commit 3acd55740d447b2afb47ab5da5e3eece93337829 Author: Nicolas Vigier boklm@torproject.org Date: Mon May 23 19:58:44 2016 +0200
Bug 18291: Remove some uses of libfaketime
Completely stop using libfaketime for Linux builds. For Windows builds we have to keep using it for the tor, pluggable-transports and bundle steps. For OSX builds, we keep it in the bundle steps for the timestamp added when creating the dmg file with genisoimage. --- gitian/descriptors/linux/gitian-bundle.yml | 16 ++++------- gitian/descriptors/linux/gitian-firefox.yml | 30 ++------------------ .../linux/gitian-pluggable-transports.yml | 4 +-- gitian/descriptors/linux/gitian-tor.yml | 4 +-- gitian/descriptors/linux/gitian-utils.yml | 17 +++++------ gitian/descriptors/mac/gitian-firefox.yml | 29 ++----------------- .../mac/gitian-pluggable-transports.yml | 4 +-- gitian/descriptors/mac/gitian-utils.yml | 33 ++++++++-------------- gitian/descriptors/windows/gitian-firefox.yml | 23 ++------------- gitian/descriptors/windows/gitian-utils.yml | 15 +++++----- .../patches/openssl-Make-build-reproducible.patch | 28 ++++++++++++++++++ 11 files changed, 67 insertions(+), 136 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index 0316148..105cab7 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -28,8 +28,6 @@ remotes: "dir": "meek" - "url": "https://github.com/googlei18n/noto-fonts.git" "dir": "noto-fonts" -- "url": "https://github.com/wolfcw/libfaketime" - "dir": "faketime" files: - "tor-browser-linux32-gbuilt.zip" - "tor-browser-linux64-gbuilt.zip" @@ -61,21 +59,13 @@ files: script: | INSTDIR="$HOME/install" source versions + export REFERENCE_DATETIME export LIBRARY_PATH="$INSTDIR/lib" export TZ=UTC export LC_ALL=C export TORBROWSER_VERSION=`cat bare-version` umask 0022
- # Building libfaketime - cd faketime - make - DESTDIR="$INSTDIR/faketime" make install - export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1" - export FAKETIME=$REFERENCE_DATETIME - export FAKETIME_SKIP_CMDS="rsync" - cd .. - mkdir -p $OUTDIR/ # When we build with MULTI_LINGUAL=1, the browser will be packaged inside a # directory named tor-browser (instead of tor-browser_en-US). Therefore we @@ -202,6 +192,7 @@ script: | cp defaults/preferences/000-tor-browser.js ~/build/ # Set the locale of the bundle. echo "pref("general.useragent.locale", "en-US");" >> defaults/preferences/000-tor-browser.js + touch --date="$REFERENCE_DATETIME" defaults/preferences/000-tor-browser.js zip -Xm omni.ja defaults/preferences/000-tor-browser.js rm -rf defaults popd @@ -237,6 +228,7 @@ script: | # app.update.url). pushd ${PKG_DIR}/Browser/ echo ${PKG_LOCALE} > update.locale + touch --date="$REFERENCE_DATETIME" update.locale zip -Xm omni.ja update.locale popd fi @@ -267,6 +259,7 @@ script: | cp ~/build/000-tor-browser.js defaults/preferences/ # Set the locale of the bundle. echo "pref("general.useragent.locale", "$LANG");" >> defaults/preferences/000-tor-browser.js + touch --date="$REFERENCE_DATETIME" defaults/preferences/000-tor-browser.js zip -Xm omni.ja defaults/preferences/000-tor-browser.js rm -rf defaults popd @@ -276,6 +269,7 @@ script: | # recreate precomplete file (needs to be accurate for full MAR updates). pushd tor-browser_$LANG/Browser/ echo "$LANG" > update.locale + touch --date="$REFERENCE_DATETIME" update.locale