mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-10 20:03:34 -03:00
Merge bitcoin/bitcoin#21239: guix: Add codesignature attachment support for osx+win
ee883201cf
guix: repro: Sort find output in libtool for gcc-8 (Carl Dong)ee0a67c32a
codesigning: Use SHA256 as digest for osslsigncode (Windows) (Carl Dong)38eb91eb06
guix: Add codesigning functionality (Carl Dong)bac2690e6f
guix: Package codesigning tools (Carl Dong)0a2176d477
guix: Reindent existing manifest.scm (Carl Dong)c090a3e923
Makefile.am: use APP_DIST_DIR instead of hard-coding dist (Carl Dong) Pull request description: This is the last PR before we reach feature-parity with the Gitian process! Note: I tried using the `Makefile` inside the distsrc to make the dmg instead of manually listing out the commands, but `make` seems to want to re-make a lot of other files which broke the dmg. The workflow looks something like this: 1. `env [ FOO=bar... ] ./contrib/guix/guix-build` (add additional env vars as necessary) 2. Codesigners only: 1. Copy `guix-build-<short-id>/output/x86_64-apple-darwin18/bitcoin-<short-id>-osx-unsigned.tar.gz` and `guix-build-<short-id>/output/x86_64-w64-mingw32/bitcoin-<short-id>-win-unsigned.tar.gz` to signing computer 2. Codesign with `./detached-sig-create.sh` inside the tarball 3. Upload contents of `signature-{osx,win}.tar.gz` to https://github.com/bitcoin-core/bitcoin-detached-sigs (as a new tag) 3. Checkout new tag for `bitcoin-core/bitcoin-detached-sigs` with the detached signatures 4. `env [ FOO=bar... ] DETACHED_SIGS_REPO=<path/to/bitcoin-detached-sigs> ./contrib/guix/guix-codesign` (modify env vars as necessary) 5. Make sure `guix.sigs` is cloned and updated 6. `env GUIX_SIGS_REPO=<path/to/guix.sigs> SIGNER=0x96AB007F1A7ED999=dongcarl ./contrib/guix/guix-attest` (modify env vars as necessary) 7. Commit your new signatures and SHA256SUMS in `guix.sigs` 8. Optionally, after there are multiple signatures in `guix.sigs`: `env GUIX_SIGS_REPO=<path/to/guix.sigs> ./contrib/guix/guix-verify` ACKs for top commit: laanwj: Tested ACKee883201cf
achow101: ACKee883201cf
Tree-SHA512: e812a07a5f19f900600c70cb9c717769ef544a6c0c12760b5558b76b6b37df863257f3dbf38b0757e6e06e334470267e94c9f2bdbc27409d6837b1a0bfc6acbc
This commit is contained in:
commit
b295395664
8 changed files with 1292 additions and 52 deletions
|
@ -149,7 +149,7 @@ $(APP_DIST_DIR)/Applications:
|
|||
$(APP_DIST_EXTRAS): $(APP_DIST_DIR)/$(OSX_APP)/Contents/MacOS/Bitcoin-Qt
|
||||
|
||||
$(OSX_TEMP_ISO): $(APP_DIST_EXTRAS)
|
||||
$(XORRISOFS) -D -l -V "$(OSX_VOLNAME)" -no-pad -r -dir-mode 0755 -o $@ dist -- $(if $(SOURCE_DATE_EPOCH),-volume_date all_file_dates =$(SOURCE_DATE_EPOCH))
|
||||
$(XORRISOFS) -D -l -V "$(OSX_VOLNAME)" -no-pad -r -dir-mode 0755 -o $@ $(APP_DIST_DIR) -- $(if $(SOURCE_DATE_EPOCH),-volume_date all_file_dates =$(SOURCE_DATE_EPOCH))
|
||||
|
||||
$(OSX_DMG): $(OSX_TEMP_ISO)
|
||||
$(DMG) dmg "$<" "$@"
|
||||
|
|
|
@ -267,20 +267,20 @@ for host in $HOSTS; do
|
|||
make -C "${PWD}/depends" -j"$JOBS" download-"$(host_to_commonname "$host")" ${V:+V=1} ${SOURCES_PATH:+SOURCES_PATH="$SOURCES_PATH"}
|
||||
done
|
||||
|
||||
# Usage: outdir_for_host HOST
|
||||
# Usage: outdir_for_host HOST SUFFIX
|
||||
#
|
||||
# HOST: The current platform triple we're building for
|
||||
#
|
||||
outdir_for_host() {
|
||||
echo "${OUTDIR_BASE}/${1}"
|
||||
echo "${OUTDIR_BASE}/${1}${2:+-${2}}"
|
||||
}
|
||||
|
||||
# Usage: profiledir_for_host HOST COMMAND
|
||||
# Usage: profiledir_for_host HOST SUFFIX
|
||||
#
|
||||
# HOST: The current platform triple we're building for
|
||||
#
|
||||
profiledir_for_host() {
|
||||
echo "${PROFILES_BASE}/${2}-${1}"
|
||||
echo "${PROFILES_BASE}/${1}${2:+-${2}}"
|
||||
}
|
||||
|
||||
|
||||
|
@ -412,7 +412,7 @@ EOF
|
|||
--keep-failed \
|
||||
--fallback \
|
||||
--link-profile \
|
||||
--root="$(profiledir_for_host "${HOST}" build)" \
|
||||
--root="$(profiledir_for_host "${HOST}")" \
|
||||
${SUBSTITUTE_URLS:+--substitute-urls="$SUBSTITUTE_URLS"} \
|
||||
${ADDITIONAL_GUIX_COMMON_FLAGS} ${ADDITIONAL_GUIX_ENVIRONMENT_FLAGS} \
|
||||
-- env HOST="$host" \
|
||||
|
|
392
contrib/guix/guix-codesign
Executable file
392
contrib/guix/guix-codesign
Executable file
|
@ -0,0 +1,392 @@
|
|||
#!/usr/bin/env bash
|
||||
export LC_ALL=C
|
||||
set -e -o pipefail
|
||||
|
||||
# Source the common prelude, which:
|
||||
# 1. Checks if we're at the top directory of the Bitcoin Core repository
|
||||
# 2. Defines a few common functions and variables
|
||||
#
|
||||
# shellcheck source=libexec/prelude.bash
|
||||
source "$(dirname "${BASH_SOURCE[0]}")/libexec/prelude.bash"
|
||||
|
||||
|
||||
###################
|
||||
## SANITY CHECKS ##
|
||||
###################
|
||||
|
||||
################
|
||||
# Required non-builtin commands should be invocable
|
||||
################
|
||||
|
||||
check_tools cat mkdir git guix
|
||||
|
||||
################
|
||||
# Required env vars should be non-empty
|
||||
################
|
||||
|
||||
cmd_usage() {
|
||||
cat <<EOF
|
||||
Synopsis:
|
||||
|
||||
env DETACHED_SIGS_REPO=<path/to/bitcoin-detached-sigs> \\
|
||||
./contrib/guix/guix-codesign
|
||||
|
||||
EOF
|
||||
}
|
||||
|
||||
if [ -z "$DETACHED_SIGS_REPO" ]; then
|
||||
cmd_usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
################
|
||||
# GUIX_BUILD_OPTIONS should be empty
|
||||
################
|
||||
#
|
||||
# GUIX_BUILD_OPTIONS is an environment variable recognized by guix commands that
|
||||
# can perform builds. This seems like what we want instead of
|
||||
# ADDITIONAL_GUIX_COMMON_FLAGS, but the value of GUIX_BUILD_OPTIONS is actually
|
||||
# _appended_ to normal command-line options. Meaning that they will take
|
||||
# precedence over the command-specific ADDITIONAL_GUIX_<CMD>_FLAGS.
|
||||
#
|
||||
# This seems like a poor user experience. Thus we check for GUIX_BUILD_OPTIONS's
|
||||
# existence here and direct users of this script to use our (more flexible)
|
||||
# custom environment variables.
|
||||
if [ -n "$GUIX_BUILD_OPTIONS" ]; then
|
||||
cat << EOF
|
||||
Error: Environment variable GUIX_BUILD_OPTIONS is not empty:
|
||||
'$GUIX_BUILD_OPTIONS'
|
||||
|
||||
Unfortunately this script is incompatible with GUIX_BUILD_OPTIONS, please unset
|
||||
GUIX_BUILD_OPTIONS and use ADDITIONAL_GUIX_COMMON_FLAGS to set build options
|
||||
across guix commands or ADDITIONAL_GUIX_<CMD>_FLAGS to set build options for a
|
||||
specific guix command.
|
||||
|
||||
See contrib/guix/README.md for more details.
