[tor-commits] [tor-browser-bundle/master] Bug 17034: Use our built binutils and GCC for building tor
gk at torproject.org
gk at torproject.org
Wed Feb 22 09:22:57 UTC 2017
commit d6fa3b07207f33bda05d9f9f8e147a2b5d764a12
Author: Georg Koppen <gk at torproject.org>
Date: Tue Feb 21 11:24:38 2017 +0000
Bug 17034: Use our built binutils and GCC for building tor
---
gitian/descriptors/linux/gitian-tor.yml | 43 +++++++++++++++++++++++++++------
1 file changed, 36 insertions(+), 7 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index bfb683a..c00b4e7 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -24,6 +24,8 @@ files:
- "openssl-linux64-utils.zip"
- "libevent-linux32-utils.zip"
- "libevent-linux64-utils.zip"
+- "binutils-linux32-utils.zip"
+- "binutils-linux64-utils.zip"
- "gcc-linux32-utils.zip"
- "gcc-linux64-utils.zip"
script: |
@@ -34,6 +36,10 @@ script: |
export LC_ALL=C
umask 0022
+ mkdir -p $INSTDIR/Data/Tor/
+ mkdir -p $INSTDIR/Tor/
+ mkdir -p $INSTDIR/Debug/Tor/
+
# Config options for hardening-wrapper
export DEB_BUILD_HARDENING=1
export DEB_BUILD_HARDENING_STACKPROTECTOR=1
@@ -41,12 +47,37 @@ script: |
export DEB_BUILD_HARDENING_FORMAT=1
export DEB_BUILD_HARDENING_PIE=1
- mkdir -p $INSTDIR/Data/Tor/
- mkdir -p $INSTDIR/Tor/
- mkdir -p $INSTDIR/Debug/Tor/
+ # Preparing Binutils and GCC for tor
+ unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
+ # Make sure gold is used with the hardening wrapper for full RELRO, see
+ # #13031.
+ cd $INSTDIR/binutils/bin
+ rm ld
+ cp /usr/bin/hardened-ld ./
+ mv ld.gold ld.gold.real
+ ln -sf hardened-ld ld.gold
+ ln -sf ld.gold ld
+ cd ~/build
+ unzip -d $INSTDIR gcc-linux$GBUILD_BITS-utils.zip
+ # Make sure we use the hardening wrapper when compiling tor.
+ cd $INSTDIR/gcc/bin
+ cp /usr/bin/hardened-cc ./
+ mv gcc gcc.real
+ mv c++ c++.real
+ ln -sf hardened-cc gcc
+ ln -sf hardened-cc c++
+ cd ~/build
+ export PATH=$INSTDIR/gcc/bin:$INSTDIR/binutils/bin:$PATH
+ ARCH=""
+ if [ $GBUILD_BITS == "64" ];
+ then
+ ARCH="64"
+ fi
+ # Make sure our GCC gets properly used.
+ export LD_LIBRARY_PATH=$INSTDIR/gcc/lib$ARCH
+
unzip -d $INSTDIR openssl-linux$GBUILD_BITS-utils.zip
unzip -d $INSTDIR libevent-linux$GBUILD_BITS-utils.zip
- unzip -d $INSTDIR gcc-linux$GBUILD_BITS-utils.zip
cp $INSTDIR/openssl/lib/libssl.so.1.0.0 $INSTDIR/Tor/
cp $INSTDIR/openssl/lib/libcrypto.so.1.0.0 $INSTDIR/Tor/
cp $INSTDIR/libevent/lib/libevent-2.0.so.5 $INSTDIR/Tor/
@@ -65,13 +96,11 @@ script: |
chmod 700 $INSTDIR/Tor/*so*
# This is needed to make RPATH unavailable. See bug 9150.
- export LD_LIBRARY_PATH="$INSTDIR/Tor/"
+ export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTDIR/Tor/"
# Building tor
cd tor
git update-index --refresh -q
- mkdir -p $OUTDIR/src
- #git archive HEAD | tar -x -C $OUTDIR/src
./autogen.sh
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
./configure --disable-asciidoc --with-libevent-dir=$INSTDIR/libevent --with-openssl-dir=$INSTDIR/openssl --prefix=$INSTDIR
More information about the tor-commits
mailing list