diff --git a/contrib/gitian-build.sh b/contrib/gitian-build.sh index d1d420959e61..7ff689a10f28 100644 --- a/contrib/gitian-build.sh +++ b/contrib/gitian-build.sh @@ -1,4 +1,3 @@ -#!/bin/bash # Copyright (c) 2016 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. @@ -7,6 +6,7 @@ sign=false verify=false build=false +setupenv=false # Systems to build linux=true @@ -21,6 +21,7 @@ url=https://github.com/phoreproject/phore proc=2 mem=2000 lxc=true +docker=false osslTarUrl=http://downloads.sourceforge.net/project/osslsigncode/osslsigncode/osslsigncode-1.7.1.tar.gz osslPatchUrl=https://bitcoincore.org/cfields/osslsigncode-Backports-to-1.7.1.patch scriptName=$(basename -- "$0") @@ -28,7 +29,7 @@ signProg="gpg --detach-sign" commitFiles=true # Help Message -read -r -d '' usage <<- EOF +read -d '' usage <<- EOF Usage: $scriptName [-c|u|v|b|s|B|o|h|j|m|] signer version Run this script from the directory containing the phore, gitian-builder, gitian.sigs, and phore-detached-sigs. @@ -39,16 +40,18 @@ version Version number, commit, or branch to build. If building a commit or bra Options: -c|--commit Indicate that the version argument is for a commit or branch --u|--url Specify the URL of the repository. Default is https://github.com/phoreproject/phore +-u|--url Specify the URL of the repository. Default is url=https://github.com/phoreproject/phore -v|--verify Verify the gitian build -b|--build Do a gitian build -s|--sign Make signed binaries for Windows and Mac OSX -B|--buildsign Build both signed and unsigned binaries --o|--os Specify which Operating Systems the build is for. Default is lwx. l for linux, w for windows, x for osx, a for aarch64 +-o|--os Specify which Operating Systems the build is for. Default is lwx. l for linux, w for windows, x for osx -j Number of processes to use. Default 2 -m Memory to allocate in MiB. Default 2000 ---kvm Use KVM instead of LXC ---setup Setup the gitian building environment. Uses KVM. If you want to use lxc, use the --lxc option. Only works on Debian-based systems (Ubuntu, Debian) +--kvm Use KVM +--lxc Use LXC +--docker Use Docker +--setup Setup the gitian building environment. Uses KVM. If you want to use lxc, use the --lxc option. If you want to use Docker, use --docker. Only works on Debian-based systems (Ubuntu, Debian) --detach-sign Create the assert file for detached signing. Will not commit anything. --no-commit Do not commit anything to git -h|--help Print this help message @@ -78,7 +81,7 @@ while :; do -S|--signer) if [ -n "$2" ] then - SIGNER=$2 + SIGNER="$2" shift else echo 'Error: "--signer" requires a non-empty argument.' @@ -92,7 +95,6 @@ while :; do linux=false windows=false osx=false - aarch64=false if [[ "$2" = *"l"* ]] then linux=true @@ -105,13 +107,9 @@ while :; do then osx=true fi - if [[ "$2" = *"a"* ]] - then - aarch64=true - fi shift else - printf 'Error: "--os" requires an argument containing an l (for linux), w (for windows), x (for Mac OSX), or a (for aarch64)\n' + echo 'Error: "--os" requires an argument containing an l (for linux), w (for windows), or x (for Mac OSX)\n' exit 1 fi ;; @@ -158,8 +156,19 @@ while :; do fi ;; # kvm + --lxc) + lxc=true + docker=false + ;; + # kvm --kvm) lxc=false + docker=false + ;; + # docker + --docker) + lxc=false + docker=true ;; # Detach sign --detach-sign) @@ -185,7 +194,10 @@ if [[ $lxc = true ]] then export USE_LXC=1 export LXC_BRIDGE=lxcbr0 - sudo ifconfig lxcbr0 up 10.0.2.2 + sudo ifconfig lxcbr0 up 10.0.3.2 +elif [[ $docker = true ]] +then + export USE_DOCKER=1 fi # Check for OSX SDK @@ -196,9 +208,9 @@ then fi # Get signer -if [[ -n "$1" ]] +if [[ -n"$1" ]] then - SIGNER=$1 + SIGNER="$1" shift fi @@ -211,7 +223,7 @@ then fi # Check that a signer is specified -if [[ $SIGNER == "" ]] +if [[ "$SIGNER" == "" ]] then echo "$scriptName: Missing signer." echo "Try $scriptName --help for more information" @@ -231,47 +243,51 @@ if [[ $commit = false ]] then COMMIT="v${VERSION}" fi -echo "${COMMIT}" +echo ${COMMIT} # Setup build environment if [[ $setup = true ]] then sudo apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm qemu-utils - git clone https://github.com/phoreproject/gitian.sigs.git - git clone https://github.com/phoreproject/phore-detached-sigs.git - git clone https://github.com/devrandom/gitian-builder.git - pushd ./gitian-builder || exit + git clone https://github.com/phoreproject/gitian.sigs.git + git clone https://github.com/phoreproject/phore-detached-sigs.git + git clone https://github.com/devrandom/gitian-builder.git + pushd ./gitian-builder if [[ -n "$USE_LXC" ]] then sudo apt-get install lxc bin/make-base-vm --suite trusty --arch amd64 --lxc + elif [[ -n "$USE_DOCKER" ]] + then + sudo apt-get install docker-ce + bin/make-base-vm --suite trusty --arch amd64 --docker else bin/make-base-vm --suite trusty --arch amd64 fi - popd || exit + popd fi # Set up build -pushd ./phore || exit +pushd ./phore git fetch -git checkout "${COMMIT}" -popd || exit +git checkout ${COMMIT} +popd # Build if [[ $build = true ]] then # Make output folder - mkdir -p "./phore-binaries/${VERSION}" - + mkdir -p ./phore-binaries/${VERSION} + # Build Dependencies echo "" echo "Building Dependencies" echo "" - pushd ./gitian-builder || exit + pushd ./gitian-builder mkdir -p inputs wget -N -P inputs $osslPatchUrl wget -N -P inputs $osslTarUrl - make -C ../phore/depends download SOURCES_PATH="$(pwd)/cache/common" + make -C ../phore/depends download SOURCES_PATH=`pwd`/cache/common # Linux if [[ $linux = true ]] @@ -280,7 +296,7 @@ then echo "Compiling ${VERSION} Linux" echo "" ./bin/gbuild -j ${proc} -m ${mem} --commit phore=${COMMIT} --url phore=${url} ../phore/contrib/gitian-descriptors/gitian-linux.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-linux --destination ../gitian.sigs/ ../phore/contrib/gitian-descriptors/gitian-linux.yml + ./bin/gsign -p "$signProg" --signer "$SIGNER" --release ${VERSION}-linux --destination ../gitian.sigs/ ../phore/contrib/gitian-descriptors/gitian-linux.yml mv build/out/phore-*.tar.gz build/out/src/phore-*.tar.gz ../phore-binaries/${VERSION} fi # Windows @@ -290,7 +306,7 @@ then echo "Compiling ${VERSION} Windows" echo "" ./bin/gbuild -j ${proc} -m ${mem} --commit phore=${COMMIT} --url phore=${url} ../phore/contrib/gitian-descriptors/gitian-win.