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
################
|
||||
# The codesignature git worktree should not be dirty
|
||||
################
|
||||
|
||||
if ! git -C "$DETACHED_SIGS_REPO" diff-index --quiet HEAD -- && [ -z "$FORCE_DIRTY_WORKTREE" ]; then
|
||||
cat << EOF
|
||||
ERR: The DETACHED CODESIGNATURE git worktree is dirty, which may lead to broken builds.
|
||||
|
||||
Aborting...
|
||||
|
||||
Hint: To make your git worktree clean, You may want to:
|
||||
1. Commit your changes,
|
||||
2. Stash your changes, or
|
||||
3. Set the 'FORCE_DIRTY_WORKTREE' environment variable if you insist on
|
||||
using a dirty worktree
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
################
|
||||
# Build directories should not exist
|
||||
################
|
||||
|
||||
# Default to building for all supported HOSTs (overridable by environment)
|
||||
export HOSTS="${HOSTS:-x86_64-w64-mingw32 x86_64-apple-darwin18}"
|
||||
|
||||
# Usage: distsrc_for_host HOST
|
||||
#
|
||||
# HOST: The current platform triple we're building for
|
||||
#
|
||||
distsrc_for_host() {
|
||||
echo "${DISTSRC_BASE}/distsrc-${VERSION}-${1}-codesigned"
|
||||
}
|
||||
|
||||
# Accumulate a list of build directories that already exist...
|
||||
hosts_distsrc_exists=""
|
||||
for host in $HOSTS; do
|
||||
if [ -e "$(distsrc_for_host "$host")" ]; then
|
||||
hosts_distsrc_exists+=" ${host}"
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "$hosts_distsrc_exists" ]; then
|
||||
# ...so that we can print them out nicely in an error message
|
||||
cat << EOF
|
||||
ERR: Build directories for this commit already exist for the following platform
|
||||
triples you're attempting to build, probably because of previous builds.
|
||||
Please remove, or otherwise deal with them prior to starting another build.
|
||||
|
||||
Aborting...
|
||||
|
||||
Hint: To blow everything away, you may want to use:
|
||||
|
||||
$ ./contrib/guix/guix-clean
|
||||
|
||||
Specifically, this will remove all files without an entry in the index,
|
||||
excluding the SDK directory, the depends download cache, the depends built
|
||||
packages cache, the garbage collector roots for Guix environments, and the
|
||||
output directory.
|
||||
EOF
|
||||
for host in $hosts_distsrc_exists; do
|
||||
echo " ${host} '$(distsrc_for_host "$host")'"
|
||||
done
|
||||
exit 1
|
||||
else
|
||||
mkdir -p "$DISTSRC_BASE"
|
||||
fi
|
||||
|
||||
|
||||
################
|
||||
# Unsigned tarballs SHOULD exist
|
||||
################
|
||||
|
||||
# Usage: outdir_for_host HOST SUFFIX
|
||||
#
|
||||
# HOST: The current platform triple we're building for
|
||||
#
|
||||
outdir_for_host() {
|
||||
echo "${OUTDIR_BASE}/${1}${2:+-${2}}"
|
||||
}
|
||||
|
||||
|
||||
unsigned_tarball_for_host() {
|
||||
case "$1" in
|
||||
*mingw*)
|
||||
echo "$(outdir_for_host "$1")/${DISTNAME}-win-unsigned.tar.gz"
|
||||
;;
|
||||
*darwin*)
|
||||
echo "$(outdir_for_host "$1")/${DISTNAME}-osx-unsigned.tar.gz"
|
||||
;;
|
||||
*)
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
# Accumulate a list of build directories that already exist...
|
||||
hosts_unsigned_tarball_missing=""
|
||||
for host in $HOSTS; do
|
||||
if [ ! -e "$(unsigned_tarball_for_host "$host")" ]; then
|
||||
hosts_unsigned_tarball_missing+=" ${host}"
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "$hosts_unsigned_tarball_missing" ]; then
|
||||
# ...so that we can print them out nicely in an error message
|
||||
cat << EOF
|
||||
ERR: Unsigned tarballs do not exist
|
||||
...
|
||||
|
||||
EOF
|
||||
for host in $hosts_unsigned_tarball_missing; do
|
||||
echo " ${host} '$(unsigned_tarball_for_host "$host")'"
|
||||
done
|
||||
exit 1
|
||||
fi
|
||||
|
||||
################
|
||||
# Check that we can connect to the guix-daemon
|
||||
################
|
||||
|
||||
cat << EOF
|
||||
Checking that we can connect to the guix-daemon...
|
||||
|
||||
Hint: If this hangs, you may want to try turning your guix-daemon off and on
|
||||
again.
|
||||
|
||||
EOF
|
||||
if ! guix gc --list-failures > /dev/null; then
|
||||
cat << EOF
|
||||
|
||||
ERR: Failed to connect to the guix-daemon, please ensure that one is running and
|
||||
reachable.
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Developer note: we could use `guix repl` for this check and run:
|
||||
#
|
||||
# (import (guix store)) (close-connection (open-connection))
|
||||
#
|
||||
# However, the internal API is likely to change more than the CLI invocation
|
||||
|
||||
|
||||
#########
|
||||
# SETUP #
|
||||
#########
|
||||
|
||||
# Determine the maximum number of jobs to run simultaneously (overridable by
|
||||
# environment)
|
||||
JOBS="${JOBS:-$(nproc)}"
|
||||
|
||||
# Determine the reference time used for determinism (overridable by environment)
|
||||
SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-$(git log --format=%at -1)}"
|
||||
|
||||
# Execute "$@" in a pinned, possibly older version of Guix, for reproducibility
|
||||
# across time.
|
||||
time-machine() {
|
||||
# shellcheck disable=SC2086
|
||||
guix time-machine --url=https://github.com/dongcarl/guix.git \
|
||||
--commit=490e39ff303f4f6873a04bfb8253755bdae1b29c \
|
||||
--cores="$JOBS" \
|
||||
--keep-failed \
|
||||
--fallback \
|
||||
${SUBSTITUTE_URLS:+--substitute-urls="$SUBSTITUTE_URLS"} \
|
||||
${ADDITIONAL_GUIX_COMMON_FLAGS} ${ADDITIONAL_GUIX_TIMEMACHINE_FLAGS} \
|
||||
-- "$@"
|
||||
}
|
||||
|
||||
# Make sure an output directory exists for our builds
|
||||
OUTDIR_BASE="${OUTDIR_BASE:-${VERSION_BASE}/output}"
|
||||
mkdir -p "$OUTDIR_BASE"
|
||||
|
||||
# Usage: profiledir_for_host HOST SUFFIX
|
||||
#
|
||||
# HOST: The current platform triple we're building for
|
||||
#
|
||||
profiledir_for_host() {
|
||||
echo "${PROFILES_BASE}/${1}${2:+-${2}}"
|
||||
}
|
||||
|
||||
#########
|
||||
# BUILD #
|
||||
#########
|
||||
|
||||
# Function to be called when codesigning for host ${1} and the user interrupts
|
||||
# the codesign
|
||||
int_trap() {
|
||||
cat << EOF
|
||||
** INT received while codesigning ${1}, you may want to clean up the relevant
|
||||
work directories (e.g. distsrc-*) before recodesigning
|
||||
|
||||
Hint: To blow everything away, you may want to use:
|
||||
|
||||
$ ./contrib/guix/guix-clean
|
||||
|
||||
Specifically, this will remove all files without an entry in the index,
|
||||
excluding the SDK directory, the depends download cache, the depends built
|
||||
packages cache, the garbage collector roots for Guix environments, and the
|
||||
output directory.
