Commit graph

241 commits

Author SHA1 Message Date
Wladimir J. van der Laan
12408d33c6
Merge #15549: gitian: Improve error handling
32da92bdf6 gitian: Improve error handling (Wladimir J. van der Laan)

Pull request description:

  Improve error handling in gitian builds:

  - Set fail-on-error and pipefail flag, this causes a command to fail when either of the pipe stages fails, not only when the last of the stages fails, so this improves error detection.
  - Also use `xargs` instead of `find -exec`, because `find` will not propagate errors in the executed command, but `xargs` will.

  This will avoid some issues like #15541 where non-determinism is silently introduced due to errors caused by environment conditions (such as lack of disk space in that case).

Tree-SHA512: d5d3f22ce2d04a75e5c25e935744327c3adc704c2d303133f2918113573a564dff3d3243d5569a2b93ee7eb0e97f8e1b1ba81767e966af9015ea711a14091035
2019-03-09 06:45:19 +01:00
MarcoFalke
923d87497c
Merge #15528: contrib: Bump gitian descriptors for 0.19
fa58a2e335 contrib: Bump gitian descriptors for 0.19 (MarcoFalke)

Pull request description:

  Bump the cache directory (as in 263b3777e7)

Tree-SHA512: 2f9a4f8c14c3c6cef30bcdfed638486c6b957068b1e2380cbde1719c9bf8b53bcaff35833272a879af5b031e3ea0a32cc16f78cc7e4d7399037de89132311c5b
2019-03-08 09:12:03 -05:00
Wladimir J. van der Laan
32da92bdf6 gitian: Improve error handling 2019-03-07 17:21:46 +01:00
MarcoFalke
fa58a2e335
contrib: Bump gitian descriptors for 0.19 2019-03-04 14:44:23 -05:00
MarcoFalke
fab5a1e0f4
build: Require python 3.5 2019-03-02 10:40:23 -05:00
Wladimir J. van der Laan
0c9bea5a00
Merge #14037: Add README.md to linux release tarballs
8550f1fb28 Add README.md to linux release tarballs (Hennadii Stepanov)

Pull request description:

  fix #8160

  Gitian building report for 0.17.0rc2:
  ```
  7d89d7dc3488915ec2380253a69fb3b8f8065592e24c5b2a99a91da30f2142cc  bitcoin-0.17.0-aarch64-linux-gnu-debug.tar.gz
  fcb292fd2c4fca88e5cc5a97ee7fa3390d3c7221aada166fe7822d64a2ee9dfa  bitcoin-0.17.0-aarch64-linux-gnu.tar.gz
  0ec6f979a823a6b6084d2e80605dffd3ccdda359e8459cebec25092c1087348f  bitcoin-0.17.0-arm-linux-gnueabihf-debug.tar.gz
  45af8757a2315125afe2f4d4f276d9b9cf616b8ab814284ce2f82b9a345971d8  bitcoin-0.17.0-arm-linux-gnueabihf.tar.gz
  b37b6d9bda864af968dfab6eebb245e75ecc56eb18b139b946270933381ea288  bitcoin-0.17.0-i686-pc-linux-gnu-debug.tar.gz
  20c96a5509eeb3e8ec505f18914ef9231beef1fec5e9e1c4b33ec6c6b613d146  bitcoin-0.17.0-i686-pc-linux-gnu.tar.gz
  d505888594a04dab2b34ccd6863b8f25eb97d9cb76650e39d93f4d6c09d4c55a  bitcoin-0.17.0-x86_64-linux-gnu-debug.tar.gz
  f55b16716c3295e309c816e170911380a5a26e9be3a336b213f2f412f0b159b3  bitcoin-0.17.0-x86_64-linux-gnu.tar.gz
  01c6b5ce15b9f3fcdcce96baae14eb04ab2605f2294d333e96b66e004594eea6  src/bitcoin-0.17.0.tar.gz
  ```
  Release tarball content:
  ```
  $ tar -tf bitcoin-binaries/0.17.0rc2/bitcoin-0.17.0-x86_64-linux-gnu.tar.gz
  bitcoin-0.17.0/
  bitcoin-0.17.0/bin/
  bitcoin-0.17.0/bin/bitcoin-cli
  bitcoin-0.17.0/bin/bitcoind
  bitcoin-0.17.0/bin/bitcoin-qt
  bitcoin-0.17.0/bin/bitcoin-tx
  bitcoin-0.17.0/bin/test_bitcoin
  bitcoin-0.17.0/include/
  bitcoin-0.17.0/include/bitcoinconsensus.h
  bitcoin-0.17.0/lib/
  bitcoin-0.17.0/lib/libbitcoinconsensus.so
  bitcoin-0.17.0/lib/libbitcoinconsensus.so.0
  bitcoin-0.17.0/lib/libbitcoinconsensus.so.0.0.0
  bitcoin-0.17.0/README.md
  bitcoin-0.17.0/share/
  bitcoin-0.17.0/share/man/
  bitcoin-0.17.0/share/man/man1/
  bitcoin-0.17.0/share/man/man1/bitcoin-cli.1
  bitcoin-0.17.0/share/man/man1/bitcoind.1
  bitcoin-0.17.0/share/man/man1/bitcoin-qt.1
  bitcoin-0.17.0/share/man/man1/bitcoin-tx.1
  ```

