diff --git a/contrib/gitian-descriptors/boost-linux.yml b/contrib/gitian-descriptors/boost-linux.yml index 5d22294dd83..48b27aa26dd 100644 --- a/contrib/gitian-descriptors/boost-linux.yml +++ b/contrib/gitian-descriptors/boost-linux.yml @@ -6,6 +6,7 @@ architectures: - "i386" - "amd64" packages: +- "g++" - "unzip" - "pkg-config" - "libtool" diff --git a/contrib/gitian-descriptors/deps-linux.yml b/contrib/gitian-descriptors/deps-linux.yml index 41d8d65fb75..12c3179ea10 100644 --- a/contrib/gitian-descriptors/deps-linux.yml +++ b/contrib/gitian-descriptors/deps-linux.yml @@ -6,6 +6,7 @@ architectures: - "i386" - "amd64" packages: +- "g++" - "unzip" - "zip" - "pkg-config" @@ -50,7 +51,7 @@ script: | tar xjfm qrencode-3.4.3.tar.bz2 cd qrencode-3.4.3 # need --with-pic to avoid relocation error in 64 bit builds - ./configure --prefix=$STAGING --enable-static --disable-shared -with-pic --without-tools + ./configure --prefix=$STAGING --enable-static --disable-shared --with-pic --without-tools --disable-maintainer-mode --disable-dependency-tracking make $MAKEOPTS install cd .. # diff --git a/contrib/gitian-descriptors/deps-win.yml b/contrib/gitian-descriptors/deps-win.yml index ce7acc1e6a6..13d3a86fd94 100644 --- a/contrib/gitian-descriptors/deps-win.yml +++ b/contrib/gitian-descriptors/deps-win.yml @@ -107,7 +107,7 @@ script: | # tar xjf $INDIR/qrencode-3.4.3.tar.bz2 cd qrencode-3.4.3 - png_CFLAGS="-I$INSTALLPREFIX/include" png_LIBS="-L$INSTALLPREFIX/lib -lpng" ./configure --prefix=$INSTALLPREFIX --host=$HOST + png_CFLAGS="-I$INSTALLPREFIX/include" png_LIBS="-L$INSTALLPREFIX/lib -lpng" ./configure --prefix=$INSTALLPREFIX --host=$HOST --enable-static --disable-shared --without-tools --disable-maintainer-mode --disable-dependency-tracking make make install cd .. diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index 417f31e270b..329f4c6b49f 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -6,6 +6,7 @@ architectures: - "i386" - "amd64" packages: +- "g++" - "libqt4-dev" - "git-core" - "unzip" diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index 9364db4ef78..db0966c2011 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -22,8 +22,8 @@ remotes: - "url": "https://github.com/bitcoin/bitcoin.git" "dir": "bitcoin" files: -- "qt-win32-5.2.0-gitian-r1.zip" -- "qt-win64-5.2.0-gitian-r1.zip" +- "qt-win32-5.2.0-gitian-r2.zip" +- "qt-win64-5.2.0-gitian-r2.zip" - "boost-win32-1.55.0-gitian-r6.zip" - "boost-win64-1.55.0-gitian-r6.zip" - "bitcoin-deps-win32-gitian-r10.zip" @@ -36,6 +36,14 @@ script: | INDIR=$HOME/build OPTFLAGS='-O2' NEEDDIST=1 + # Qt: workaround for determinism in resource ordering + # Qt5's rcc uses a QHash to store the files for the resource. + # A security fix in QHash makes the ordering of keys to be different on every run + # (https://qt.gitorious.org/qt/qtbase/commit/c01eaa438200edc9a3bbcd8ae1e8ded058bea268). + # This is good in general but qrc shouldn't be doing a traversal over a randomized container. + # The thorough solution would be to use QMap instead of QHash, but this requires patching Qt. + # For now luckily there is a test mode that forces a fixed seed. + export QT_RCC_TEST=1 for BITS in 32 64; do # for architectures # STAGING=$HOME/staging${BITS} @@ -49,7 +57,7 @@ script: | mkdir -p $STAGING $BUILDDIR $BINDIR # cd $STAGING - unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r1.zip + unzip $INDIR/qt-win${BITS}-5.2.0-gitian-r2.zip unzip $INDIR/boost-win${BITS}-1.55.0-gitian-r6.zip unzip $INDIR/bitcoin-deps-win${BITS}-gitian-r10.zip unzip $INDIR/protobuf-win${BITS}-2.5.0-gitian-r4.zip diff --git a/contrib/gitian-descriptors/qt-win.yml b/contrib/gitian-descriptors/qt-win.yml index 3b9aeeb19fb..fed39cbc7cf 100644 --- a/contrib/gitian-descriptors/qt-win.yml +++ b/contrib/gitian-descriptors/qt-win.yml @@ -21,6 +21,14 @@ script: | # Defines export TZ=UTC INDIR=$HOME/build + # Qt: workaround for determinism in resource ordering + # Qt5's rcc uses a QHash to store the files for the resource. + # A security fix in QHash makes the ordering of keys to be different on every run + # (https://qt.gitorious.org/qt/qtbase/commit/c01eaa438200edc9a3bbcd8ae1e8ded058bea268). + # This is good in general but qrc shouldn't be doing a traversal over a randomized container. + # The thorough solution would be to use QMap instead of QHash, but this requires patching Qt. + # For now luckily there is a test mode that forces a fixed seed. + export QT_RCC_TEST=1 # Integrity Check echo "395ec72277c5786c65b8163ef5817fd03d0a1f524a6d47f53624baf8056f1081 qt-everywhere-opensource-src-5.2.0.tar.gz" | sha256sum -c @@ -71,7 +79,7 @@ script: | # as zip stores file timestamps, use faketime to intercept stat calls to set dates for all files to reference date export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 - zip -r $OUTDIR/qt-win${BITS}-5.2.0-gitian-r1.zip * + zip -r $OUTDIR/qt-win${BITS}-5.2.0-gitian-r2.zip * unset LD_PRELOAD unset FAKETIME done # for BITS in