|
||||
EOF
|
||||
}
|
||||
|
||||
# Deterministically build Bitcoin Core
|
||||
# shellcheck disable=SC2153
|
||||
for host in $HOSTS; do
|
||||
|
||||
# Display proper warning when the user interrupts the build
|
||||
trap 'int_trap ${host}' INT
|
||||
|
||||
(
|
||||
# Required for 'contrib/guix/manifest.scm' to output the right manifest
|
||||
# for the particular $HOST we're building for
|
||||
export HOST="$host"
|
||||
|
||||
# shellcheck disable=SC2030
|
||||
cat << EOF
|
||||
INFO: Codesigning ${VERSION:?not set} for platform triple ${HOST:?not set}:
|
||||
...using reference timestamp: ${SOURCE_DATE_EPOCH:?not set}
|
||||
...from worktree directory: '${PWD}'
|
||||
...bind-mounted in container to: '/bitcoin'
|
||||
...in build directory: '$(distsrc_for_host "$HOST")'
|
||||
...bind-mounted in container to: '$(DISTSRC_BASE=/distsrc-base && distsrc_for_host "$HOST")'
|
||||
...outputting in: '$(outdir_for_host "$HOST" codesigned)'
|
||||
...bind-mounted in container to: '$(OUTDIR_BASE=/outdir-base && outdir_for_host "$HOST" codesigned)'
|
||||
...using detached signatures in: '${DETACHED_SIGS_REPO:?not set}'
|
||||
...bind-mounted in container to: '/detached-sigs'
|
||||
EOF
|
||||
|
||||
|
||||
# Run the build script 'contrib/guix/libexec/build.sh' in the build
|
||||
# container specified by 'contrib/guix/manifest.scm'.
|
||||
#
|
||||
# Explanation of `guix environment` flags:
|
||||
#
|
||||
# --container run command within an isolated container
|
||||
#
|
||||
# Running in an isolated container minimizes build-time differences
|
||||
# between machines and improves reproducibility
|
||||
#
|
||||
# --pure unset existing environment variables
|
||||
#
|
||||
# Same rationale as --container
|
||||
#
|
||||
# --no-cwd do not share current working directory with an
|
||||
# isolated container
|
||||
#
|
||||
# When --container is specified, the default behavior is to share
|
||||
# the current working directory with the isolated container at the
|
||||
# same exact path (e.g. mapping '/home/satoshi/bitcoin/' to
|
||||
# '/home/satoshi/bitcoin/'). This means that the $PWD inside the
|
||||
# container becomes a source of irreproducibility. --no-cwd disables
|
||||
# this behaviour.
|
||||
#
|
||||
# --share=SPEC for containers, share writable host file system
|
||||
# according to SPEC
|
||||
#
|
||||
# --share="$PWD"=/bitcoin
|
||||
#
|
||||
# maps our current working directory to /bitcoin
|
||||
# inside the isolated container, which we later cd
|
||||
# into.
|
||||
#
|
||||
# While we don't want to map our current working directory to the
|
||||
# same exact path (as this introduces irreproducibility), we do want
|
||||
# it to be at a _fixed_ path _somewhere_ inside the isolated
|
||||
# container so that we have something to build. '/bitcoin' was
|
||||
# chosen arbitrarily.
|
||||
#
|
||||
# ${SOURCES_PATH:+--share="$SOURCES_PATH"}
|
||||
#
|
||||
# make the downloaded depends sources path available
|
||||
# inside the isolated container
|
||||
#
|
||||
# The isolated container has no network access as it's in a
|
||||
# different network namespace from the main machine, so we have to
|
||||
# make the downloaded depends sources available to it. The sources
|
||||
# should have been downloaded prior to this invocation.
|
||||
#
|
||||
# ${SUBSTITUTE_URLS:+--substitute-urls="$SUBSTITUTE_URLS"}
|
||||
#
|
||||
# fetch substitute from SUBSTITUTE_URLS if they are
|
||||
# authorized
|
||||
#
|
||||
# Depending on the user's security model, it may be desirable to use
|
||||
# substitutes (pre-built packages) from servers that the user trusts.
|
||||
# Please read the README.md in the same directory as this file for
|
||||
# more information.
|
||||
#
|
||||
# shellcheck disable=SC2086,SC2031
|
||||
time-machine environment --manifest="${PWD}/contrib/guix/manifest.scm" \
|
||||
--container \
|
||||
--pure \
|
||||
--no-cwd \
|
||||
--share="$PWD"=/bitcoin \
|
||||
--share="$DISTSRC_BASE"=/distsrc-base \
|
||||
--share="$OUTDIR_BASE"=/outdir-base \
|
||||
--share="$DETACHED_SIGS_REPO"=/detached-sigs \
|
||||
--expose="$(git rev-parse --git-common-dir)" \
|
||||
--expose="$(git -C "$DETACHED_SIGS_REPO" rev-parse --git-common-dir)" \
|
||||
${SOURCES_PATH:+--share="$SOURCES_PATH"} \
|
||||
--cores="$JOBS" \
|
||||
--keep-failed \
|
||||
--fallback \
|
||||
--link-profile \
|
||||
--root="$(profiledir_for_host "${HOST}" codesigned)" \
|
||||
${SUBSTITUTE_URLS:+--substitute-urls="$SUBSTITUTE_URLS"} \
|
||||
${ADDITIONAL_GUIX_COMMON_FLAGS} ${ADDITIONAL_GUIX_ENVIRONMENT_FLAGS} \
|
||||
-- env HOST="$host" \
|
||||
DISTNAME="$DISTNAME" \
|
||||
JOBS="$JOBS" \
|
||||
SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:?unable to determine value}" \
|
||||
${V:+V=1} \
|
||||
${SOURCES_PATH:+SOURCES_PATH="$SOURCES_PATH"} \
|
||||
DISTSRC="$(DISTSRC_BASE=/distsrc-base && distsrc_for_host "$HOST")" \
|
||||
OUTDIR="$(OUTDIR_BASE=/outdir-base && outdir_for_host "$HOST" codesigned)" \
|
||||
DIST_ARCHIVE_BASE=/outdir-base/dist-archive \
|
||||
DETACHED_SIGS_REPO=/detached-sigs \
|
||||
UNSIGNED_TARBALL="$(OUTDIR_BASE=/outdir-base && unsigned_tarball_for_host "$HOST")" \
|
||||
bash -c "cd /bitcoin && bash contrib/guix/libexec/codesign.sh"
|
||||
)