zip -Xm omni.ja update.locale rm -rf dictionaries rm -f precomplete diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml index 22dcbd4..1316ed8 100644 --- a/gitian/descriptors/linux/gitian-firefox.yml +++ b/gitian/descriptors/linux/gitian-firefox.yml @@ -28,8 +28,6 @@ reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://git.torproject.org/tor-browser.git" "dir": "tor-browser" -- "url": "https://github.com/wolfcw/libfaketime" - "dir": "faketime" files: - "binutils-linux32-utils.zip" - "binutils-linux64-utils.zip" @@ -41,6 +39,7 @@ files: script: | source versions INSTDIR="$HOME/install" + export REFERENCE_DATETIME export CFLAGS="-frandom-seed=tor" export CXXFLAGS="-frandom-seed=tor" export TZ=UTC @@ -87,42 +86,17 @@ script: | mkdir -p $INSTDIR/Debug/Browser/components mkdir -p $INSTDIR/Debug/Browser/browser/components
- # Building libfaketime - cd faketime - make - DESTDIR="$INSTDIR/faketime" make install - export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1" - export FAKETIME=$REFERENCE_DATETIME - cd .. - cd tor-browser # .git and the src takes up a lot of useless space, and we need the space to build rm -rf .git find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" rm -f configure rm -f js/src/configure - # |configure| can't cope with nano seconds faked. And even if we would revert - # that feature it would hang sometimes for unknown but to libfaketime related - # reasons. - export LD_PRELOAD="" + export MOZ_BUILD_DATE=$(date -d "$REFERENCE_DATETIME" +%Y%m%d%H%M%S) make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts" - # We need libfaketime for all the timestamps e.g. written into the libraries. - # BUT we need to exclude |make build| from it. Otherwise the build fails close - # to the end, see #12461 comment 8 and later. Additionally, we need to avoid - # breaking the ICU compilation. Exlcuding |bash| helps here. See #12461 - # comment 13. Finally, we need to exclude |python2.7| as not doing so would - # stall the build right at the beginning. See #13877. - export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1" - export FAKETIME_SKIP_CMDS="python2.7,bash,make" find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" make $MAKEOPTS -f client.mk build - # Packaging is broken with libfaketime enabled, thus we disable it again. See - # #12461 comments 11 and 12 for details. - export LD_PRELOAD="" make -C obj-* package INNER_MAKE_PACKAGE=true - # Without libfaketime enabled we would get different omni.ja and *debug.zip - # files. - export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1" cp -a obj-*/dist/firefox/* $INSTDIR/Browser/ # Remove firefox-bin (we don't use it, see ticket #10126) rm -f $INSTDIR/Browser/firefox-bin diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml index a1cdc48..38804dd 100644 --- a/gitian/descriptors/linux/gitian-pluggable-transports.yml +++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml @@ -7,7 +7,6 @@ architectures: - "i386" - "amd64" packages: -- "faketime" - "unzip" - "python-setuptools" - "python-dev" @@ -57,7 +56,7 @@ script: | INSTDIR="$HOME/install" PTDIR="$INSTDIR/Tor/PluggableTransports" mkdir -p $PTDIR - export FAKETIME=$REFERENCE_DATETIME + export REFERENCE_DATETIME export TZ=UTC export LC_ALL=C export PYTHON=python2 @@ -262,7 +261,6 @@ script: | cd ../..
