4a811b0053
OpenSSL 1.0.1g fixes CVE-2014-0160. Also bump dependency versions.
92 lines
4.5 KiB
YAML
92 lines
4.5 KiB
YAML
---
|
|
name: "qt"
|
|
suites:
|
|
- "precise"
|
|
architectures:
|
|
- "amd64"
|
|
packages:
|
|
- "mingw-w64"
|
|
- "g++-mingw-w64"
|
|
- "zip"
|
|
- "unzip"
|
|
- "faketime"
|
|
- "libz-dev"
|
|
reference_datetime: "2011-01-30 00:00:00"
|
|
remotes: []
|
|
files:
|
|
- "qt-everywhere-opensource-src-5.2.0.tar.gz"
|
|
- "bitcoin-deps-win32-gitian-r11.zip"
|
|
- "bitcoin-deps-win64-gitian-r11.zip"
|
|
script: |
|
|
# Defines
|
|
export TZ=UTC
|
|
INDIR=$HOME/build
|
|
TEMPDIR=$HOME/tmp
|
|
# Qt: workaround for determinism in resource ordering
|
|
# Qt5's rcc uses a QHash to store the files for the resource.
|
|
# A security fix in QHash makes the ordering of keys to be different on every run
|
|
# (https://qt.gitorious.org/qt/qtbase/commit/c01eaa438200edc9a3bbcd8ae1e8ded058bea268).
|
|
# This is good in general but qrc shouldn't be doing a traversal over a randomized container.
|
|
# The thorough solution would be to use QMap instead of QHash, but this requires patching Qt.
|
|
# For now luckily there is a test mode that forces a fixed seed.
|
|
export QT_RCC_TEST=1
|
|
# Integrity Check
|
|
echo "395ec72277c5786c65b8163ef5817fd03d0a1f524a6d47f53624baf8056f1081 qt-everywhere-opensource-src-5.2.0.tar.gz" | sha256sum -c
|
|
|
|
for BITS in 32 64; do # for architectures
|
|
#
|
|
INSTALLPREFIX=$HOME/staging${BITS}
|
|
BUILDDIR=$HOME/build${BITS}
|
|
DEPSDIR=$HOME/deps${BITS}
|
|
if [ "$BITS" == "32" ]; then
|
|
HOST=i686-w64-mingw32
|
|
else
|
|
HOST=x86_64-w64-mingw32
|
|
fi
|
|
#
|
|
mkdir -p $INSTALLPREFIX $INSTALLPREFIX/host/bin $DEPSDIR $BUILDDIR
|
|
#
|
|
# Need mingw-compiled openssl from bitcoin-deps:
|
|
cd $DEPSDIR
|
|
unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r11.zip
|
|
#
|
|
cd $BUILDDIR
|
|
#
|
|
tar xzf $INDIR/qt-everywhere-opensource-src-5.2.0.tar.gz
|
|
cd qt-everywhere-opensource-src-5.2.0
|
|
SPECNAME="win32-g++"
|
|
SPECFILE="qtbase/mkspecs/${SPECNAME}/qmake.conf"
|
|
sed 's/qt_instdate=`date +%Y-%m-%d`/qt_instdate=2011-01-30/' -i qtbase/configure
|
|
sed --posix "s|QMAKE_CFLAGS = -pipe -fno-keep-inline-dllexport|QMAKE_CFLAGS\t\t= -pipe -fno-keep-inline-dllexport -isystem /usr/$HOST/include/ -frandom-seed=qtbuild -I$DEPSDIR/include|" -i ${SPECFILE}
|
|
sed --posix "s|QMAKE_LFLAGS =|QMAKE_LFLAGS\t\t= -L$DEPSDIR/lib|" -i ${SPECFILE}
|
|
# Before we tried to pass arguments to ar (static linking) in using QMAKE_LIB, however
|
|
# qt removes the arguments for ar and provides a script which makes it impossible to pass the determinism flag -
|
|
# so rather than try to replace ar, post-process all libraries and plugins at the end.
|
|
#
|
|
# Don't load faketime while compiling Qt, qmake will get stuck in nearly infinite loops
|
|
#export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
|
|
#export FAKETIME=$REFERENCE_DATETIME
|
|
#
|
|
# Compile static libraries, and use statically linked openssl (-openssl-linked):
|
|
OPENSSL_LIBS="-L$DEPSDIR/lib -lssl -lcrypto -lgdi32" ./configure -prefix $INSTALLPREFIX -bindir $INSTALLPREFIX/host/bin -confirm-license -release -opensource -static -xplatform $SPECNAME -device-option CROSS_COMPILE="$HOST-" -no-audio-backend -no-javascript-jit -no-sql-sqlite -no-sql-odbc -no-nis -no-cups -no-iconv -no-dbus -no-gif -no-opengl -no-compile-examples -no-feature-style-windowsce -no-feature-style-windowsmobile -no-qml-debug -openssl-linked -skip qtsvg -skip qtwebkit -skip qtwebkit-examples -skip qtserialport -skip qtdeclarative -skip qtmultimedia -skip qtimageformats -skip qtlocation -skip qtsensors -skip qtquick1 -skip qtquickcontrols -skip qtactiveqt -skip qtconnectivity -skip qtwinextras -skip qtxmlpatterns -skip qtscript -skip qtdoc -system-libpng -system-zlib
|
|
make $MAKEOPTS install
|
|
# post-process all generated libraries and plugins to be deterministic
|
|
# extract them to a temporary directory then re-build them deterministically
|
|
for LIB in $(find $INSTALLPREFIX -name *.a); do
|
|
rm -rf $TEMPDIR && mkdir $TEMPDIR && cd $TEMPDIR
|
|
$HOST-ar xv $LIB | cut -b5- > /tmp/list.txt
|
|
rm $LIB
|
|
$HOST-ar crsD $LIB $(cat /tmp/list.txt)
|
|
done
|
|
#
|
|
cd $INSTALLPREFIX
|
|
# Remove unused non-deterministic stuff
|
|
rm host/bin/qtpaths.exe lib/libQt5Bootstrap.a lib/libQt5Bootstrap.la
|
|
# as zip stores file timestamps, use faketime to intercept stat calls to set dates for all files to reference date
|
|
export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
|
|
export FAKETIME=$REFERENCE_DATETIME
|
|
find -print0 | xargs -r0 touch # fix up timestamps before packaging
|
|
find | sort | zip -X@ $OUTDIR/qt-win${BITS}-5.2.0-gitian-r2.zip
|
|
unset LD_PRELOAD
|
|
unset FAKETIME
|
|
done # for BITS in
|