|
||||
|
||||
done
|
103
contrib/guix/libexec/codesign.sh
Executable file
103
contrib/guix/libexec/codesign.sh
Executable file
|
@ -0,0 +1,103 @@
|
|||
#!/usr/bin/env bash
|
||||
export LC_ALL=C
|
||||
set -e -o pipefail
|
||||
export TZ=UTC
|
||||
|
||||
# Although Guix _does_ set umask when building its own packages (in our case,
|
||||
# this is all packages in manifest.scm), it does not set it for `guix
|
||||
# environment`. It does make sense for at least `guix environment --container`
|
||||
# to set umask, so if that change gets merged upstream and we bump the
|
||||
# time-machine to a commit which includes the aforementioned change, we can
|
||||
# remove this line.
|
||||
#
|
||||
# This line should be placed before any commands which creates files.
|
||||
umask 0022
|
||||
|
||||
if [ -n "$V" ]; then
|
||||
# Print both unexpanded (-v) and expanded (-x) forms of commands as they are
|
||||
# read from this file.
|
||||
set -vx
|
||||
# Set VERBOSE for CMake-based builds
|
||||
export VERBOSE="$V"
|
||||
fi
|
||||
|
||||
# Check that required environment variables are set
|
||||
cat << EOF
|
||||
Required environment variables as seen inside the container:
|
||||
UNSIGNED_TARBALL: ${UNSIGNED_TARBALL:?not set}
|
||||
DETACHED_SIGS_REPO: ${DETACHED_SIGS_REPO:?not set}
|
||||
DIST_ARCHIVE_BASE: ${DIST_ARCHIVE_BASE:?not set}
|
||||
DISTNAME: ${DISTNAME:?not set}
|
||||
HOST: ${HOST:?not set}
|
||||
SOURCE_DATE_EPOCH: ${SOURCE_DATE_EPOCH:?not set}
|
||||
DISTSRC: ${DISTSRC:?not set}
|
||||
OUTDIR: ${OUTDIR:?not set}
|
||||
EOF
|
||||
|
||||
ACTUAL_OUTDIR="${OUTDIR}"
|
||||
OUTDIR="${DISTSRC}/output"
|
||||
|
||||
git_head_version() {
|
||||
local recent_tag
|
||||
if recent_tag="$(git -C "$1" describe --exact-match HEAD 2> /dev/null)"; then
|
||||
echo "${recent_tag#v}"
|
||||
else
|
||||
git -C "$1" rev-parse --short=12 HEAD
|
||||
fi
|
||||
}
|
||||
|
||||
CODESIGNATURE_GIT_ARCHIVE="${DIST_ARCHIVE_BASE}/${DISTNAME}-codesignatures-$(git_head_version "$DETACHED_SIGS_REPO").tar.gz"
|
||||
|
||||
# Create the codesignature tarball if not already there
|
||||
if [ ! -e "$CODESIGNATURE_GIT_ARCHIVE" ]; then
|
||||
mkdir -p "$(dirname "$CODESIGNATURE_GIT_ARCHIVE")"
|
||||
git -C "$DETACHED_SIGS_REPO" archive --output="$CODESIGNATURE_GIT_ARCHIVE" HEAD
|
||||
fi
|
||||
|
||||
mkdir -p "$OUTDIR"
|
||||
cat << EOF > "$OUTDIR"/inputs.SHA256SUMS
|
||||
$(sha256sum "$UNSIGNED_TARBALL" | cut -d' ' -f1) inputs/$(basename "$UNSIGNED_TARBALL")
|
||||
$(sha256sum "$CODESIGNATURE_GIT_ARCHIVE" | cut -d' ' -f1) inputs/$(basename "$CODESIGNATURE_GIT_ARCHIVE")
|
||||
EOF
|
||||
|
||||
mkdir -p "$DISTSRC"
|
||||
(
|
||||
cd "$DISTSRC"
|
||||
|
||||
tar -xf "$UNSIGNED_TARBALL"
|
||||
|
||||
mkdir -p codesignatures
|
||||
tar -C codesignatures -xf "$CODESIGNATURE_GIT_ARCHIVE"
|
||||
|
||||
case "$HOST" in
|
||||
*mingw*)
|
||||
find "$PWD" -name "*-unsigned.exe" | while read -r infile; do
|
||||
infile_base="$(basename "$infile")"
|
||||
|
||||
# Codesigned *-unsigned.exe and output to OUTDIR
|
||||
osslsigncode attach-signature \
|
||||
-in "$infile" \
|
||||
-out "${OUTDIR}/${infile_base/-unsigned}" \
|
||||
-sigin codesignatures/win/"$infile_base".pem
|
||||
done
|
||||
;;
|
||||
*darwin*)
|
||||
# Apply detached codesignatures to dist/ (in-place)
|
||||
signapple apply dist/Bitcoin-Qt.app codesignatures/osx/dist
|
||||
|
||||
# Make an uncompressed DMG from dist/
|
||||
xorrisofs -D -l -V "$(< osx_volname)" -no-pad -r -dir-mode 0755 \
|
||||
-o uncompressed.dmg \
|
||||
dist \
|
||||
-- -volume_date all_file_dates ="$SOURCE_DATE_EPOCH"
|
||||
|
||||
# Compress uncompressed.dmg and output to OUTDIR
|
||||
./dmg dmg uncompressed.dmg "${OUTDIR}/${DISTNAME}-osx-signed.dmg"
|
||||
;;
|
||||
*)
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
) # $DISTSRC
|
||||
|
||||
mv --no-target-directory "$OUTDIR" "$ACTUAL_OUTDIR"
|
|
@ -4,12 +4,14 @@
|
|||
(gnu packages base)
|
||||
(gnu packages bash)
|
||||
(gnu packages bison)
|
||||
(gnu packages certs)
|
||||
(gnu packages cdrom)
|
||||
(gnu packages check)
|
||||
(gnu packages cmake)
|
||||
(gnu packages commencement)
|
||||
(gnu packages compression)
|
||||
(gnu packages cross-base)
|
||||
(gnu packages curl)
|
||||
(gnu packages file)
|
||||
(gnu packages gawk)
|
||||
(gnu packages gcc)
|
||||
|
@ -23,7 +25,9 @@
|
|||
(gnu packages perl)
|
||||
(gnu packages pkg-config)
|
||||
(gnu packages python)
|
||||
(gnu packages python-web)
|
||||
(gnu packages shells)
|
||||
(gnu packages tls)
|
||||
(gnu packages version-control)
|
||||
(guix build-system font)
|
||||
(guix build-system gnu)
|
||||
|
@ -52,28 +56,28 @@ we link against libssp.so, and thus will ensure that this works properly.