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-win-unsigned --destination ../gitian.sigs/ ../phore/contrib/gitian-descriptors/gitian-win.yml + ./bin/gsign -p "$signProg" --signer "$SIGNER" --release ${VERSION}-win-unsigned --destination ../gitian.sigs/ ../phore/contrib/gitian-descriptors/gitian-win.yml mv build/out/phore-*-win-unsigned.tar.gz inputs/phore-win-unsigned.tar.gz mv build/out/phore-*.zip build/out/phore-*.exe ../phore-binaries/${VERSION} fi @@ -301,21 +317,11 @@ then echo "Compiling ${VERSION} Mac OSX" echo "" ./bin/gbuild -j ${proc} -m ${mem} --commit phore=${COMMIT} --url phore=${url} ../phore/contrib/gitian-descriptors/gitian-osx.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-osx-unsigned --destination ../gitian.sigs/ ../phore/contrib/gitian-descriptors/gitian-osx.yml + ./bin/gsign -p "$signProg" --signer "$SIGNER" --release ${VERSION}-osx-unsigned --destination ../gitian.sigs/ ../phore/contrib/gitian-descriptors/gitian-osx.yml mv build/out/phore-*-osx-unsigned.tar.gz inputs/phore-osx-unsigned.tar.gz mv build/out/phore-*.tar.gz build/out/phore-*.dmg ../phore-binaries/${VERSION} fi - # AArch64 - if [[ $aarch64 = true ]] - then - echo "" - echo "Compiling ${VERSION} AArch64" - echo "" - ./bin/gbuild -j ${proc} -m ${mem} --commit phore=${COMMIT} --url phore=${url} ../phore/contrib/gitian-descriptors/gitian-aarch64.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-aarch64 --destination ../gitian.sigs/ ../phore/contrib/gitian-descriptors/gitian-aarch64.yml - mv build/out/phore-*.tar.gz build/out/src/phore-*.tar.gz ../phore-binaries/${VERSION} - fi - popd || exit + popd if [[ $commitFiles = true ]] then @@ -323,13 +329,12 @@ then echo "" echo "Committing ${VERSION} Unsigned Sigs" echo "" - pushd gitian.sigs || exit - git add ${VERSION}-linux/${SIGNER} - git add ${VERSION}-aarch64/${SIGNER} - git add ${VERSION}-win-unsigned/${SIGNER} - git add ${VERSION}-osx-unsigned/${SIGNER} + pushd gitian.sigs + git add ${VERSION}-linux/"${SIGNER}" + git add ${VERSION}-win-unsigned/"${SIGNER}" + git add ${VERSION}-osx-unsigned/"${SIGNER}" git commit -a -m "Add ${VERSION} unsigned sigs for ${SIGNER}" - popd || exit + popd fi fi @@ -337,7 +342,7 @@ fi if [[ $verify = true ]] then # Linux - pushd ./gitian-builder || exit + pushd ./gitian-builder echo "" echo "Verifying v${VERSION} Linux" echo "" @@ -347,16 +352,11 @@ then echo "Verifying v${VERSION} Windows" echo "" ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-win-unsigned ../phore/contrib/gitian-descriptors/gitian-win.yml - # Mac OSX + # Mac OSX echo "" echo "Verifying v${VERSION} Mac OSX" - echo "" + echo "" ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-osx-unsigned ../phore/contrib/gitian-descriptors/gitian-osx.yml - # AArch64 - echo "" - echo "Verifying v${VERSION} AArch64" - echo "" - ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-aarch64 ../phore/contrib/gitian-descriptors/gitian-aarch64.yml # Signed Windows echo "" echo "Verifying v${VERSION} Signed Windows" @@ -367,14 +367,14 @@ then echo "Verifying v${VERSION} Signed Mac OSX" echo "" ./bin/gverify -v -d ../gitian.sigs/ -r ${VERSION}-osx-signed ../phore/contrib/gitian-descriptors/gitian-osx-signer.yml - popd || exit + popd fi # Sign binaries if [[ $sign = true ]] then - - pushd ./gitian-builder || exit + + pushd ./gitian-builder # Sign Windows if [[ $windows = true ]] then @@ -382,7 +382,7 @@ then echo "Signing ${VERSION} Windows" echo "" ./bin/gbuild -i --commit signature=${COMMIT} ../phore/contrib/gitian-descriptors/gitian-win-signer.