Tree-SHA512: 2a0c069d6533502a95a83eaba57b9828bddd03ab4a4fc47027b0068c9f04837f107abc448d82c929aa1f45441d2459cf6f2ad74b97a4d953f66dc81031bd521a
2018-08-31 13:05:15 +02:00
Hennadii Stepanov
8550f1fb28
Add README.md to linux release tarballs
fix #8160
2018-08-28 00:33:37 +03:00
Chun Kuan Lee
c516c3a770 [contrib] Support ARM and RISC-V symbol check 2018-08-25 21:08:16 +08:00
Wladimir J. van der Laan
3c8d1ae153
Merge #13665: [build] Add risc-v support to gitian
c4aecd1d80 Add risc-v 64-bit to gitian (Chun Kuan Lee)
96dda8b058 [depends] Add riscv qt depends support for cross compiling bitcoin-qt (Chun Kuan Lee)

Pull request description:

  Based on ~#13660~ #13710 ,  add gitian tarball for RISC-V

Tree-SHA512: 8db73545a2ea7fe03fa156598479335ea3c79aa3fb9c5cc44b8563094b1deb7c94d29c1dab47fac129dbfa2e3e774301b526474beeeb59c9b0087d3ea087dbd6
2018-08-16 20:33:50 +02:00
fanquake
263b3777e7
gitian: bump descriptors for (0.)18 2018-08-13 21:44:22 +08:00
Chun Kuan Lee
c4aecd1d80 Add risc-v 64-bit to gitian 2018-08-09 03:35:51 +08:00
MarcoFalke
8284f1dc40
Merge #13782: Fix osslsigncode compile issue in gitian-build
284f424d5a Fix osslsigncode compile issue in gitian-build (Chun Kuan Lee)

Pull request description:

  Install libssl1.0-dev that is compatible with osslsigncode.

  Fixes #13762

  Verifed that this gitian descriptor file can sign 0.16.2rc2.

Tree-SHA512: 3029b86e77567a4e033b5ad95826e60df12a0486ac3c4afcac48218f5c76ba49e7f1c1307ce93ffc465ca2f24e12c401e4542929263688e4bd6521aeca3ff73b
2018-07-30 13:10:56 -04:00
Chun Kuan Lee
284f424d5a Fix osslsigncode compile issue in gitian-build 2018-07-30 22:43:24 +08:00
MarcoFalke
e8ffec69f7
Merge #13732: Depends: Fix Qt's rcc determinism
6b5506a286 Fix Qt's rcc determinism for depends/gitian (Fuzzbawls)

Pull request description:

  With the update to Qt 5.9 having been merged, Qt's `rcc` tool now embeds a file's last modified time in it's output. Since the build system generates temporary files for all locale translations (`*.qm` files) at build time, the resulting `qrc_bitcoin_locale.cpp` file was always being generated in a non-deterministic way.