|
|||
Taken from:
|
||||
http://www.linuxfromscratch.org/hlfs/view/development/chapter05/gcc-pass1.html"
|
||||
(package
|
||||
(inherit xgcc)
|
||||
(arguments
|
||||
(substitute-keyword-arguments (package-arguments xgcc)
|
||||
((#:make-flags flags)
|
||||
`(cons "gcc_cv_libc_provides_ssp=yes" ,flags))))))
|
||||
(inherit xgcc)
|
||||
(arguments
|
||||
(substitute-keyword-arguments (package-arguments xgcc)
|
||||
((#:make-flags flags)
|
||||
`(cons "gcc_cv_libc_provides_ssp=yes" ,flags))))))
|
||||
|
||||
(define (make-gcc-rpath-link xgcc)
|
||||
"Given a XGCC package, return a modified package that replace each instance of
|
||||
-rpath in the default system spec that's inserted by Guix with -rpath-link"
|
||||
(package
|
||||
(inherit xgcc)
|
||||
(arguments
|
||||
(substitute-keyword-arguments (package-arguments xgcc)
|
||||
((#:phases phases)
|
||||
`(modify-phases ,phases
|
||||
(add-after 'pre-configure 'replace-rpath-with-rpath-link
|
||||
(lambda _
|
||||
(substitute* (cons "gcc/config/rs6000/sysv4.h"
|
||||
(find-files "gcc/config"
|
||||
"^gnu-user.*\\.h$"))
|
||||
(("-rpath=") "-rpath-link="))
|
||||
#t))))))))
|
||||
(inherit xgcc)
|
||||
(arguments
|
||||
(substitute-keyword-arguments (package-arguments xgcc)
|
||||
((#:phases phases)
|
||||
`(modify-phases ,phases
|
||||
(add-after 'pre-configure 'replace-rpath-with-rpath-link
|
||||
(lambda _
|
||||
(substitute* (cons "gcc/config/rs6000/sysv4.h"
|
||||
(find-files "gcc/config"
|
||||
"^gnu-user.*\\.h$"))
|
||||
(("-rpath=") "-rpath-link="))
|
||||
#t))))))))
|
||||
|
||||
(define (make-cross-toolchain target
|
||||
base-gcc-for-libc
|
||||
|
@ -126,19 +130,23 @@ chain for " target " development."))
|
|||
(home-page (package-home-page xgcc))
|
||||
(license (package-license xgcc)))))
|
||||
|
||||
(define base-gcc
|
||||
(package-with-extra-patches gcc-8
|
||||
(search-our-patches "gcc-8-sort-libtool-find-output.patch")))
|
||||
|
||||
(define* (make-bitcoin-cross-toolchain target
|
||||
#:key
|
||||
(base-gcc-for-libc gcc-7)
|
||||
(base-kernel-headers linux-libre-headers-5.4)
|
||||
(base-libc glibc) ; glibc 2.31
|
||||
(base-gcc (make-gcc-rpath-link gcc-8)))
|
||||
#:key
|
||||
(base-gcc-for-libc gcc-7)
|
||||
(base-kernel-headers linux-libre-headers-5.4)
|
||||
(base-libc glibc) ; glibc 2.31
|
||||
(base-gcc (make-gcc-rpath-link base-gcc)))
|
||||
"Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values
|
||||
desirable for building Bitcoin Core release binaries."
|
||||
(make-cross-toolchain target
|
||||
base-gcc-for-libc
|
||||
base-kernel-headers
|
||||
base-libc
|
||||
base-gcc))
|
||||
base-gcc-for-libc
|
||||
base-kernel-headers
|
||||
base-libc
|
||||
base-gcc))
|
||||
|
||||
(define (make-gcc-with-pthreads gcc)
|
||||
(package-with-extra-configure-variable gcc "--enable-threads" "posix"))
|
||||
|
@ -149,7 +157,7 @@ desirable for building Bitcoin Core release binaries."
|
|||
(pthreads-xlibc mingw-w64-x86_64-winpthreads)
|
||||
(pthreads-xgcc (make-gcc-with-pthreads
|
||||
(cross-gcc target
|
||||
#:xgcc (make-ssp-fixed-gcc gcc-8)
|
||||
#:xgcc (make-ssp-fixed-gcc base-gcc)
|
||||
#:xbinutils xbinutils
|
||||
#:libc pthreads-xlibc))))
|
||||
;; Define a meta-package that propagates the resulting XBINUTILS, XLIBC, and
|
||||
|
@ -177,22 +185,22 @@ chain for " target " development."))
|
|||
|
||||
(define-public font-tuffy
|
||||
(package
|
||||
(name "font-tuffy")
|
||||
(version "20120614")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "http://tulrich.com/fonts/tuffy-" version ".tar.gz"))
|
||||
(file-name (string-append name "-" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"02vf72bgrp30vrbfhxjw82s115z27dwfgnmmzfb0n9wfhxxfpyf6"))))
|
||||
(build-system font-build-system)
|
||||
(home-page "http://tulrich.com/fonts/")
|
||||
(synopsis "The Tuffy Truetype Font Family")
|
||||
(description
|
||||
"Thatcher Ulrich's first outline font design. He started with the goal of producing a neutral, readable sans-serif text font. There are lots of \"expressive\" fonts out there, but he wanted to start with something very plain and clean, something he might want to actually use. ")
|
||||
(license license:public-domain)))
|
||||
(name "font-tuffy")
|
||||
(version "20120614")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "http://tulrich.com/fonts/tuffy-" version ".tar.gz"))
|
||||
(file-name (string-append name "-" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"02vf72bgrp30vrbfhxjw82s115z27dwfgnmmzfb0n9wfhxxfpyf6"))))
|
||||
(build-system font-build-system)
|
||||
(home-page "http://tulrich.com/fonts/")
|
||||
(synopsis "The Tuffy Truetype Font Family")
|
||||
(description
|
||||
"Thatcher Ulrich's first outline font design. He started with the goal of producing a neutral, readable sans-serif text font. There are lots of \"expressive\" fonts out there, but he wanted to start with something very plain and clean, something he might want to actually use. ")
|
||||
(license license:public-domain)))
|
||||
|
||||
(define-public lief
|
||||
(package
|
||||
|
@ -217,6 +225,337 @@ chain for " target " development."))
|
|||
parse, modify and abstract ELF, PE and MachO formats.")
|
||||
(license license:asl2.0)))
|
||||
|
||||
(define osslsigncode
|
||||
(package
|
||||
(name "osslsigncode")
|
||||
(version "2.0")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "https://github.com/mtrojnar/"
|
||||
name "/archive/" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0byri6xny770wwb2nciq44j5071122l14bvv65axdd70nfjf0q2s"))))
|
||||
(build-system gnu-build-system)
|
||||
(native-inputs
|
||||
`(("pkg-config" ,pkg-config)
|
||||
("autoconf" ,autoconf)
|
||||
("automake" ,automake)
|
||||
("libtool" ,libtool)))
|
||||
(inputs
|
||||
`(("openssl" ,openssl)))
|
||||
(arguments
|
||||
`(#:configure-flags
|
||||
`("--without-gsf"
|
||||
"--without-curl"
|
||||
"--disable-dependency-tracking")))
|
||||
(home-page "https://github.com/mtrojnar/osslsigncode")
|
||||
(synopsis "Authenticode signing and timestamping tool")
|
||||
(description "osslsigncode is a small tool that implements part of the
|
||||
functionality of the Microsoft tool signtool.exe - more exactly the Authenticode
|
||||
signing and timestamping. But osslsigncode is based on OpenSSL and cURL, and
|
||||
thus should be able to compile on most platforms where these exist.")
|
||||
(license license:gpl3+))) ; license is with openssl exception
|
||||
|
||||
(define-public python-asn1crypto
|
||||
(package
|
||||
(name "python-asn1crypto")
|
||||
(version "1.4.0")
|
||||
(source
|
||||
(origin
|
||||
(method git-fetch)
|
||||
(uri (git-reference
|
||||
(url "https://github.com/wbond/asn1crypto")
|
||||
(commit version)))
|
||||
(file-name (git-file-name name version))
|
||||
(sha256
|
||||
(base32
|
||||
"19abibn6jw20mzi1ln4n9jjvpdka8ygm4m439hplyrdfqbvgm01r"))))
|
||||
(build-system python-build-system)
|
||||
(arguments
|
||||
'(#:phases
|
||||
(modify-phases %standard-phases
|
||||
(replace 'check
|
||||
(lambda _
|
||||
(invoke "python" "run.py" "tests"))))))
|
||||
(home-page "https://github.com/wbond/asn1crypto")
|
||||
(synopsis "ASN.1 parser and serializer in Python")
|
||||
(description "asn1crypto is an ASN.1 parser and serializer with definitions
|
||||
for private keys, public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7,
|
||||
PKCS#8, PKCS#12, PKCS#5, X.509 and TSP.")