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-win-signed --destination ../gitian.sigs/ ../phore/contrib/gitian-descriptors/gitian-win-signer.yml + ./bin/gsign -p "$signProg" --signer "$SIGNER" --release ${VERSION}-win-signed --destination ../gitian.sigs/ ../phore/contrib/gitian-descriptors/gitian-win-signer.yml mv build/out/phore-*win64-setup.exe ../phore-binaries/${VERSION} mv build/out/phore-*win32-setup.exe ../phore-binaries/${VERSION} fi @@ -393,21 +393,22 @@ then echo "Signing ${VERSION} Mac OSX" echo "" ./bin/gbuild -i --commit signature=${COMMIT} ../phore/contrib/gitian-descriptors/gitian-osx-signer.yml - ./bin/gsign --signer $SIGNER --release ${VERSION}-osx-signed --destination ../gitian.sigs/ ../phore/contrib/gitian-descriptors/gitian-osx-signer.yml + ./bin/gsign -p "$signProg" --signer "$SIGNER" --release ${VERSION}-osx-signed --destination ../gitian.sigs/ ../phore/contrib/gitian-descriptors/gitian-osx-signer.yml mv build/out/phore-osx-signed.dmg ../phore-binaries/${VERSION}/phore-${VERSION}-osx.dmg fi - popd || exit + popd if [[ $commitFiles = true ]] then # Commit Sigs - pushd gitian.sigs || exit + pushd gitian.sigs echo "" echo "Committing ${VERSION} Signed Sigs" echo "" - git add ${VERSION}-win-signed/${SIGNER} - git add ${VERSION}-osx-signed/${SIGNER} + git add ${VERSION}-win-signed/"${SIGNER}" + git add ${VERSION}-osx-signed/"${SIGNER}" git commit -a -m "Add ${VERSION} signed binary sigs for ${SIGNER}" - popd || exit + popd fi fi + diff --git a/contrib/gitian-descriptors/gitian-aarch64.yml b/contrib/gitian-descriptors/gitian-aarch64.yml deleted file mode 100644 index b8066c735dcf..000000000000 --- a/contrib/gitian-descriptors/gitian-aarch64.yml +++ /dev/null @@ -1,171 +0,0 @@ ---- -name: "phore-aarch64-1.3" -enable_cache: true -suites: -- "xenial" -architectures: -- "amd64" -packages: -- "curl" -- "g++-aarch64-linux-gnu" -- "g++-4.9-aarch64-linux-gnu" -- "gcc-4.9-aarch64-linux-gnu" -- "binutils-aarch64-linux-gnu" -- "g++-4.9-multilib" -- "gcc-4.9-multilib" -- "binutils-gold" -- "git-core" -- "pkg-config" -- "autoconf" -- "libtool" -- "automake" -- "faketime" -- "bsdmainutils" -- "ca-certificates" -- "python" -reference_datetime: "2015-06-01 00:00:00" -remotes: -- "url": "https://github.com/phoreproject/phore.git" - "dir": "phore" -files: [] -script: | - - WRAP_DIR=$HOME/wrapped - HOSTS="aarch64-linux-gnu" - CONFIGFLAGS="--enable-glibc-back-compat --enable-reduce-exports --disable-bench --disable-gui-tests" - FAKETIME_HOST_PROGS="" - FAKETIME_PROGS="date ar ranlib nm" - HOST_CFLAGS="-O2 -g" - HOST_CXXFLAGS="-O2 -g -Wno-deprecated-declarations" - HOST_LDFLAGS=-static-libstdc++ - - export QT_RCC_TEST=1 - export GZIP="-9n" - export TAR_OPTIONS="--mtime="$REFERENCE_DATE\\\ $REFERENCE_TIME"" - export TZ="UTC" - export BUILD_DIR=`pwd` - mkdir -p ${WRAP_DIR} - if test -n "$GBUILD_CACHE_ENABLED"; then - export SOURCES_PATH=${GBUILD_COMMON_CACHE} - export BASE_CACHE=${GBUILD_PACKAGE_CACHE} - mkdir -p ${BASE_CACHE} ${SOURCES_PATH} - fi - - function create_global_faketime_wrappers { - for prog in ${FAKETIME_PROGS}; do - echo '#!