Commit graph

33 commits

Author SHA1 Message Date
Cory Fields
a81c87fafc release: add security/symbol checks to gitian 2016-01-26 23:07:04 -05:00
Wladimir J. van der Laan
3b468a0e60 gitian: Need ca-certificates and python for LXC builds 2016-01-18 10:59:14 +01:00
Wladimir J. van der Laan
eb2b74526a
Merge pull request #7251
fa09562 [gitian] Set reference date to something more recent (MarcoFalke)
2016-01-04 09:29:58 +01:00
MarcoFalke
fa095622c2 [gitian] Set reference date to something more recent 2016-01-02 18:11:49 +01:00
Wladimir J. van der Laan
c12ff995f7
Now that 0.12 has been branched, master is 0.12.99
... in preparation for 0.13
2015-12-03 12:07:01 +01:00
Wladimir J. van der Laan
2e31d74b71 gitian: use trusty for building 2015-11-16 16:39:24 +01:00
Wladimir J. van der Laan
21d27ebad5 net: Disable upnp by default
Common sentiment is that the miniupnpc codebase likely contains further
vulnerabilities.

I'd prefer to get rid of the dependency completely, but a compromise for
now is to at least disable it by default.
2015-10-09 21:09:44 +02:00
Cory Fields
960e99404f gitian: Bump cache dir for current master
Do not backport.
2015-06-02 10:41:56 -04:00
Cory Fields
be656283f9 gitian: bump faketime to something more recent
This helps in file views where binaries are sorted by time
2015-06-02 10:39:34 -04:00
Cory Fields
c95ac83e51 gitian: fix x86_64 build with static libstdc++ 2015-02-23 19:43:25 -05:00
Cory Fields
06715165f9 build: change reduce exports/static libstdc++ options for gitian and travis
For Gitian releases:
  - Windows builds remain unchanged. libstdc++ was already linked statically.
  - OSX builds remain unchanged. libstdc++ is tied to the SDK and not worth
    messing with.
  - Linux builds now statically link libstdc++.

For Travis:
  - Match the previous behavior by adding --enable-reduce-exports as
  necessary.
  - Use static libstdc++ for the full Linux build.
2015-02-23 18:22:58 -05:00
Cory Fields
0c6ab676ee gitian: don't add . to tar list
Since permissions and timestamps are changed for the sake of determinism,
. must not be added to the archive. Otherwise, tar may try to modify pwd when
extracting.
2015-02-13 03:08:08 -05:00
Cory Fields
566c6cb8a2 gitian: attempt to fix tarball determinisim 2014-12-23 19:43:27 -05:00
Cory Fields
52bb7a7e1b gitian: update descriptors to use a sane uniform output 2014-11-25 18:49:02 -05:00
Cory Fields
246659aff1 gitian: make tarballs deterministic and nuke .la files from build output 2014-11-19 22:49:41 -05:00
Cory Fields
1aead42d41 gitian: descriptors overhaul
Descriptors now make use of the dependencies builder, so results are cached.
A very new version (>= e9741525c) of Gitian should be used in order to take
advantage of caching.
2014-11-19 22:49:41 -05:00
Cory Fields
a7ec027311 gitian: remove unneeded option after last commit 2014-07-22 09:21:09 -04:00
Wladimir J. van der Laan
6e7c4d17d8 gitian: upgrade OpenSSL to 1.0.1h
Upgrade for https://www.openssl.org/news/secadv_20140605.txt

Just in case - there is no vulnerability that affects ecdsa signing or
verification.

The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.

As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.

The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
2014-06-05 17:24:38 +02:00
Wladimir J. van der Laan
51cb8fe870
gitian: use right qt tools in linux build
If the `libqt4-dev` package is installed it picks the moc executable
from the system instead of our custom-built one. This results in
compatibility errors.

This commit convinces configure to pick the right one.
2014-05-02 15:15:45 +02:00
Wladimir J. van der Laan
92e3022f88 gitian: don't export any symbols from executable
This avoids conflicts between the libraries statically linked into bitcoin and any
libraries we may link dynamically (such as Qt and OpenSSL, see issue #4094).
It also avoids start-up overhead to not export any unnecessary symbols.
To do this, build a linker script that marks all symbols as local.
2014-04-30 15:30:39 +02:00
Wladimir J. van der Laan
3ab1664594 gitian: build against Qt 4.6
Should make it possible to run the resulting GUI executable on
Linux distributions that use Qt 4.6, such as Debian Wheezy and Tails.