|
||||
(license license:expat)))
|
||||
|
||||
(define-public python-elfesteem
|
||||
(let ((commit "87bbd79ab7e361004c98cc8601d4e5f029fd8bd5"))
|
||||
(package
|
||||
(name "python-elfesteem")
|
||||
(version (git-version "0.1" "1" commit))
|
||||
(source
|
||||
(origin
|
||||
(method git-fetch)
|
||||
(uri (git-reference
|
||||
(url "https://github.com/LRGH/elfesteem")
|
||||
(commit commit)))
|
||||
(file-name (git-file-name name commit))
|
||||
(sha256
|
||||
(base32
|
||||
"1nyvjisvyxyxnd0023xjf5846xd03lwawp5pfzr8vrky7wwm5maz"))))
|
||||
(build-system python-build-system)
|
||||
;; There are no tests, but attempting to run python setup.py test leads to
|
||||
;; PYTHONPATH problems, just disable the test
|
||||
(arguments '(#:tests? #f))
|
||||
(home-page "https://github.com/LRGH/elfesteem")
|
||||
(synopsis "ELF/PE/Mach-O parsing library")
|
||||
(description "elfesteem parses ELF, PE and Mach-O files.")
|
||||
(license license:lgpl2.1))))
|
||||
|
||||
(define-public python-oscrypto
|
||||
(package
|
||||
(name "python-oscrypto")
|
||||
(version "1.2.1")
|
||||
(source
|
||||
(origin
|
||||
(method git-fetch)
|
||||
(uri (git-reference
|
||||
(url "https://github.com/wbond/oscrypto")
|
||||
(commit version)))
|
||||
(file-name (git-file-name name version))
|
||||
(sha256
|
||||
(base32
|
||||
"1d4d8s4z340qhvb3g5m5v3436y3a71yc26wk4749q64m09kxqc3l"))
|
||||
(patches (search-our-patches "oscrypto-hard-code-openssl.patch"))))
|
||||
(build-system python-build-system)
|
||||
(native-search-paths
|
||||
(list (search-path-specification
|
||||
(variable "SSL_CERT_FILE")
|
||||
(file-type 'regular)
|
||||
(separator #f) ;single entry
|
||||
(files '("etc/ssl/certs/ca-certificates.crt")))))
|
||||
|
||||
(propagated-inputs
|
||||
`(("python-asn1crypto" ,python-asn1crypto)
|
||||
("openssl" ,openssl)))
|
||||
(arguments
|
||||
`(#:phases
|
||||
(modify-phases %standard-phases
|
||||
(add-after 'unpack 'hard-code-path-to-libscrypt
|
||||
(lambda* (#:key inputs #:allow-other-keys)
|
||||
(let ((openssl (assoc-ref inputs "openssl")))
|
||||
(substitute* "oscrypto/__init__.py"
|
||||
(("@GUIX_OSCRYPTO_USE_OPENSSL@")
|
||||
(string-append openssl "/lib/libcrypto.so" "," openssl "/lib/libssl.so")))
|
||||
#t)))
|
||||
(add-after 'unpack 'disable-broken-tests
|
||||
(lambda _
|
||||
;; This test is broken as there is no keyboard interrupt.
|
||||
(substitute* "tests/test_trust_list.py"
|
||||
(("^(.*)class TrustListTests" line indent)
|
||||
(string-append indent
|
||||
"@unittest.skip(\"Disabled by Guix\")\n"
|
||||
line)))
|
||||
(substitute* "tests/test_tls.py"
|
||||
(("^(.*)class TLSTests" line indent)
|
||||
(string-append indent
|
||||
"@unittest.skip(\"Disabled by Guix\")\n"
|
||||
line)))
|
||||
#t))
|
||||
(replace 'check
|
||||
(lambda _
|
||||
(invoke "python" "run.py" "tests")
|
||||
#t)))))
|
||||
(home-page "https://github.com/wbond/oscrypto")
|
||||
(synopsis "Compiler-free Python crypto library backed by the OS")
|
||||
(description "oscrypto is a compilation-free, always up-to-date encryption library for Python.")
|
||||
(license license:expat)))
|
||||
|
||||
(define-public python-oscryptotests
|
||||
(package (inherit python-oscrypto)
|
||||
(name "python-oscryptotests")
|
||||
(arguments
|
||||
`(#:tests? #f
|
||||
#:phases
|
||||
(modify-phases %standard-phases
|
||||
(add-after 'unpack 'hard-code-path-to-libscrypt
|
||||
(lambda* (#:key inputs #:allow-other-keys)
|
||||
(chdir "tests")
|
||||
#t)))))))
|
||||
|
||||
(define-public python-certvalidator
|
||||
(let ((commit "e5bdb4bfcaa09fa0af355eb8867d00dfeecba08c"))
|
||||
(package
|
||||
(name "python-certvalidator")
|
||||
(version (git-version "0.1" "1" commit))
|
||||
(source
|
||||
(origin
|
||||
(method git-fetch)
|
||||
(uri (git-reference
|
||||
(url "https://github.com/achow101/certvalidator")
|
||||
(commit commit)))
|
||||
(file-name (git-file-name name commit))
|
||||
(sha256
|
||||
(base32
|
||||
"18pvxkvpkfkzgvfylv0kx65pmxfcv1hpsg03cip93krfvrrl4c75"))))
|
||||
(build-system python-build-system)
|
||||
(propagated-inputs
|
||||
`(("python-asn1crypto" ,python-asn1crypto)
|
||||
("python-oscrypto" ,python-oscrypto)
|
||||
("python-oscryptotests", python-oscryptotests))) ;; certvalidator tests import oscryptotests
|
||||
(arguments
|
||||
`(#:phases
|
||||
(modify-phases %standard-phases
|
||||
(add-after 'unpack 'disable-broken-tests
|
||||
(lambda _
|
||||
(substitute* "tests/test_certificate_validator.py"
|
||||
(("^(.*)class CertificateValidatorTests" line indent)
|
||||
(string-append indent
|
||||
"@unittest.skip(\"Disabled by Guix\")\n"
|
||||
line)))
|
||||
(substitute* "tests/test_crl_client.py"
|
||||
(("^(.*)def test_fetch_crl" line indent)
|
||||
(string-append indent
|
||||
"@unittest.skip(\"Disabled by Guix\")\n"
|
||||
line)))
|
||||
(substitute* "tests/test_ocsp_client.py"
|
||||
(("^(.*)def test_fetch_ocsp" line indent)
|
||||
(string-append indent
|
||||
"@unittest.skip(\"Disabled by Guix\")\n"
|
||||
line)))
|
||||
(substitute* "tests/test_registry.py"
|
||||
(("^(.*)def test_build_paths" line indent)
|
||||
(string-append indent
|
||||
"@unittest.skip(\"Disabled by Guix\")\n"
|
||||
line)))
|
||||
(substitute* "tests/test_validate.py"
|
||||
(("^(.*)def test_revocation_mode_hard" line indent)
|
||||
(string-append indent
|
||||
"@unittest.skip(\"Disabled by Guix\")\n"
|
||||
line)))
|
||||
#t))
|
||||
(replace 'check
|
||||
(lambda _
|
||||
(invoke "python" "run.py" "tests")
|
||||
#t)))))
|
||||
(home-page "https://github.com/wbond/certvalidator")
|
||||
(synopsis "Python library for validating X.509 certificates and paths")
|
||||
(description "certvalidator is a Python library for validating X.509
|
||||
certificates or paths. Supports various options, including: validation at a
|
||||
specific moment in time, whitelisting and revocation checks.")