  This is a backport of https://bugreports.qt.io/browse/QTBUG-62511, which is included in Qt versions 5.11+, that allows for an environment variable (`QT_RCC_SOURCE_DATE_OVERRIDE`) to override the behavior described above. This environment variable is in turn set in the gitian descriptors, as that is where determinism is vital for release purposes.

  Prior to this, the `qt_libbitcoinqt_a-qrc_bitcoin_locale.o` object file (included into `libbitcoinqt.a`) was returning a different `sha256sum` for each and every build, regardless of file contents change, thus breaking determinism in the resulting binaries.

  This should fix #13731

Tree-SHA512: 174017e41f9afc3950ef54a9419de81577ec900db9aec3c78ccd3d879c6aecaaeb944fde0615b933f43e6ca9d7898a27ec071cdd0b91cb772755a3012de96725
2018-07-29 08:06:45 -04:00
Fuzzbawls
6b5506a286
Fix Qt's rcc determinism for depends/gitian
Backport of https://bugreports.qt.io/browse/QTBUG-62511 to resolve
locale determinism during the build process.
2018-07-25 13:53:53 -07:00
fanquake
26b15df99d
depends: set OSX_MIN_VERSION to 10.10 2018-07-25 07:30:27 +08:00
Chun Kuan Lee
c1afe3232f Change gitian-descriptors to use bionic instead 2018-07-16 10:42:32 +00:00
DesWurstes
000000035b Obsolete #!/bin/bash shebang 2018-06-20 11:12:41 +03:00
Cory Fields
d7f438a026 gitian: bump descriptors for (0.)17 2018-02-15 17:29:39 -05:00
fanquake
bb174e19bc
[docs] Remove partial gitian instructions from descriptors dir 2017-09-28 21:07:36 +08:00
Cory Fields
4452829b10 gitian: quick hack to fix version string in releases
Release version strings were broken in Gitian by 7522. This is a minimal fix
suitable for 0.15.

After this, we should fix up version handling for good so that gitian packages
the correct string in the release tarball, so that git is not required to get
the tag name.
2017-08-20 00:31:05 -04:00
MarcoFalke
6366941275
Merge #10680: Fix inconsistencies and grammar in various files
1d8df0141 Fix MD formatting in REST-interface.md and spelling mistake in test_runner.py (MeshCollider)
41f3e84aa Fix inconsistencies and grammar in various files (MeshCollider)

Pull request description:

  Just a simple fix of some inconsistent capitalization, formatting and grammar in a few files (no code changes)

Tree-SHA512: 60b12a5a5c69a1af4a25b7db0b32ed806ed62ad2966cee08b3792a7cfa7f51848fd485349b4c09e60a7eedfdf55ee730c51daa066d6e226ae404c93342bf3e13
2017-08-16 00:46:40 +02:00
Wladimir J. van der Laan
140de14a12
gitian: bump descriptors for master
Tree-SHA512: dc56ab285ea3fd293794341d7e2f8452730d3efb59f793112d4e1b036a051f9d221a7e577a460b426ecfb1578558203fa6a432efc62e6cabc534059719a2b437
2017-08-14 17:38:10 +02:00
MeshCollider
41f3e84aac Fix inconsistencies and grammar in various files 2017-06-27 19:59:07 +12:00
Wladimir J. van der Laan
d25449f858
Merge #7522: Bugfix: Only use git for build info if the repository is actually the right one
ed1fcdc Bugfix: Detect genbuild.sh in repo correctly (Luke Dashjr)
e98e3dd Bugfix: Only use git for build info if the repository is actually the right one (Luke Dashjr)