# Grabbing the results and making sure timestamps don't spoil them - export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 cd $INSTDIR ~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/ cp pluggable-transports-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/ diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml index bc1dc67..bfb683a 100644 --- a/gitian/descriptors/linux/gitian-tor.yml +++ b/gitian/descriptors/linux/gitian-tor.yml @@ -7,7 +7,6 @@ architectures: - "i386" - "amd64" packages: -- "faketime" - "unzip" - "automake" - "libtool" @@ -30,7 +29,7 @@ files: script: | INSTDIR="$HOME/install" source versions - export FAKETIME=$REFERENCE_DATETIME + export REFERENCE_DATETIME export TZ=UTC export LC_ALL=C umask 0022 @@ -94,7 +93,6 @@ script: | done
# Grabbing the results and making sure timestamps don't spoil them - export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 ~/build/dzip.sh tor-linux$GBUILD_BITS-gbuilt.zip Data/ Tor/ ~/build/dzip.sh tor-linux$GBUILD_BITS-debug.zip Debug/ cp tor-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/ diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml index e8801cc..0adcf5d 100644 --- a/gitian/descriptors/linux/gitian-utils.yml +++ b/gitian/descriptors/linux/gitian-utils.yml @@ -7,7 +7,6 @@ architectures: - "i386" - "amd64" packages: -- "faketime" - "automake" - "libtool" - "zip" @@ -33,6 +32,7 @@ files: - "binutils.tar.bz2" - "gcc.tar.bz2" - "openssl.tar.gz" +- "openssl-Make-build-reproducible.patch" - "gmp.tar.bz2" - "versions" - "dzip.sh" @@ -41,7 +41,7 @@ script: | source versions export TZ=UTC export LC_ALL=C - export FAKETIME=$REFERENCE_DATETIME + export REFERENCE_DATETIME umask 0022
# Config options for hardening-wrapper @@ -76,10 +76,6 @@ script: | # anymore. It seems it got audited for those problems already: # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48817. export DEB_BUILD_HARDENING_FORMAT=0 - # libfaketime gets into our way when building GCC 4.9.x. See: - # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61314 for details. Thus, we - # avoid it for the toolchain and cross our fingers. - # TODO: Test a newer libfaketime than 0.8. # Building GCC tar xjf gcc.tar.bz2 cd gcc-* @@ -99,9 +95,9 @@ script: | cd ..
# Building OpenSSL - export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 tar xzf openssl.tar.gz cd openssl-* + patch -p1 < ../openssl-Make-build-reproducible.patch find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" if [ $GBUILD_BITS == "64" ]; then @@ -115,8 +111,6 @@ script: | make install cd ..
- export LD_PRELOAD="" - # Building GMP tar xjf gmp.tar.bz2 cd gmp-* @@ -131,7 +125,10 @@ script: | cd ..
# Grabbing the remaining results and making sure timestamps don't spoil them - export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 + # Since we stopped using libfaketime, the binutils, gcc, openssl, + # libevent archives are no longer reproducible. The main reason + # is that they include some .a archives which include timestamps. + # Those files are however not part of the files we ship. cd $INSTDIR ~/build/dzip.sh binutils-$BINUTILS_VER-linux$GBUILD_BITS-utils.zip binutils ~/build/dzip.sh gcc-$GCC_VER-linux$GBUILD_BITS-utils.zip gcc diff --git a/gitian/descriptors/mac/gitian-firefox.yml b/gitian/descriptors/mac/gitian-firefox.yml index 17c4c8b..fdec679 100644 --- a/gitian/descriptors/mac/gitian-firefox.yml +++ b/gitian/descriptors/mac/gitian-firefox.yml @@ -15,8 +15,6 @@ reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://git.torproject.org/tor-browser.git" "dir": "tor-browser" -- "url": "https://github.com/wolfcw/libfaketime" - "dir": "faketime" files: - "clang-linux64-wheezy-utils.zip" - "cctools.tar.gz" @@ -24,11 +22,11 @@ files: - "re-dzip.sh" - "dzip.sh" - "fix-info-plist.py" -- "libfaketime.patch" - "versions" script: | INSTDIR="$HOME/install/" source versions + export