/bin/bash' > ${WRAP_DIR}/${prog} - echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog} - echo 'export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${prog} - echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${prog} - echo "\$REAL \$@" >> $WRAP_DIR/${prog} - chmod +x ${WRAP_DIR}/${prog} - done - } - - function create_per-host_faketime_wrappers { - for i in $HOSTS; do - for prog in ${FAKETIME_HOST_PROGS}; do - echo '#!/bin/bash' > ${WRAP_DIR}/${i}-${prog} - echo "REAL=\`which -a ${i}-${prog} | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog} - echo 'export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${i}-${prog} - echo "export FAKETIME=\"$1\"" >> ${WRAP_DIR}/${i}-${prog} - echo "\$REAL \$@" >> $WRAP_DIR/${i}-${prog} - chmod +x ${WRAP_DIR}/${i}-${prog} - done - done - } - - # Faketime for depends so intermediate results are comparable - export PATH_orig=${PATH} - create_global_faketime_wrappers "2000-01-01 12:00:00" - create_per-host_faketime_wrappers "2000-01-01 12:00:00" - export PATH=${WRAP_DIR}:${PATH} - - EXTRA_INCLUDES_BASE=$WRAP_DIR/extra_includes - mkdir -p $EXTRA_INCLUDES_BASE - - # x86 needs /usr/include/i386-linux-gnu/asm pointed to /usr/include/x86_64-linux-gnu/asm, - # but we can't write there. Instead, create a link here and force it to be included in the - # search paths by wrapping gcc/g++. - - mkdir -p $EXTRA_INCLUDES_BASE/i686-pc-linux-gnu - rm -f $WRAP_DIR/extra_includes/i686-pc-linux-gnu/asm - ln -s /usr/include/x86_64-linux-gnu/asm $EXTRA_INCLUDES_BASE/i686-pc-linux-gnu/asm - - for prog in gcc g++; do - rm -f ${WRAP_DIR}/${prog} - cat << EOF > ${WRAP_DIR}/${prog} - #!/bin/bash - REAL="`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1`" - for var in "\$@" - do - if [ "\$var" = "-m32" ]; then - export C_INCLUDE_PATH="$EXTRA_INCLUDES_BASE/i686-pc-linux-gnu" - export CPLUS_INCLUDE_PATH="$EXTRA_INCLUDES_BASE/i686-pc-linux-gnu" - break - fi - done - \$REAL \$@ - EOF - chmod +x ${WRAP_DIR}/${prog} - done - - cd phore - BASEPREFIX=`pwd`/depends - # Build dependencies for each host - for i in $HOSTS; do - EXTRA_INCLUDES="$EXTRA_INCLUDES_BASE/$i" - if [ -d "$EXTRA_INCLUDES" ]; then - export HOST_ID_SALT="$EXTRA_INCLUDES" - fi - make ${MAKEOPTS} -C ${BASEPREFIX} HOST="${i}" - unset HOST_ID_SALT - done - - # Faketime for binaries - export PATH=${PATH_orig} - create_global_faketime_wrappers "${REFERENCE_DATETIME}" - create_per-host_faketime_wrappers "${REFERENCE_DATETIME}" - export PATH=${WRAP_DIR}:${PATH} - - # Create the release tarball using (arbitrarily) the first host - ./autogen.sh - CONFIG_SITE=${BASEPREFIX}/`echo "${HOSTS}" | awk '{print $1;}'`/share/config.site ./configure --prefix=/ - make dist - SOURCEDIST=`echo phore-*.tar.gz` - DISTNAME=`echo ${SOURCEDIST} | sed 's/.tar.