Tree-SHA512: 510d7ec8cfeff4e8e0c7ac53631eb32c7acaada7017e7f8cc2e6f60d86afe1cd131870582e01022f961c85a783a130bcb8fef971f8b110070c9c02afda020726
2017-05-17 11:07:01 +02:00
Wladimir J. van der Laan
2cc0df1fce
Merge #9514: release: Windows signing script
09fe2d9 release: update docs to show basic codesigning procedure (Cory Fields)
f642753 release: create a bundle for the new signing script (Cory Fields)
0068361 release: add win detached sig creator and our cert chain (Cory Fields)

Tree-SHA512: 032ad84697c70faaf857b9187f548282722cffca95d658e36413dc048ff02d9183253373254ffcc1158afb71140753f35abfc9fc8781ea5329c04d13c98759c0
2017-03-13 07:44:53 +01:00
Cory Fields
8e5cca027f gitian: bump descriptors for master
This was skipped for the 0.14 cycle.
2017-02-17 16:11:43 -05:00
Cory Fields
f642753887 release: create a bundle for the new signing script
Also change the mac filename to match

The procedure remains the same, but now there's a nifty script to automate
the signing process.

Future steps:
- Build osslsigncode in the gitian-win descriptor so that the signer itself is
  deterministic.
- Verify in the gitian-win-signer descriptor that the expected cert chain was
  used.
2017-01-10 18:58:09 -05:00
Micha
3f7581d9a4
[TRIVIAL] reorder Windows gitian build order to match Linux
The consistency is helpful for gauging Gitian build progress. Right now it's necessary to remember which platform builds in which order, which can be confusing if you're attempting to get a quick idea of how far along your builds are.
2016-10-18 01:07:53 +03:00
Luke Dashjr
df634908ba Merge tag 'branch-0.13' into bugfix_gitdir 2016-08-09 05:45:50 +00:00
Cory Fields
099d4b0b65 gitian: use a wrapped gcc/g++ to avoid the need for a system change
C_INCLUDE_PATH and CPLUS_INCLUDE_PATH work globally as though -isystem was used
for each invocation.

Since that changes the build results, force a rebuild of x86 depends by adding
the value to $HOST_ID_SALT.
2016-07-07 20:13:08 -04:00
Jonas Schnelli
6194d9a501
Fix bitcoin_qt.m4 and fix-xcb-include-order.patch 2016-06-17 15:56:05 +02:00
Wladimir J. van der Laan
cca1c8cff0
Merge #8194: [gitian] set correct PATH for wrappers
fa61756 [gitian] set correct PATH for wrappers (MarcoFalke)
2016-06-14 09:13:44 +02:00
MarcoFalke
fa61756842 [gitian] set correct PATH for wrappers 2016-06-12 14:22:07 +02:00
Cory Fields
9d25362087 build: add armhf/aarch64 gitian builds
- create a script to handle split debug. This will also eventually need to check
  targets, and use dsymutil for osx.
- update config.guess/config.sub for bdb for aarch64.
- temporarily disable symbol checks for arm/aarch64
- quit renaming to linux32/linux64 and use the host directly

This also adds a hack to work around an Ubuntu bug in the gcc-multilib package:
https://bugs.launchpad.net/ubuntu/+source/gcc-defaults-armhf-cross/+bug/1347820

The problem is that gcc-multilib conflicts with the aarch toolchain.
gcc-multilib installs a symlink that points
/usr/include/asm -> /usr/include/x86_64-linux-gnu/asm.

Without this link, gcc -m32 can't find asm/errno.h (and others), since
/usr/include/x86_64-linux-gnu isn't in its default include path. But
/usr/include/i386-linux-gnu is (though it doesn't exist on disk).

So work around the problem by linking
/usr/include/i386-linux-gnu/asm -> /usr/include/x86_64-linux-gnu/asm.