|
||||
(license license:expat))))
|
||||
|
||||
(define-public python-requests-2.25.1
|
||||
(package (inherit python-requests)
|
||||
(version "2.25.1")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (pypi-uri "requests" version))
|
||||
(sha256
|
||||
(base32
|
||||
"015qflyqsgsz09gnar69s6ga74ivq5kch69s4qxz3904m7a3v5r7"))))))
|
||||
|
||||
(define-public python-altgraph
|
||||
(package
|
||||
(name "python-altgraph")
|
||||
(version "0.17")
|
||||
(source
|
||||
(origin
|
||||
(method git-fetch)
|
||||
(uri (git-reference
|
||||
(url "https://github.com/ronaldoussoren/altgraph")
|
||||
(commit (string-append "v" version))))
|
||||
(file-name (git-file-name name version))
|
||||
(sha256
|
||||
(base32
|
||||
"09sm4srvvkw458pn48ga9q7ykr4xlz7q8gh1h9w7nxpf001qgpwb"))))
|
||||
(build-system python-build-system)
|
||||
(home-page "https://github.com/ronaldoussoren/altgraph")
|
||||
(synopsis "Python graph (network) package")
|
||||
(description "altgraph is a fork of graphlib: a graph (network) package for
|
||||
constructing graphs, BFS and DFS traversals, topological sort, shortest paths,
|
||||
etc. with graphviz output.")
|
||||
(license license:expat)))
|
||||
|
||||
|
||||
(define-public python-macholib
|
||||
(package
|
||||
(name "python-macholib")
|
||||
(version "1.14")
|
||||
(source
|
||||
(origin
|
||||
(method git-fetch)
|
||||
(uri (git-reference
|
||||
(url "https://github.com/ronaldoussoren/macholib")
|
||||
(commit (string-append "v" version))))
|
||||
(file-name (git-file-name name version))
|
||||
(sha256
|
||||
(base32
|
||||
"0aislnnfsza9wl4f0vp45ivzlc0pzhp9d4r08700slrypn5flg42"))))
|
||||
(build-system python-build-system)
|
||||
(propagated-inputs
|
||||
`(("python-altgraph" ,python-altgraph)))
|
||||
(arguments
|
||||
'(#:phases
|
||||
(modify-phases %standard-phases
|
||||
(add-after 'unpack 'disable-broken-tests
|
||||
(lambda _
|
||||
;; This test is broken as there is no keyboard interrupt.
|
||||
(substitute* "macholib_tests/test_command_line.py"
|
||||
(("^(.*)class TestCmdLine" line indent)
|
||||
(string-append indent
|
||||
"@unittest.skip(\"Disabled by Guix\")\n"
|
||||
line)))
|
||||
(substitute* "macholib_tests/test_dyld.py"
|
||||
(("^(.*)def test_\\S+_find" line indent)
|
||||
(string-append indent
|
||||
"@unittest.skip(\"Disabled by Guix\")\n"
|
||||
line))
|
||||
(("^(.*)def testBasic" line indent)
|
||||
(string-append indent
|
||||
"@unittest.skip(\"Disabled by Guix\")\n"
|
||||
line))
|
||||
)
|
||||
#t)))))
|
||||
(home-page "https://github.com/ronaldoussoren/macholib")
|
||||
(synopsis "Python library for analyzing and editing Mach-O headers")
|
||||
(description "macholib is a Macho-O header analyzer and editor. It's
|
||||
typically used as a dependency analysis tool, and also to rewrite dylib
|
||||
references in Mach-O headers to be @executable_path relative. Though this tool
|
||||
targets a platform specific file format, it is pure python code that is platform
|
||||
and endian independent.")
|
||||
(license license:expat)))
|
||||
|
||||
(define-public python-signapple
|
||||
(let ((commit "4ff1c1754e37042c002a3f6375c47fd931f2030b"))
|
||||
(package
|
||||
(name "python-signapple")
|
||||
(version (git-version "0.1" "1" commit))
|
||||
(source
|
||||
(origin
|
||||
(method git-fetch)
|
||||
(uri (git-reference
|
||||
(url "https://github.com/dongcarl/signapple")
|
||||
(commit commit)))
|
||||
(file-name (git-file-name name commit))
|
||||
(sha256
|
||||
(base32
|
||||
"043czyzfm04rcx5xsp59vsppla3vm5g45dbp1npy2hww4066rlnh"))))
|
||||
(build-system python-build-system)
|
||||
(propagated-inputs
|
||||
`(("python-asn1crypto" ,python-asn1crypto)
|
||||
("python-oscrypto" ,python-oscrypto)
|
||||
("python-certvalidator" ,python-certvalidator)
|
||||
("python-elfesteem" ,python-elfesteem)
|
||||
("python-requests" ,python-requests-2.25.1)
|
||||
("python-macholib" ,python-macholib)
|
||||
("libcrypto" ,openssl)))
|
||||
;; There are no tests, but attempting to run python setup.py test leads to
|
||||
;; problems, just disable the test
|
||||
(arguments '(#:tests? #f))
|
||||
(home-page "https://github.com/achow101/signapple")
|
||||
(synopsis "Mach-O binary signature tool")
|
||||
(description "signapple is a Python tool for creating, verifying, and
|
||||
inspecting signatures in Mach-O binaries.")
|
||||
(license license:expat))))
|
||||
|
||||
(packages->manifest
|
||||
(append
|
||||
(list ;; The Basics
|
||||
|
@ -262,9 +601,10 @@ parse, modify and abstract ELF, PE and MachO formats.")