REFERENCE_DATETIME export TZ=UTC export LC_ALL=C umask 0022 @@ -36,18 +34,6 @@ script: | mkdir -p $INSTDIR/TorBrowser.app/Contents/MacOS/ mkdir -p $OUTDIR/
- # Building libfaketime. - cd faketime - export GIT_COMMITTER_NAME="nobody" - export GIT_COMMITTER_EMAIL="nobody@localhost" - export GIT_COMMITTER_DATE="$REFERENCE_DATETIME" - git am ~/build/libfaketime.patch - make - DESTDIR="$INSTDIR/faketime" make install - export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1" - export FAKETIME=$REFERENCE_DATETIME - cd .. - cd tor-browser # Extracting all the necessary tools tar xaf ../MacOSX10.7.sdk.tar.gz @@ -62,20 +48,9 @@ script: | find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" rm -f configure rm -f js/src/configure - # |configure| can't cope with nano seconds faked. And even if we would revert - # that feature it would hang sometimes for unknown but to libfaketime related - # reasons. - export LD_PRELOAD="" + export MOZ_BUILD_DATE=$(date -d "$REFERENCE_DATETIME" +%Y%m%d%H%M%S) make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts" find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" - # We need libfaketime for all the timestamps e.g. written into the libraries. - # BUT we need to exclude |make build| from it. Otherwise the build fails close - # to the end, see #12812 comment 6 and #12461 comment 8 and later. - # Additionally, we need to exclude |rsync| due to #10153 which is reproducible - # reliably with the new libfaketime and |python2.7| as well as the build would - # stall otherwise right at the beginning. See #13877 for details. - export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1" - export FAKETIME_SKIP_CMDS="python2.7,rsync,make" make $MAKEOPTS -f client.mk build # make -C obj-macos package INNER_MAKE_PACKAGE=true diff --git a/gitian/descriptors/mac/gitian-pluggable-transports.yml b/gitian/descriptors/mac/gitian-pluggable-transports.yml index 33b134e..cb7ac5c 100644 --- a/gitian/descriptors/mac/gitian-pluggable-transports.yml +++ b/gitian/descriptors/mac/gitian-pluggable-transports.yml @@ -6,7 +6,6 @@ suites: architectures: - "i386" packages: -- "faketime" - "unzip" - "python-setuptools" - "python-dev" @@ -69,8 +68,7 @@ script: | INCLUDE_FTE=1 fi export LIBRARY_PATH="$INSTDIR/lib" - export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 - export FAKETIME=$REFERENCE_DATETIME + export REFERENCE_DATETIME export TZ=UTC export LC_ALL=C umask 0022 diff --git a/gitian/descriptors/mac/gitian-utils.yml b/gitian/descriptors/mac/gitian-utils.yml index cef1533..33db2e8 100644 --- a/gitian/descriptors/mac/gitian-utils.yml +++ b/gitian/descriptors/mac/gitian-utils.yml @@ -7,7 +7,6 @@ architectures: - "i386" - "amd64" packages: -- "faketime" - "automake" - "libtool" - "zip" @@ -15,8 +14,6 @@ reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://github.com/libevent/libevent.git" "dir": "libevent" -- "url": "https://github.com/wolfcw/libfaketime" - "dir": "faketime" - "url": "https://github.com/llvm-mirror/llvm" "dir": "llvm" - "url": "https://github.com/llvm-mirror/clang" @@ -27,13 +24,14 @@ files: - "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb" - "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz" - "openssl.tar.gz" +- "openssl-Make-build-reproducible.patch" - "gmp.tar.bz2" - "versions" - "dzip.sh" -- "libfaketime.patch" script: | INSTDIR="$HOME/install" source versions + export REFERENCE_DATETIME export TZ=UTC export LC_ALL=C umask 0022 @@ -56,21 +54,13 @@ script: | make $MAKEOPTS make install cd $INSTDIR + # Since we stopped using libfaketime, the clang archive is no longer + # reproducible. The reason is that it includes some .a archives and + # other files which include timestamps. + # Those files are however not part of the files we ship. ~/build/dzip.sh clang-$CLANG_VER-linux64-wheezy-utils.zip clang cp *utils.zip $OUTDIR/ else - # Building libfaketime. - cd