The symlink fix is actually quite reasonable, but echoing the password into
sudo is nasty, and should probably be addressed in gitian itself. It makes more
sense to enable passwordless sudo for the build user by default.
2016-06-10 05:34:50 -04:00
Wladimir J. van der Laan
fd9881ae67
Merge #7283: [gitian] Default reference_datetime to commit author date
fa42a67 [gitian] hardcode datetime for depends (MarcoFalke)
fa58c76 [gitian] Default reference_datetime to commit author date (MarcoFalke)
2016-06-09 11:14:20 +02:00
Wladimir J. van der Laan
172cd7f10c
Merge #8169: OSX diskimages need 0775 folder permissions
cdf7dff OSX diskimages need 0775 folder permissions Avoids endless Gatekeeper warnings (#7085) (Jonas Schnelli)
2016-06-09 10:50:58 +02:00
Wladimir J. van der Laan
74c1347482 gitian: Add --disable-bench to config flags for windows
Forgot to do this in #7776.
2016-06-09 07:14:42 +02:00
Jonas Schnelli
cdf7dff424
OSX diskimages need 0775 folder permissions
Avoids endless Gatekeeper warnings (#7085)
2016-06-08 13:25:50 +02:00
Cory Fields
7e7eb2724e gitian: create debug packages for linux/windows
The -debug tarballs/zips contain detached debugging symbols. To use them, place
in the same dir as the target binary, and invoke gdb as usual.

Also, because the debug symbols add a substantial space requirement, the build
dirs are now deleted when they're no longer needed.
2016-06-07 23:13:49 -04:00
Cory Fields
ad38204e6e gitian: use CONFIG_SITE rather than hijacking the prefix 2016-06-07 22:11:43 -04:00
MarcoFalke
faf3d11ad7 [doc] Update bitcoin-core GitHub links 2016-04-29 23:07:06 +02:00
MarcoFalke
fa42a675c0 [gitian] hardcode datetime for depends 2016-04-10 22:58:16 +02:00
Wladimir J. van der Laan
f063863d1f build: Remove unnecessary executables from gitian release
This removes the following executables from the binary gitian release:

- test_bitcoin-qt[.exe]
- bench_bitcoin[.exe]

@jonasschnelli and me discussed this on IRC a few days ago - unlike the
normal `bitcoin_tests` which is useful to see if it is safe to run
bitcoin on a certain OS/environment combination, there is no good reason
to include these. Better to leave them out to reduce the download
size.

