system-zlib
make $MAKEOPTS install
# post-process all generated libraries and plugins to be deterministic
# extract them to a temporary directory then re-build them deterministically
for LIB in $(find $INSTALLPREFIX -name *.a); do
rm -rf $TEMPDIR && mkdir $TEMPDIR && cd $TEMPDIR
$HOST-ar xv $LIB | cut -b5- > /tmp/list.txt
rm $LIB
$HOST-ar crsD $LIB $(cat /tmp/list.txt)
done
#
cd $INSTALLPREFIX
# Remove unused non-deterministic stuff
rm host/bin/qtpaths.exe lib/libQt5Bootstrap.a lib/libQt5Bootstrap.la
# as zip stores file timestamps, use faketime to intercept stat calls to set dates for all files to reference date
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
find -print0 | xargs -r0 touch # fix up timestamps before packaging
find | sort | zip -X@ $OUTDIR/qt-win${BITS}-5.2.0-gitian-r2.zip
unset LD_PRELOAD
unset FAKETIME
done # for BITS in