Builds a mini-SDK for building against Qt 4.6. This includes the headers
as well as host utilities such as `lrelease`, `qrc` and `moc`.

This speeds up the gitian build a bit - libqt4-dev pulled in a lot of packages,
and is no longer needed as this provides a replacement of our own.

Note: This does not replace the Qt build with at static library. After this
commit we still build dynamically against the system Qt library. The only
difference is that compatibility with an older version is maintained. This
loses minor GUI functionality (such as setPlaceholderText) but still
allows integration into the window management of the host OS, unlike
when statically linking.
2014-04-30 15:30:39 +02:00
Warren Togami
49a3352c1c gitian-linux: --enable-glibc-back-compat 2014-04-10 22:28:26 -04:00
Wladimir J. van der Laan
25d4911e86 gitian: upgrade miniupnpc input to 1.9
Bumps deps-linux, deps-win dependency versions as well.

qt-win does not need to be bumped, as although it depends on deps-win,
Qt doesn't use miniupnp. I verified this by rebuilding the dependency
and checking the the output is the same. Not having to rebuild Qt is a
good thing as it is huge.
2014-04-09 14:24:17 +02:00
Wladimir J. van der Laan
fa2b42533a
Merge pull request #4023
4a811b0 gitian: upgrade openssl to 1.0.1g for both win and linux (Wladimir J. van der Laan)
2014-04-08 10:56:01 +02:00
Wladimir J. van der Laan
4a811b0053
gitian: upgrade openssl to 1.0.1g for both win and linux
OpenSSL 1.0.1g fixes CVE-2014-0160.

Also bump dependency versions.
2014-04-08 08:40:02 +02:00
Wladimir J. van der Laan
ddcd1afc5f gitian: add statically built variant of bitcoind/bitcoin-cli 2014-03-26 09:48:22 +01:00
Wladimir J. van der Laan
93c3e21e92 Re-enable UPnP by default in gitian builds
IIRC this was the case with 0.8.6, so let's keep this to avoid the risk
of losing connectable nodes with 0.9 release.

Also our miniupnpc library was recently updated and I've heard
reports that it works better than before now.
2014-02-27 15:44:00 +01:00
Wladimir J. van der Laan
1552145ae5 gitian: Sort generated source distribution archive
Sort the filenames in the resulting tar, normalize the time/date
and user/group information.
2014-02-10 10:01:06 +01:00
Wladimir J. van der Laan
aa9348563c gitian: Make linux build of OpenSSL deterministic
OpenSSL was embedding a timestamp causing its build to be
non-deterministic.
Change deps-linux to be deterministic by using FAKETIME
as needed and disabling it when it gets in the way.
2014-02-06 19:37:16 +01:00
Wladimir J. van der Laan
65615a3a78 Gitian fixes for 0.9.0rc1 build
- Add 'g++' package (virtualbox images don't have this by default)
- Workaround for determinism in Qt5 resources
- Pass --disable-maintainer-mode --disable-dependency-tracking to
  configure for libqrencode to avoid random errors about missing m4
  directory
- Fix typo -with-pic -> --with-pic

It is not necessary to rebuild dependencies after this commit.
Fixes #3610 and #3612.
2014-02-03 14:43:51 +01:00
Wladimir J. van der Laan
1cbbeb6a27 gitian: Add openssl to linux deps
Build OpenSSL instead of using distribution-provided
library.
2014-01-16 12:45:04 +01:00
Wladimir J. van der Laan
64be7f7892 gitian: Build boost dependency for linux
Instead of using the boost provided by Ubuntu 12.04, build our own
dependency like we do for Windows.

This allows using a much newer version (1.55 versus 1.46) as well as
building with `-fPIC` so that `-pie` can be used in the x86-64 build.
2014-01-16 12:45:03 +01:00
Micha
f4e72bf8d2
Make gitian builds consistent across platforms
Change Linux deps to use a zip archive rather than a gzipped tarball to
match win32
Rename Linux descriptor to gitian-linux.yml to match win32
2014-01-15 22:56:17 +02:00
Renamed from contrib/gitian-descriptors/gitian.yml (Browse further)