Sizes from the 0.12 release:
```
2.4M bitcoin-0.12.0/bin/bench_bitcoin.exe
 22M bitcoin-0.12.0/bin/test_bitcoin-qt.exe
```
2016-04-03 15:11:44 +02:00
MarcoFalke
fa58c76b9f [gitian] Default reference_datetime to commit author date 2016-03-01 19:47:27 +01:00
Luke Dashjr
e5daa2e2ae Merge branch 'master' into depends_curl 2016-02-27 06:11:37 +00:00
Luke Dashjr
5c70a6d6d1 Bugfix: gitian: Add curl to packages (now needed for depends) 2016-02-27 06:09:18 +00:00
Luke Dashjr
e98e3dde6a Bugfix: Only use git for build info if the repository is actually the right one
Also adds ability to disable check with BITCOIN_GENBUILD_NO_GIT=1 in the environment
2016-02-12 05:38:01 +00:00
Luke Dashjr
a68bb9f5e7 Merge branch 'master' into single_prodname 2016-02-03 05:41:13 +00:00
Cory Fields
a81c87fafc release: add security/symbol checks to gitian 2016-01-26 23:07:04 -05:00
Wladimir J. van der Laan
3b468a0e60 gitian: Need ca-certificates and python for LXC builds 2016-01-18 10:59:14 +01:00
Cory Fields
3503a78670 release: remove libc6 dependency from the osx signing descriptor
It is unneeded after the last toolchain update, and missing from Trusty.
2016-01-13 22:20:02 -05:00
Wladimir J. van der Laan
eb2b74526a
Merge pull request #7251
fa09562 [gitian] Set reference date to something more recent (MarcoFalke)
2016-01-04 09:29:58 +01:00
MarcoFalke
fa095622c2 [gitian] Set reference date to something more recent 2016-01-02 18:11:49 +01:00
Luke Dashjr
4d5a3df9d4 Bugfix: gitian-descriptors: Add missing python-setuptools requirement for OS X (biplist module) 2015-12-22 13:27:26 +00:00
Luke Dashjr
c39a6fffd7 Travis & gitian-osx: Use depends for ds_store and mac_alias modules 2015-12-22 04:37:47 +00:00
Luke Dashjr
e611b6e329 macdeploy: Use rsvg-convert rather than cairosvg 2015-12-22 04:37:45 +00:00
Luke Dashjr
63bcdc5227 More complicated package name substitution for Mac deployment 2015-12-22 03:24:21 +00:00
Wladimir J. van der Laan
c12ff995f7
Now that 0.12 has been branched, master is 0.12.99
... in preparation for 0.13
2015-12-03 12:07:01 +01:00
MarcoFalke
fa22a10028 contrib: Del. gitian downloader config and update gitian README 2015-11-30 16:34:11 +01:00
Wladimir J. van der Laan
957c0fd7c0 gitian: make windows build deterministic 2015-11-19 13:01:35 +01:00
Wladimir J. van der Laan
2e31d74b71 gitian: use trusty for building 2015-11-16 16:39:24 +01:00
Wladimir J. van der Laan
21d27ebad5 net: Disable upnp by default
Common sentiment is that the miniupnpc codebase likely contains further
vulnerabilities.

I'd prefer to get rid of the dependency completely, but a compromise for
now is to at least disable it by default.
2015-10-09 21:09:44 +02:00
Cory Fields
a3ba9a553a gitian: make the windows signing process match OSX 2015-06-30 10:57:14 -04:00
Cory Fields
d08cfc2bd7 gitian: add a gitian-win-signer descriptor
This is exactly like the current OSX signing process.

osslsigncode has been patched to detach and re-attach Windows signatures.
The changes can be seen here: https://github.com/theuni/osslsigncode/commits/attach-signature

There's a pull-request open upstream for the changes:
https://sourceforge.net/p/osslsigncode/osslsigncode/merge-requests/3/

This work has been back-ported to the stable 1.7.1 release of osslsigncode, so
that a smaller patch can be reviewed.
2015-06-18 18:17:36 -04:00
Cory Fields
c110575a92 gitian: Use the new bitcoin-detached-sigs git repo for OSX signatures
Rather than fetching a signature.tar.gz from somewhere on the net, instruct
Gitian to use a signature from a tag in the bitcoin-detached-sigs repository
which corresponds to the tag of the release being built.

This changes detached-sig-apply.sh to take a dirname rather than a tarball as
an argument, though detached-sig-create.sh still outputs a tarball for
convenience.
2015-06-10 17:54:46 -04:00
Cory Fields
960e99404f gitian: Bump cache dir for current master
Do not backport.
2015-06-02 10:41:56 -04:00
Cory Fields
be656283f9 gitian: bump faketime to something more recent
This helps in file views where binaries are sorted by time
2015-06-02 10:39:34 -04:00
Jonas Schnelli
7cef321e65 [Mac only] rename Bitcoin-Qt.app to "Bitcoin Core.app" 2015-05-19 11:03:49 +02:00
Cory Fields
c95ac83e51 gitian: fix x86_64 build with static libstdc++ 2015-02-23 19:43:25 -05:00
Cory Fields
06715165f9 build: change reduce exports/static libstdc++ options for gitian and travis
For Gitian releases:
  - Windows builds remain unchanged. libstdc++ was already linked statically.
  - OSX builds remain unchanged. libstdc++ is tied to the SDK and not worth
    messing with.
  - Linux builds now statically link libstdc++.