*//'` - # Correct tar file order - mkdir -p temp - pushd temp - tar xf ../$SOURCEDIST - find phore-* | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ../$SOURCEDIST - popd - - ORIGPATH="$PATH" - # Extract the release tarball into a dir for each host and build - for i in ${HOSTS}; do - export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH} - mkdir -p distsrc-${i} - cd distsrc-${i} - INSTALLPATH=`pwd`/installed/${DISTNAME} - mkdir -p ${INSTALLPATH} - tar --strip-components=1 -xf ../$SOURCEDIST - - CONFIG_SITE=${BASEPREFIX}/${i}/share/config.site ./configure --prefix=/ --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} CFLAGS="${HOST_CFLAGS}" CXXFLAGS="${HOST_CXXFLAGS}" LDFLAGS="${HOST_LDFLAGS}" - make ${MAKEOPTS} - - make install DESTDIR=${INSTALLPATH} - cd installed - find . -name "lib*.la" -delete - find . -name "lib*.a" -delete - rm -rf ${DISTNAME}/lib/pkgconfig - find ${DISTNAME}/bin -type f -executable -exec ../contrib/devtools/split-debug.sh {} {} {}.dbg \; - #find ${DISTNAME}/lib -type f -exec ../contrib/devtools/split-debug.sh {} {} {}.dbg \; - find ${DISTNAME} -not -name "*.dbg" | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}.tar.gz - find ${DISTNAME} -name "*.dbg" | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}-debug.tar.gz - cd ../../ - rm -rf distsrc-${i} - done - mkdir -p $OUTDIR/src - mkdir -p $OUTDIR/src - mv $SOURCEDIST $OUTDIR/src diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index 237af5709d35..959c6f5b8821 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -27,7 +27,6 @@ packages: - "bsdmainutils" - "ca-certificates" - "python" -reference_datetime: "2015-06-01 00:00:00" remotes: - "url": "https://github.com/phoreproject/phore.git" "dir": "phore" @@ -157,6 +156,17 @@ script: | CONFIG_SITE=${BASEPREFIX}/${i}/share/config.site ./configure --prefix=/ --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} CFLAGS="${HOST_CFLAGS}" CXXFLAGS="${HOST_CXXFLAGS}" LDFLAGS="${HOST_LDFLAGS}" make ${MAKEOPTS} + make ${MAKEOPTS} -C src check-security + + #TODO: This is a quick hack that disables symbol checking for arm. + # Instead, we should investigate why these are popping up. + # For aarch64, we'll need to bump up the min GLIBC version, as the abi + # support wasn't introduced until 2.17. + case $i in + aarch64-*) : ;; + arm-*) : ;; + *) make ${MAKEOPTS} -C src check-symbols ;; + esac make install DESTDIR=${INSTALLPATH} cd installed @@ -164,12 +174,12 @@ script: | find . -name "lib*.a" -delete rm -rf ${DISTNAME}/lib/pkgconfig find ${DISTNAME}/bin -type f -executable -exec ../contrib/devtools/split-debug.sh {} {} {}.dbg \; - # find ${DISTNAME}/lib -type f -exec ../contrib/devtools/split-debug.sh {} {} {}.dbg \; + find ${DISTNAME}/lib -type f -exec ../contrib/devtools/split-debug.sh {} {} {}.dbg \; find ${DISTNAME} -not -name "*.dbg" | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}.tar.gz find ${DISTNAME} -name "*.dbg" | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}-debug.tar.gz cd ../../ rm -rf distsrc-${i} done mkdir -p $OUTDIR/src - mkdir -p $OUTDIR/src mv $SOURCEDIST $OUTDIR/src + diff --git a/contrib/gitian-descriptors/gitian-osx-signer.yml b/contrib/gitian-descriptors/gitian-osx-signer.yml index a886bca27af3..62f809d2f4d6 100644 --- a/contrib/gitian-descriptors/gitian-osx-signer.yml +++ b/contrib/gitian-descriptors/gitian-osx-signer.yml @@ -16,7 +16,7 @@ script: | mkdir -p ${WRAP_DIR} export PATH=`pwd`:$PATH FAKETIME_PROGS="dmg genisoimage" - + # Create global faketime wrappers for prog in ${FAKETIME_PROGS}; do echo '#!