[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor-browser-bundle/hardened-builds] Bug 18291: Remove some uses of libfaketime
commit 917084783c20e216ef7bfd397152e05b6b2a8ef2
Author: Nicolas Vigier <boklm@xxxxxxxxxxxxxx>
Date: Mon May 23 19:58:44 2016 +0200
Bug 18291: Remove some uses of libfaketime
Completely stop using libfaketime for Linux builds. For Windows builds
we have to keep using it for the tor, pluggable-transports and bundle
steps. For OSX builds, we keep it in the bundle steps for the timestamp
added when creating the dmg file with genisoimage.
Note: the OS X descriptors are broken (which is okay as we only need
the Linux ones)
---
gitian/descriptors/linux/gitian-bundle.yml | 16 ++++-------
gitian/descriptors/linux/gitian-firefox.yml | 32 +++-------------------
.../linux/gitian-pluggable-transports.yml | 4 +--
gitian/descriptors/linux/gitian-tor.yml | 4 +--
gitian/descriptors/linux/gitian-utils.yml | 17 +++++-------
gitian/descriptors/mac/gitian-firefox.yml | 17 ++----------
.../mac/gitian-pluggable-transports.yml | 4 +--
gitian/descriptors/mac/gitian-utils.yml | 32 +++++++++++++++-------
gitian/descriptors/windows/gitian-firefox.yml | 23 ++--------------
gitian/descriptors/windows/gitian-utils.yml | 15 +++++-----
.../patches/openssl-Make-build-reproducible.patch | 28 +++++++++++++++++++
11 files changed, 80 insertions(+), 112 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index e25d40e..541904d 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -27,8 +27,6 @@ remotes:
"dir": "meek"
- "url": "https://github.com/googlei18n/noto-fonts.git";
"dir": "noto-fonts"
-- "url": "https://github.com/wolfcw/libfaketime";
- "dir": "faketime"
files:
# TODO: Can we use an env for this file+version??
- "tor-browser-linux64-gbuilt.zip"
@@ -57,21 +55,13 @@ files:
script: |
INSTDIR="$HOME/install"
source versions
+ export REFERENCE_DATETIME
export LIBRARY_PATH="$INSTDIR/lib"
export TZ=UTC
export LC_ALL=C
export TORBROWSER_VERSION=`cat bare-version`
umask 0022
- # Building libfaketime
- cd faketime
- make
- DESTDIR="$INSTDIR/faketime" make install
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME=$REFERENCE_DATETIME
- export FAKETIME_SKIP_CMDS="rsync"
- cd ..
-
mkdir -p $OUTDIR/
# When we build with MULTI_LINGUAL=1, the browser will be packaged inside a
# directory named tor-browser (instead of tor-browser_en-US). Therefore we
@@ -192,6 +182,7 @@ script: |
cp defaults/preferences/000-tor-browser.js ~/build/
# Set the locale of the bundle.
echo "pref(\"general.useragent.locale\", \"en-US\");" >> defaults/preferences/000-tor-browser.js
+ touch --date="$REFERENCE_DATETIME" defaults/preferences/000-tor-browser.js
zip -Xm omni.ja defaults/preferences/000-tor-browser.js
rm -rf defaults
popd
@@ -227,6 +218,7 @@ script: |
# app.update.url).
pushd ${PKG_DIR}/Browser/
echo ${PKG_LOCALE} > update.locale
+ touch --date="$REFERENCE_DATETIME" update.locale
zip -Xm omni.ja update.locale
popd
fi
@@ -259,6 +251,7 @@ script: |
cp ~/build/000-tor-browser.js defaults/preferences/
# Set the locale of the bundle.
echo "pref(\"general.useragent.locale\", \"$LANG\");" >> defaults/preferences/000-tor-browser.js
+ touch --date="$REFERENCE_DATETIME" defaults/preferences/000-tor-browser.js
zip -Xm omni.ja defaults/preferences/000-tor-browser.js
rm -rf defaults
popd
@@ -268,6 +261,7 @@ script: |
# recreate precomplete file (needs to be accurate for full MAR updates).
pushd tor-browser_$LANG/Browser/
echo "$LANG" > update.locale
+ touch --date="$REFERENCE_DATETIME" update.locale
zip -Xm omni.ja update.locale
rm -rf dictionaries
rm -f precomplete
diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml
index 22686b7..f32ee40 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -27,8 +27,6 @@ reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://git.torproject.org/tor-browser.git";
"dir": "tor-browser"
-- "url": "https://github.com/wolfcw/libfaketime";
- "dir": "faketime"
- "url": "https://github.com/immunant/selfrando.git";
"dir": "selfrando"
files:
@@ -41,6 +39,9 @@ files:
script: |
source versions
INSTDIR="$HOME/install"
+ export REFERENCE_DATETIME
+ export CFLAGS="-frandom-seed=tor"
+ export CXXFLAGS="-frandom-seed=tor"
export TZ=UTC
export LC_ALL=C
umask 0022
@@ -81,14 +82,6 @@ script: |
mkdir -p $INSTDIR/Debug/Browser/components
mkdir -p $INSTDIR/Debug/Browser/browser/components
- # Building libfaketime
- cd faketime
- make
- DESTDIR="$INSTDIR/faketime" make install
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME=$REFERENCE_DATETIME
- cd ..