For Travis:
  - Match the previous behavior by adding --enable-reduce-exports as
  necessary.
  - Use static libstdc++ for the full Linux build.
2015-02-23 18:22:58 -05:00
Cory Fields
0c6ab676ee gitian: don't add . to tar list
Since permissions and timestamps are changed for the sake of determinism,
. must not be added to the archive. Otherwise, tar may try to modify pwd when
extracting.
2015-02-13 03:08:08 -05:00
Cory Fields
f0172bf91e osx: bump build sdk to 10.9 2015-01-20 01:49:20 -05:00
Cory Fields
46f54bf796 build: osx builders no longer need 32bit compiler support 2015-01-02 15:09:43 -05:00
Cory Fields
0d50c2fd81 dmg: fix deterministic dmg creation and docs 2014-12-30 02:47:38 -05:00
Cory Fields
566c6cb8a2 gitian: attempt to fix tarball determinisim 2014-12-23 19:43:27 -05:00
Cory Fields
914868a05d build: add a deterministic dmg signer 2014-11-26 00:57:16 -05:00
Cory Fields
52bb7a7e1b gitian: update descriptors to use a sane uniform output 2014-11-25 18:49:02 -05:00
Cory Fields
246659aff1 gitian: make tarballs deterministic and nuke .la files from build output 2014-11-19 22:49:41 -05:00
Cory Fields
4bbbdf3244 gitian: quick docs update 2014-11-19 22:49:41 -05:00
Cory Fields
1aead42d41 gitian: descriptors overhaul
Descriptors now make use of the dependencies builder, so results are cached.
A very new version (>= e9741525c) of Gitian should be used in order to take
advantage of caching.
2014-11-19 22:49:41 -05:00
Luke Dashjr
ab72068565 Bugfix: Replace bashisms with standard sh in gitian descriptors 2014-10-03 23:45:26 +00:00
Cory Fields
a7ec027311 gitian: remove unneeded option after last commit 2014-07-22 09:21:09 -04:00
Cory Fields
b150b09edc secp256k1: add libtool as a dependency 2014-07-01 12:27:15 -04:00
Wladimir J. van der Laan
6e7c4d17d8 gitian: upgrade OpenSSL to 1.0.1h
Upgrade for https://www.openssl.org/news/secadv_20140605.txt

Just in case - there is no vulnerability that affects ecdsa signing or
verification.

The MITM attack vulnerability (CVE-2014-0224) may have some effect on
our usage of SSL/TLS.

As long as payment requests are signed (which is the common case), usage
of the payment protocol should also not be affected.

The TLS usage in RPC may be at risk for MITM attacks. If you have
`-rpcssl` enabled, be sure to update OpenSSL as soon as possible.
2014-06-05 17:24:38 +02:00
Wladimir J. van der Laan
386e732a5f gitian: make linux qt intermediate deterministic
A qt installation date snuck into the host utils (lrelease etc)
This doesn't affect the end product, so no dependency version bump.

It also doesn't explain why gavin's and mine build is different
2014-06-02 09:46:59 +02:00
Cory Fields
2869b1349b release: Bump the OSX SDK to 10.7 for gitian builds
This fixes the display on Retina Macbooks. It also moves us away from depending
on the ancient XCode3 sdk.
2014-05-24 11:47:08 -04:00
Cory Fields
1a97b22b9c
gitian: Add OSX build descriptors
Github-Pull: #4185
Rebased-By: Wladimir J. van der Laan
Rebased-From: bb5da27, 2288206, 7fe8fe6, f76db78, ebcf375, fa1ed7c, 397e9b8
2014-05-21 11:20:52 +02:00
Wladimir J. van der Laan
51cb8fe870
gitian: use right qt tools in linux build
If the `libqt4-dev` package is installed it picks the moc executable
from the system instead of our custom-built one. This results in
compatibility errors.