|
|||
;; Windows
|
||||
(list zip
|
||||
(make-mingw-pthreads-cross-toolchain "x86_64-w64-mingw32")
|
||||
(make-nsis-with-sde-support nsis-x86_64)))
|
||||
(make-nsis-with-sde-support nsis-x86_64)
|
||||
osslsigncode))
|
||||
((string-contains target "-linux-")
|
||||
(list (make-bitcoin-cross-toolchain target)))
|
||||
((string-contains target "darwin")
|
||||
(list clang-toolchain-10 binutils imagemagick libtiff librsvg font-tuffy cmake xorriso))
|
||||
(list clang-toolchain-10 binutils imagemagick libtiff librsvg font-tuffy cmake xorriso python-signapple))
|
||||
(else '())))))
|
||||
|
|
392
contrib/guix/patches/gcc-8-sort-libtool-find-output.patch
Normal file
392
contrib/guix/patches/gcc-8-sort-libtool-find-output.patch
Normal file
|
@ -0,0 +1,392 @@
|
|||
diff --git a/gcc/configure b/gcc/configure
|
||||
index 97ba7d7d69c..e37a96f0c0c 100755
|
||||
--- a/gcc/configure
|
||||
+++ b/gcc/configure
|
||||
@@ -19720,20 +19720,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
prelink_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
old_archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
archive_expsym_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/libcc1/configure b/libcc1/configure
|
||||
index f53a121611c..5740ca90cab 100755
|
||||
--- a/libcc1/configure
|
||||
+++ b/libcc1/configure
|
||||
@@ -12221,20 +12221,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
prelink_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
old_archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
archive_expsym_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/libffi/configure b/libffi/configure
|
||||
index 790a291011f..54b1ac18306 100755
|
||||
--- a/libffi/configure
|
||||
+++ b/libffi/configure
|
||||
@@ -12661,20 +12661,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
prelink_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
old_archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
archive_expsym_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/libgo/config/libtool.m4 b/libgo/config/libtool.m4
|
||||
index f7005947454..8a84417b828 100644
|
||||
--- a/libgo/config/libtool.m4
|
||||
+++ b/libgo/config/libtool.m4
|
||||
@@ -6010,20 +6010,20 @@ if test "$_lt_caught_CXX_error" != yes; then
|
||||
_LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
_LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
_LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/libgo/config/ltmain.sh b/libgo/config/ltmain.sh
|
||||
index ce66b44906a..0f81c401407 100644
|
||||
--- a/libgo/config/ltmain.sh
|
||||
+++ b/libgo/config/ltmain.sh
|
||||
@@ -2917,7 +2917,7 @@ func_extract_archives ()
|
||||
darwin_file=
|
||||
darwin_files=
|
||||
for darwin_file in $darwin_filelist; do
|
||||
- darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
|
||||
+ darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP`
|
||||
$LIPO -create -output "$darwin_file" $darwin_files
|
||||
done # $darwin_filelist
|
||||
$RM -rf unfat-$$
|
||||
@@ -2932,7 +2932,7 @@ func_extract_archives ()
|
||||
func_extract_an_archive "$my_xdir" "$my_xabs"
|
||||
;;
|
||||
esac
|
||||
- my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
|
||||
+ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP`
|
||||
done
|
||||
|
||||
func_extract_archives_result="$my_oldobjs"
|
||||
diff --git a/libhsail-rt/configure b/libhsail-rt/configure
|
||||
index a4fcc10c1f9..8e671229fcd 100755
|
||||
--- a/libhsail-rt/configure
|
||||
+++ b/libhsail-rt/configure
|
||||
@@ -12244,20 +12244,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
prelink_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
old_archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
archive_expsym_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/libitm/configure b/libitm/configure
|
||||
index dbf386db434..29d4f10611f 100644
|
||||
--- a/libitm/configure
|
||||
+++ b/libitm/configure
|
||||
@@ -13067,20 +13067,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
prelink_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
old_archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
archive_expsym_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/liboffloadmic/configure b/liboffloadmic/configure
|
||||
index f873716991b..7aa9186b10e 100644
|
||||
--- a/liboffloadmic/configure
|
||||
+++ b/liboffloadmic/configure
|
||||
@@ -12379,20 +12379,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
prelink_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
old_archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
archive_expsym_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/liboffloadmic/plugin/configure b/liboffloadmic/plugin/configure
|
||||
index c031eb3e7fa..67fc7368f21 100644
|
||||
--- a/liboffloadmic/plugin/configure
|
||||
+++ b/liboffloadmic/plugin/configure
|
||||
@@ -12086,20 +12086,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
prelink_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
old_archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
archive_expsym_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/libsanitizer/configure b/libsanitizer/configure
|
||||
index 4695bc7d4f7..cb7d25c07e6 100755
|
||||
--- a/libsanitizer/configure
|
||||
+++ b/libsanitizer/configure
|
||||
@@ -13308,20 +13308,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
prelink_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
old_archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
archive_expsym_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/libstdc++-v3/configure b/libstdc++-v3/configure
|
||||
index 61457e940ec..21ef1f61e41 100755
|
||||
--- a/libstdc++-v3/configure
|
||||
+++ b/libstdc++-v3/configure
|
||||
@@ -13087,20 +13087,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
prelink_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
old_archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
archive_expsym_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/libtool.m4 b/libtool.m4
|
||||
index 24d13f34409..940faaa161d 100644
|
||||
--- a/libtool.m4
|
||||
+++ b/libtool.m4
|
||||
@@ -6005,20 +6005,20 @@ if test "$_lt_caught_CXX_error" != yes; then
|
||||
_LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
_LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
_LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/libvtv/configure b/libvtv/configure
|
||||
index a197f750453..31ab3a0637b 100755
|
||||
--- a/libvtv/configure
|
||||
+++ b/libvtv/configure
|
||||
@@ -13339,20 +13339,20 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
|
||||
prelink_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
|
||||
- compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
|
||||
+ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
|
||||
old_archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
|
||||
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
|
||||
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
|
||||
$RANLIB $oldlib'
|
||||
archive_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
archive_expsym_cmds_CXX='tpldir=Template.dir~
|
||||
rm -rf $tpldir~
|
||||
$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
|
||||
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
|
||||
;;
|
||||
*) # Version 6 and above use weak symbols
|
||||
archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
|
||||
diff --git a/ltmain.sh b/ltmain.sh
|
||||
index 9503ec85d70..79f9ba89af5 100644
|
||||
--- a/ltmain.sh
|
||||
+++ b/ltmain.sh
|
||||
@@ -2917,7 +2917,7 @@ func_extract_archives ()
|
||||
darwin_file=
|
||||
darwin_files=
|
||||
for darwin_file in $darwin_filelist; do
|
||||
- darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
|
||||
+ darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP`
|
||||
$LIPO -create -output "$darwin_file" $darwin_files
|
||||
done # $darwin_filelist
|
||||
$RM -rf unfat-$$
|
||||
@@ -2932,7 +2932,7 @@ func_extract_archives ()
|
||||
func_extract_an_archive "$my_xdir" "$my_xabs"
|
||||
;;
|
||||
esac
|
||||
- my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
|
||||
+ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP`
|
||||
done
|
||||
|
||||
func_extract_archives_result="$my_oldobjs"
|
13
contrib/guix/patches/oscrypto-hard-code-openssl.patch
Normal file
13
contrib/guix/patches/oscrypto-hard-code-openssl.patch
Normal file
|
@ -0,0 +1,13 @@
|
|||
diff --git a/oscrypto/__init__.py b/oscrypto/__init__.py
|
||||
index eb27313..371ab24 100644
|
||||
--- a/oscrypto/__init__.py
|
||||
+++ b/oscrypto/__init__.py
|
||||
@@ -302,3 +302,8 @@ def load_order():
|
||||
'oscrypto._win.tls',
|
||||
'oscrypto.tls',
|
||||
]
|
||||
+
|
||||
+
|
||||
+paths = '@GUIX_OSCRYPTO_USE_OPENSSL@'.split(',')
|
||||
+assert len(paths) == 2, 'Value for OSCRYPTO_USE_OPENSSL env var must be two paths separated by a comma'
|
||||
+use_openssl(*paths)
|
|
@ -25,7 +25,7 @@ CERTFILE="win-codesign.cert"
|
|||
mkdir -p "${OUTSUBDIR}"
|
||||
basename -a $(ls -1 "${SRCDIR}"/*-unsigned.exe) | while read UNSIGNED; do
|
||||
echo Signing "${UNSIGNED}"
|
||||
"${OSSLSIGNCODE}" sign -certs "${CERTFILE}" -t "${TIMESERVER}" -in "${SRCDIR}/${UNSIGNED}" -out "${WORKDIR}/${UNSIGNED}" "$@"
|
||||
"${OSSLSIGNCODE}" sign -certs "${CERTFILE}" -t "${TIMESERVER}" -h sha256 -in "${SRCDIR}/${UNSIGNED}" -out "${WORKDIR}/${UNSIGNED}" "$@"
|
||||
"${OSSLSIGNCODE}" extract-signature -pem -in "${WORKDIR}/${UNSIGNED}" -out "${OUTSUBDIR}/${UNSIGNED}.pem" && rm "${WORKDIR}/${UNSIGNED}"
|
||||
done
|
||||
|
||||
|
|
Loading…
Reference in a new issue