/bin/bash' > ${WRAP_DIR}/${prog} @@ -26,12 +26,12 @@ script: | echo "\$REAL \$@" >> $WRAP_DIR/${prog} chmod +x ${WRAP_DIR}/${prog} done - + UNSIGNED=phore-osx-unsigned.tar.gz SIGNED=phore-osx-signed.dmg - + tar -xf ${UNSIGNED} OSX_VOLNAME="$(cat osx_volname)" ./detached-sig-apply.sh ${UNSIGNED} signature/osx - ${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "Phore-Qt" -no-pad -r -dir-mode 0755 -apple -o uncompressed.dmg signed-app + ${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "${OSX_VOLNAME}" -no-pad -r -dir-mode 0755 -apple -o uncompressed.dmg signed-app ${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED} diff --git a/contrib/gitian-descriptors/gitian-rpi2.yml b/contrib/gitian-descriptors/gitian-rpi2.yml deleted file mode 100644 index cc2d23ec2f2b..000000000000 --- a/contrib/gitian-descriptors/gitian-rpi2.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -name: "phore-rpi2-1.3" -enable_cache: true -suites: -- "trusty" -architectures: -- "amd64" -packages: -- "curl" -- "g++-multilib" -- "git-core" -- "pkg-config" -- "autoconf2.13" -- "libtool" -- "automake" -- "faketime" -- "bsdmainutils" -- "binutils-gold" -- "ca-certificates" -- "python" -reference_datetime: "2015-06-01 00:00:00" -remotes: -- "url": "https://github.com/phoreproject/phore.git" - "dir": "phore" -files: -- "raspberrypi-tools.tar.gz" -script: | - WRAP_DIR=$HOME/wrapped - HOSTS="arm-linux-gnueabihf" - CONFIGFLAGS="--enable-upnp-default --enable-glibc-back-compat" - FAKETIME_HOST_PROGS="" - FAKETIME_PROGS="date ar ranlib nm strip" - - tar --warning=no-timestamp -xzf raspberrypi-tools.tar.gz - export TOOLCHAIN_BIN=$(pwd)/raspberrypi-tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin - export PATH=$PATH:$TOOLCHAIN_BIN - - export QT_RCC_TEST=1 - export GZIP="-9n" - export TAR_OPTIONS="--mtime="$REFERENCE_DATE\\\ $REFERENCE_TIME"" - export TZ="UTC" - export BUILD_DIR=`pwd` - mkdir -p ${WRAP_DIR} - if test -n "$GBUILD_CACHE_ENABLED"; then - export SOURCES_PATH=${GBUILD_COMMON_CACHE} - export BASE_CACHE=${GBUILD_PACKAGE_CACHE} - mkdir -p ${BASE_CACHE} ${SOURCES_PATH} - fi - - # Create global faketime wrappers - for prog in ${FAKETIME_PROGS}; do - echo '#!/bin/bash' > ${WRAP_DIR}/${prog} - echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog} - echo 'export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${prog} - echo "export FAKETIME=\"${REFERENCE_DATETIME}\"" >> ${WRAP_DIR}/${prog} - echo "\$REAL \$@" >> $WRAP_DIR/${prog} - chmod +x ${WRAP_DIR}/${prog} - done - - # Create per-host faketime wrappers - for i in $HOSTS; do - for prog in ${FAKETIME_HOST_PROGS}; do - echo '#!