5f06e6ab9c
Upgrade for https://www.openssl.org/news/secadv_20140605.txt Just in case - there is no vulnerability that affects ecdsa signing or verification. The MITM attack vulnerability (CVE-2014-0224) may have some effect on our usage of SSL/TLS. As long as payment requests are signed (which is the common case), usage of the payment protocol should also not be affected. The TLS usage in RPC may be at risk for MITM attacks. If you have `-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
82 lines
2.8 KiB
YAML
82 lines
2.8 KiB
YAML
---
|
|
name: "dogecoin"
|
|
suites:
|
|
- "precise"
|
|
architectures:
|
|
- "i386"
|
|
- "amd64"
|
|
packages:
|
|
- "g++"
|
|
- "libqt4-dev"
|
|
- "git-core"
|
|
- "unzip"
|
|
- "pkg-config"
|
|
- "autoconf2.13"
|
|
- "libtool"
|
|
- "automake"
|
|
- "faketime"
|
|
- "bsdmainutils"
|
|
reference_datetime: "2013-06-01 00:00:00"
|
|
remotes:
|
|
- "url": "https://github.com/dogecoin/dogecoin.git"
|
|
"dir": "dogecoin"
|
|
files:
|
|
- "dogecoin-deps-linux32-gitian-r4a.zip"
|
|
- "dogecoin-deps-linux64-gitian-r4a.zip"
|
|
- "boost-linux32-1.55.0-gitian-r1.zip"
|
|
- "boost-linux64-1.55.0-gitian-r1.zip"
|
|
script: |
|
|
STAGING="$HOME/install"
|
|
OPTFLAGS='-O2'
|
|
BINDIR="${OUTDIR}/bin/${GBUILD_BITS}" # 32/64 bit build specific output directory
|
|
TEMPDIR="$HOME/tempdir"
|
|
export TZ=UTC
|
|
export LIBRARY_PATH="$STAGING/lib"
|
|
mkdir -p ${BINDIR}
|
|
#
|
|
mkdir -p $STAGING
|
|
cd $STAGING
|
|
unzip ../build/dogecoin-deps-linux${GBUILD_BITS}-gitian-r4a.zip
|
|
unzip ../build/boost-linux${GBUILD_BITS}-1.55.0-gitian-r1.zip
|
|
cd ../build
|
|
|
|
function do_configure {
|
|
./configure "$@" --enable-upnp-default --prefix=$STAGING --with-protoc-bindir=$STAGING/host/bin --with-boost=$STAGING --disable-maintainer-mode --disable-dependency-tracking PKG_CONFIG_PATH="$STAGING/lib/pkgconfig" CPPFLAGS="-I$STAGING/include ${OPTFLAGS}" LDFLAGS="-L$STAGING/lib ${OPTFLAGS}" CXXFLAGS="-frandom-seed=dogecoin ${OPTFLAGS}" BOOST_CHRONO_EXTRALIBS="-lrt"
|
|
}
|
|
#
|
|
cd dogecoin
|
|
./autogen.sh
|
|
do_configure
|
|
make dist
|
|
DISTNAME=`echo dogecoin-*.tar.gz`
|
|
|
|
# Build dynamic versions of everything
|
|
# (with static linking to boost and openssl as well a some non-OS deps)
|
|
mkdir -p distsrc
|
|
cd distsrc
|
|
tar --strip-components=1 -xf ../$DISTNAME
|
|
do_configure --bindir=$BINDIR
|
|
make $MAKEOPTS
|
|
make $MAKEOPTS install-strip
|
|
make $MAKEOPTS clean
|
|
|
|
# Build fully static versions of dogecoind and dogecoin-cli for older Linux distros
|
|
STATIC_BINDIR="$HOME/bindir.static"
|
|
mkdir -p $STATIC_BINDIR
|
|
# For 32-bit, -pie cannot be used with -static, as invalid executables are generated
|
|
# For 64-bit, -pie with -static causes a link error
|
|
# Disable hardening in configure and manually pass 'static-safe' hardening flags
|
|
OPTFLAGS='-O2 -static -Wstack-protector -fstack-protector-all -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now'
|
|
do_configure --bindir=$STATIC_BINDIR --disable-tests --enable-upnp-default --without-gui --disable-hardening
|
|
make $MAKEOPTS
|
|
make $MAKEOPTS install-strip
|
|
cp $STATIC_BINDIR/dogecoind $BINDIR/dogecoin.static
|
|
cp $STATIC_BINDIR/dogecoin-cli $BINDIR/dogecoin-cli.static
|
|
|
|
# sort distribution tar file and normalize user/group/mtime information for deterministic output
|
|
mkdir -p $OUTDIR/src
|
|
rm -rf $TEMPDIR
|
|
mkdir -p $TEMPDIR
|
|
cd $TEMPDIR
|
|
tar -xvf $HOME/build/dogecoin/$DISTNAME | sort | tar --no-recursion -cT /dev/stdin --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 --mtime="$REFERENCE_DATETIME" | gzip -n > $OUTDIR/src/$DISTNAME
|