This commit convinces configure to pick the right one.
2014-05-02 15:15:45 +02:00
Wladimir J. van der Laan
92e3022f88 gitian: don't export any symbols from executable
This avoids conflicts between the libraries statically linked into bitcoin and any
libraries we may link dynamically (such as Qt and OpenSSL, see issue #4094).
It also avoids start-up overhead to not export any unnecessary symbols.
To do this, build a linker script that marks all symbols as local.
2014-04-30 15:30:39 +02:00
Wladimir J. van der Laan
3ab1664594 gitian: build against Qt 4.6
Should make it possible to run the resulting GUI executable on
Linux distributions that use Qt 4.6, such as Debian Wheezy and Tails.

Builds a mini-SDK for building against Qt 4.6. This includes the headers
as well as host utilities such as `lrelease`, `qrc` and `moc`.

This speeds up the gitian build a bit - libqt4-dev pulled in a lot of packages,
and is no longer needed as this provides a replacement of our own.

Note: This does not replace the Qt build with at static library. After this
commit we still build dynamically against the system Qt library. The only
difference is that compatibility with an older version is maintained. This
loses minor GUI functionality (such as setPlaceholderText) but still
allows integration into the window management of the host OS, unlike
when statically linking.
2014-04-30 15:30:39 +02:00
Warren Togami
49a3352c1c gitian-linux: --enable-glibc-back-compat 2014-04-10 22:28:26 -04:00
Wladimir J. van der Laan
25d4911e86 gitian: upgrade miniupnpc input to 1.9
Bumps deps-linux, deps-win dependency versions as well.

qt-win does not need to be bumped, as although it depends on deps-win,
Qt doesn't use miniupnp. I verified this by rebuilding the dependency
and checking the the output is the same. Not having to rebuild Qt is a
good thing as it is huge.
2014-04-09 14:24:17 +02:00
Wladimir J. van der Laan
178825dec3
gitian: Version bump for Qt dependency
Bump Qt dependency version after OpenSSL update.
Very important. Thanks @michagogo for noting.
2014-04-08 11:51:59 +02:00
Wladimir J. van der Laan
fa2b42533a
Merge pull request #4023
4a811b0 gitian: upgrade openssl to 1.0.1g for both win and linux (Wladimir J. van der Laan)
2014-04-08 10:56:01 +02:00
Wladimir J. van der Laan
4a811b0053
gitian: upgrade openssl to 1.0.1g for both win and linux
OpenSSL 1.0.1g fixes CVE-2014-0160.

Also bump dependency versions.
2014-04-08 08:40:02 +02:00
Wladimir J. van der Laan
ddcd1afc5f gitian: add statically built variant of bitcoind/bitcoin-cli 2014-03-26 09:48:22 +01:00
Wladimir J. van der Laan
c337e2e905 Update gitian README.md 2014-03-21 13:31:22 +01:00
Wladimir J. van der Laan
93c3e21e92 Re-enable UPnP by default in gitian builds
IIRC this was the case with 0.8.6, so let's keep this to avoid the risk
of losing connectable nodes with 0.9 release.

Also our miniupnpc library was recently updated and I've heard
reports that it works better than before now.
2014-02-27 15:44:00 +01:00
Wladimir J. van der Laan
31b3d94ef5 gitian: Make protobuf win32 intermediate output deterministic
While building protobuf in different environments we noticed that
the host tool protoc was slightly different between builds (a symbol table
sorting issue).
Add a deterministic seed as well as disable zlib support.

Exected output is now:

    e2e403e1a08869c7eed4d4293bce13d51ec6a63592918b90ae215a0eceb44cb4 protobuf-win32-2.5.0-gitian-r4.zip
    a0999037e8b0ef9ade13efd88fee261ba401f5ca910068b7e0cd3262ba667db0 protobuf-win64-2.5.0-gitian-r4.zip

No effect on final executables so no version bump.
2014-02-25 07:58:11 +01:00