faketime - export GIT_COMMITTER_NAME="nobody" - export GIT_COMMITTER_EMAIL="nobody@localhost" - export GIT_COMMITTER_DATE="$REFERENCE_DATETIME" - git am ~/build/libfaketime.patch - make - DESTDIR="$INSTDIR/faketime" make install - export FAKETIME_SKIP_CMDS="make" - export FAKETIME=$REFERENCE_DATETIME - cd .. - # dpkg requires sbin directories in the PATH export PATH="/usr/sbin:/sbin:$PATH" sudo dpkg -i *.deb @@ -91,7 +81,6 @@ script: | ./autogen.sh find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" ./configure --disable-static --host=i686-apple-darwin11 --prefix=$INSTDIR/libevent - export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1" make $MAKEOPTS make install cd .. @@ -99,6 +88,7 @@ script: | # Building OpenSSL tar xzf openssl.tar.gz cd openssl-* + patch -p1 < ../openssl-Make-build-reproducible.patch find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" # TODO: Add enable-ec_nistp_64_gcc_128 for 64bit OS X. ./Configure --cross-compile-prefix=i686-apple-darwin11- $CFLAGS darwin64-x86_64-cc --prefix=$INSTDIR/openssl enable-ec_nistp_64_gcc_128 @@ -111,20 +101,19 @@ script: | # Building GMP tar xjf gmp.tar.bz2 cd gmp-* - # |configure| can't cope with nano seconds faked. And even if we would revert - # that feature it would hang sometimes for unknown but to libfaketime related - # reasons. - export LD_PRELOAD="" find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" # Even if we are not shipping libgmpxx anymore we still need --enable-xcc # during compile time. ./configure --host=x86_64-apple-darwin11 --prefix=$INSTDIR/gmp --disable-static --enable-shared --enable-cxx - export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1" make make install cd ..
# Grabbing the results + # Since we stopped using libfaketime, the openssl archive is no + # longer reproducible. The main reason is that it includes some .a + # archives which include timestamps. + # Those files are however not part of the files we ship. cd $INSTDIR ~/build/dzip.sh openssl-$OPENSSL_VER-mac64-utils.zip openssl ~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-mac64-utils.zip libevent diff --git a/gitian/descriptors/windows/gitian-firefox.yml b/gitian/descriptors/windows/gitian-firefox.yml index 2686c5f..3261199 100644 --- a/gitian/descriptors/windows/gitian-firefox.yml +++ b/gitian/descriptors/windows/gitian-firefox.yml @@ -12,8 +12,6 @@ reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://git.torproject.org/tor-browser.git" "dir": "tor-browser" -- "url": "https://github.com/wolfcw/libfaketime" - "dir": "faketime" files: - "gcc-linux32-precise-utils.zip" - "mingw-w64-win32-utils.zip" @@ -28,6 +26,7 @@ files: script: | INSTDIR="$HOME/install" source versions + export REFERENCE_DATETIME export TZ=UTC export LC_ALL=C umask 0022 @@ -44,14 +43,6 @@ script: | export LD_LIBRARY_PATH=$INSTDIR/gcc/lib export PATH=$INSTDIR/mingw-w64/bin:$INSTDIR/gcc/bin:$PATH
- # Building libfaketime - cd faketime - make - DESTDIR="$INSTDIR/faketime" make install - export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1" - export FAKETIME=$REFERENCE_DATETIME - cd .. - # We don't want to link against msvcrt.dll due to bug 9084. i686-w64-mingw32-g++ -dumpspecs > msvcr100.spec sed 's/msvcrt/msvcr100/' -i msvcr100.spec @@ -82,10 +73,7 @@ script: | find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" rm -f configure rm -f js/src/configure - # |configure| can't cope with nano seconds faked. And even if we would revert - # that feature it would hang sometimes for unknown but to libfaketime related - # reasons. - export LD_PRELOAD="" + export MOZ_BUILD_DATE=$(date -d "$REFERENCE_DATETIME" +%Y%m%d%H%M%S) make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts" find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" # @@ -93,13 +81,6 @@ script: | cp ~/build/i686* ~/build/bin/ export PATH=~/build/bin:$PATH # - # We need