/bin/bash' > ${WRAP_DIR}/${i}-${prog} - echo "REAL=\`which -a ${i}-${prog} | grep -v ${WRAP_DIR}/${i}-${prog} | head -1\`" >> ${WRAP_DIR}/${i}-${prog} - echo 'export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${i}-${prog} - echo "export FAKETIME=\"${REFERENCE_DATETIME}\"" >> ${WRAP_DIR}/${i}-${prog} - echo "\$REAL \$@" >> $WRAP_DIR/${i}-${prog} - chmod +x ${WRAP_DIR}/${i}-${prog} - done - done - export PATH=${WRAP_DIR}:${PATH} - - cd phore - BASEPREFIX=`pwd`/depends - # Build dependencies for each host - for i in $HOSTS; do - make ${MAKEOPTS} NO_QT=1 -C ${BASEPREFIX} HOST="${i}" - done - - # Create the release tarball using (arbitrarily) the first host - ./autogen.sh - ./configure --prefix=${BASEPREFIX}/`echo "${HOSTS}" | awk '{print $1;}'` - make NO_QT=1 dist - SOURCEDIST=`echo phore-*.tar.gz` - DISTNAME=`echo ${SOURCEDIST} | sed 's/.tar.*//'` - # Correct tar file order - mkdir -p temp - pushd temp - tar xf ../$SOURCEDIST - find phore-* | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ../$SOURCEDIST - popd - - ORIGPATH="$PATH" - # Extract the release tarball into a dir for each host and build - for i in ${HOSTS}; do - export PATH=${BASEPREFIX}/${i}/native/bin:${ORIGPATH} - mkdir -p distsrc-${i} - cd distsrc-${i} - INSTALLPATH=`pwd`/installed/${DISTNAME} - mkdir -p ${INSTALLPATH} - tar --strip-components=1 -xf ../$SOURCEDIST - - ./configure --prefix=${BASEPREFIX}/${i} --bindir=${INSTALLPATH}/bin --includedir=${INSTALLPATH}/include --libdir=${INSTALLPATH}/lib --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} - make ${MAKEOPTS} - make install-strip - cd installed - find . -name "lib*.la" -delete - find . -name "lib*.a" -delete - rm -rf ${DISTNAME}/lib/pkgconfig - find ${DISTNAME} | sort | tar --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}.tar.gz - cd ../../ - done - mkdir -p $OUTDIR/src - mv $SOURCEDIST $OUTDIR/src - mv ${OUTDIR}/${DISTNAME}-arm-*.tar.gz ${OUTDIR}/${DISTNAME}-RPi2.tar.gz diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index 6ac0c06303be..f44cd9939a69 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -143,16 +143,17 @@ script: | CONFIG_SITE=${BASEPREFIX}/${i}/share/config.site ./configure --prefix=/ --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS} CFLAGS="${HOST_CFLAGS}" CXXFLAGS="${HOST_CXXFLAGS}" make ${MAKEOPTS} + make ${MAKEOPTS} -C src check-security make deploy make install DESTDIR=${INSTALLPATH} cp -f phore-*setup*.exe $OUTDIR/ cd installed - # mv ${DISTNAME}/bin/*.dll ${DISTNAME}/lib/ # temporarily disabled for Zerocoin - # find . -name "lib*.la" -delete # temporarily disabled for Zerocoin - # find . -name "lib*.a" -delete # temporarily disabled for Zerocoin + mv ${DISTNAME}/bin/*.dll ${DISTNAME}/lib/ + find . -name "lib*.la" -delete + find . -name "lib*.a" -delete rm -rf ${DISTNAME}/lib/pkgconfig find ${DISTNAME}/bin -type f -executable -exec ${i}-objcopy --only-keep-debug {} {}.dbg \; -exec ${i}-strip -s {} \; -exec ${i}-objcopy --add-gnu-debuglink={}.dbg {} \; - # find ${DISTNAME}/lib -type f -exec ${i}-objcopy --only-keep-debug {} {}.dbg \; -exec ${i}-strip -s {} \; -exec ${i}-objcopy --add-gnu-debuglink={}.dbg {} \; + find ${DISTNAME}/lib -type f -exec ${i}-objcopy --only-keep-debug {} {}.dbg \; -exec ${i}-strip -s {} \; -exec ${i}-objcopy --add-gnu-debuglink={}.dbg {} \; find ${DISTNAME} -not -name "*.dbg" -type f | sort | zip -X@ ${OUTDIR}/${DISTNAME}-${i}.zip find ${DISTNAME} -name "*.dbg" -type f | sort | zip -X@ ${OUTDIR}/${DISTNAME}-${i}-debug.zip cd ../../