-
cd tor-browser
mv .mozconfig-asan .mozconfig
# .git and the src takes up a lot of useless space, and we need the space to build
@@ -96,33 +89,16 @@ script: |
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
rm -f configure
rm -f js/src/configure
- # |configure| can't cope with nano seconds faked. And even if we would revert
- # that feature it would hang sometimes for unknown but to libfaketime related
- # reasons.
- export LD_PRELOAD=""
# Self-Rando wrapper
export PATH="$HOME/build/selfrando/Tools/TorBrowser/tc-wrapper/:$PATH"
export SELFRANDO_skip_shuffle=
+ export MOZ_BUILD_DATE=$(date -d "$REFERENCE_DATETIME" +%Y%m%d%H%M%S)
make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts"
- # We need libfaketime for all the timestamps e.g. written into the libraries.
- # BUT we need to exclude |make build| from it. Otherwise the build fails close
- # to the end, see #12461 comment 8 and later. Additionally, we need to avoid
- # breaking the ICU compilation. Exlcuding |bash| helps here. See #12461
- # comment 13. Finally, we need to exclude |python2.7| as not doing so would
- # stall the build right at the beginning. See #13877.
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME_SKIP_CMDS="python2.7,bash,make"
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
# Without disabling LSan our build is blowing up:
# https://bugs.torproject.org/10599#comment:52
ASAN_OPTIONS="detect_leaks=0" make $MAKEOPTS -f client.mk build
- # Packaging is broken with libfaketime enabled, thus we disable it again. See
- # #12461 comments 11 and 12 for details.
- export LD_PRELOAD=""
make -C obj-* package INNER_MAKE_PACKAGE=true
- # Without libfaketime enabled we would get different omni.ja and *debug.zip
- # files.
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
cp -a obj-*/dist/firefox/* $INSTDIR/Browser/
# Remove firefox-bin (we don't use it, see ticket #10126)
rm -f $INSTDIR/Browser/firefox-bin
diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml
index a3c994d..2793a76 100644
--- a/gitian/descriptors/linux/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml
@@ -6,7 +6,6 @@ suites:
architectures:
- "amd64"
packages:
-- "faketime"
- "unzip"
- "python-setuptools"
- "python-dev"
@@ -56,7 +55,7 @@ script: |
INSTDIR="$HOME/install"
PTDIR="$INSTDIR/Tor/PluggableTransports"
mkdir -p $PTDIR
- export FAKETIME=$REFERENCE_DATETIME
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
export PYTHON=python2
@@ -261,7 +260,6 @@ script: |
cd ../..
# Grabbing the results and making sure timestamps don't spoil them
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
cd $INSTDIR
~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/
cp pluggable-transports-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/
diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index f8f83e9..fa0aead 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -6,7 +6,6 @@ suites:
architectures:
- "amd64"
packages:
-- "faketime"
- "unzip"
- "automake"
- "libtool"
@@ -28,7 +27,7 @@ files:
script: |
INSTDIR="$HOME/install"
source versions
- export FAKETIME=$REFERENCE_DATETIME
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
@@ -91,7 +90,6 @@ script: |
done
# Grabbing the results and making sure timestamps don't spoil them
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
~/build/dzip.sh tor-linux$GBUILD_BITS-gbuilt.zip Data/ Tor/
~/build/dzip.sh tor-linux$GBUILD_BITS-debug.zip Debug/
cp tor-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/
diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml
index 15b26f4..2db8739 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -6,7 +6,6 @@ suites:
architectures:
- "amd64"
packages:
-- "faketime"
- "automake"
- "libtool"
- "zip"
@@ -36,6 +35,7 @@ files:
- "binutils.tar.bz2"
- "gcc.tar.bz2"
- "openssl.tar.gz"
+- "openssl-Make-build-reproducible.patch"
- "gmp.tar.bz2"
- "versions"
- "dzip.sh"
@@ -46,7 +46,7 @@ script: |
source versions
export TZ=UTC
export LC_ALL=C
- export FAKETIME=$REFERENCE_DATETIME
+ export REFERENCE_DATETIME
umask 0022
# Config options for hardening-wrapper
@@ -78,10 +78,6 @@ script: |
# anymore. It seems it got audited for those problems already:
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48817.
export DEB_BUILD_HARDENING_FORMAT=0
- # libfaketime gets into our way when building GCC 4.9.x. See:
- # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61314 for details. Thus, we
- # avoid it for the toolchain and cross our fingers.
- # TODO: Test a newer libfaketime than 0.8.
# Building GCC
tar xjf gcc.tar.bz2
cd gcc-*
@@ -127,9 +123,9 @@ script: |
cd ..