libfaketime for all the timestamps e.g. written into the libraries. - # BUT we need to exclude |make build| from it. Otherwise the build fails close - # to the end, see #12811 comment 14 and #12461 comment 8 and later. - # Additionally, we need to exclude |python2.7| as well as the build would - # stall otherwise right at the beginning. See #13877 for details. - export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1" - export FAKETIME_SKIP_CMDS="python2.7,make" make $MAKEOPTS -f client.mk build # make -C obj-* package INNER_MAKE_PACKAGE=true diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml index 2767bad..0876bff 100644 --- a/gitian/descriptors/windows/gitian-utils.yml +++ b/gitian/descriptors/windows/gitian-utils.yml @@ -5,7 +5,6 @@ suites: architectures: - "i386" packages: -- "faketime" - "automake" - "libtool" - "zip" @@ -28,6 +27,7 @@ files: - "binutils.tar.bz2" - "gcc.tar.bz2" - "openssl.tar.gz" +- "openssl-Make-build-reproducible.patch" - "gmp.tar.bz2" - "enable-reloc-section-ld.patch" - "peXXigen.patch" @@ -39,6 +39,7 @@ files: script: | INSTDIR="$HOME/install" source versions + export REFERENCE_DATETIME export TZ=UTC export LC_ALL=C umask 0022 @@ -115,13 +116,6 @@ script: | cp i686-w64-mingw32/libgcc/shlib/libgcc_s_sjlj-1.dll $INSTDIR/gcclibs cd ..
- # XXX: Build the libraries we include into the bundles deterministically. As - # libfaketime breaks the mingw-w64 build (probably due to bug 11459) we omit - # the compiler and linker from it. It seems we get away with this strategy - # and the libgcc* and libss* which we ship, too, are still built in a - # reproducible fashion. - export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1 - export FAKETIME=$REFERENCE_DATETIME # Building zlib export CFLAGS="-mwindows -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security" export LDFLAGS="-mwindows -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs/" @@ -143,6 +137,7 @@ script: | # Building OpenSSL tar xzf openssl.tar.gz cd openssl-* + patch -p1 < ../openssl-Make-build-reproducible.patch find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" # TODO: Add enable-ec_nistp_64_gcc_128 for 64bit Windows. ./Configure -shared --cross-compile-prefix=i686-w64-mingw32- mingw "-fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs/" --prefix=$INSTDIR/openssl @@ -185,6 +180,10 @@ script: | cd ..
# Grabbing the remaining results + # Since we stopped using libfaketime, the gcc, gmp, zlib, openssl, + # libevent, mingw-w64 archives are no longer reproducible. The main + # reason is that they include some .a archives which include timestamps. + # Those files are however not part of the files we ship. cd $INSTDIR # We might want to bump binutils independent of bumping mingw-w64. touch binutils-$BINUTILS_VER-win32-utils.zip diff --git a/gitian/patches/openssl-Make-build-reproducible.patch b/gitian/patches/openssl-Make-build-reproducible.patch new file mode 100644 index 0000000..d86f5ba --- /dev/null +++ b/gitian/patches/openssl-Make-build-reproducible.patch @@ -0,0 +1,28 @@ +From b88c021b5a7c539f821b7b7c47c72138cc3c3271 Mon Sep 17 00:00:00 2001 +From: Kurt Roeckx kurt@roeckx.be +Date: Fri, 2 Jan 2015 12:27:57 +0100 +Subject: [PATCH] Make build reproducible + +It contained a date on when it was build. + +Reviewed-by: Rich Salz rsalz@openssl.org +--- + crypto/cversion.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/crypto/cversion.c b/crypto/cversion.c +index 9e6f50d78182..c417d1d1121f 100644 +--- a/crypto/cversion.c ++++ b/crypto/cversion.c +@@ -68,7 +68,11 @@ const char *SSLeay_version(int t) + return OPENSSL_VERSION_TEXT; + if (t == SSLEAY_BUILT_ON) { + #ifdef DATE ++# ifdef OPENSSL_USE_BUILD_DATE + return (DATE); ++# else ++ return("built on: reproducible build, date unspecified"); ++# endif + #else + return ("built on: date not available"); + #endif
tbb-commits@lists.torproject.org