# Building OpenSSL
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
tar xzf openssl.tar.gz
cd openssl-*
+ patch -p1 < ../openssl-Make-build-reproducible.patch
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
./config -shared --prefix=$INSTDIR/openssl enable-ec_nistp_64_gcc_128
# Using $MAKEOPTS breaks the build. Might be the issue mentioned on
@@ -138,8 +134,6 @@ script: |
make install
cd ..
- export LD_PRELOAD=""
-
# Building GMP
tar xjf gmp.tar.bz2
cd gmp-*
@@ -154,7 +148,10 @@ script: |
cd ..
# Grabbing the remaining results and making sure timestamps don't spoil them
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
+ # Since we stopped using libfaketime, the binutils, gcc, openssl,
+ # libevent archives are no longer reproducible. The main reason
+ # is that they include some .a archives which include timestamps.
+ # Those files are however not part of the files we ship.
cd $INSTDIR
~/build/dzip.sh binutils-$BINUTILS_VER-linux$GBUILD_BITS-utils.zip binutils
~/build/dzip.sh gcc-$GCC_VER-linux$GBUILD_BITS-utils.zip gcc
diff --git a/gitian/descriptors/mac/gitian-firefox.yml b/gitian/descriptors/mac/gitian-firefox.yml
index 17c830f..302f2a4 100644
--- a/gitian/descriptors/mac/gitian-firefox.yml
+++ b/gitian/descriptors/mac/gitian-firefox.yml
@@ -13,8 +13,6 @@ reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://git.torproject.org/tor-browser.git";
"dir": "tor-browser"
-- "url": "https://github.com/wolfcw/libfaketime";
- "dir": "faketime"
files:
- "gcc-linux64-precise-utils.zip"
- "MacOSX10.7.sdk.tar.gz"
@@ -22,11 +20,11 @@ files:
- "re-dzip.sh"
- "dzip.sh"
- "fix-info-plist.py"
-- "libfaketime.patch"
- "versions"
script: |
INSTDIR="$HOME/install/"
source versions
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
@@ -67,20 +65,9 @@ script: |
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
rm -f configure
rm -f js/src/configure
- # |configure| can't cope with nano seconds faked. And even if we would revert
- # that feature it would hang sometimes for unknown but to libfaketime related
- # reasons.
- export LD_PRELOAD=""
+ export MOZ_BUILD_DATE=$(date -d "$REFERENCE_DATETIME" +%Y%m%d%H%M%S)
make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts"
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
- # We need libfaketime for all the timestamps e.g. written into the libraries.
- # BUT we need to exclude |make build| from it. Otherwise the build fails close
- # to the end, see #12812 comment 6 and #12461 comment 8 and later.
- # Additionally, we need to exclude |rsync| due to #10153 which is reproducible
- # reliably with the new libfaketime and |python2.7| as well as the build would
- # stall otherwise right at the beginning. See #13877 for details.
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME_SKIP_CMDS="python2.7,rsync,make"
make $MAKEOPTS -f client.mk build
#
make -C obj-macos package INNER_MAKE_PACKAGE=true
diff --git a/gitian/descriptors/mac/gitian-pluggable-transports.yml b/gitian/descriptors/mac/gitian-pluggable-transports.yml
index 5c7ecac..d6a71f2 100644
--- a/gitian/descriptors/mac/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/mac/gitian-pluggable-transports.yml
@@ -5,7 +5,6 @@ suites:
architectures:
- "i386"
packages:
-- "faketime"
- "unzip"
- "python-setuptools"
- "python-dev"
@@ -57,8 +56,7 @@ script: |
TBDIR="$INSTDIR/TorBrowserBundle.app/TorBrowser"
PTDIR="$TBDIR/Tor/PluggableTransports"
export LIBRARY_PATH="$INSTDIR/lib"
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
- export FAKETIME=$REFERENCE_DATETIME
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
diff --git a/gitian/descriptors/mac/gitian-utils.yml b/gitian/descriptors/mac/gitian-utils.yml
index d457fef..10cc0f3 100644
--- a/gitian/descriptors/mac/gitian-utils.yml
+++ b/gitian/descriptors/mac/gitian-utils.yml
@@ -6,7 +6,6 @@ architectures:
- "i386"
- "amd64"
packages:
-- "faketime"
- "automake"
- "libtool"
- "zip"
@@ -16,20 +15,25 @@ reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://github.com/libevent/libevent.git";
"dir": "libevent"
-- "url": "https://github.com/wolfcw/libfaketime";
- "dir": "faketime"
+- "url": "https://github.com/llvm-mirror/llvm";
+ "dir": "llvm"
+- "url": "https://github.com/llvm-mirror/clang";
+ "dir": "clang"
+- "url": "https://cmake.org/cmake.git";
+ "dir": "cmake"
files:
- "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb"
- "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz"
- "gcc.tar.bz2"
- "openssl.tar.gz"
+- "openssl-Make-build-reproducible.patch"
- "gmp.tar.bz2"
- "versions"
- "dzip.sh"
-- "libfaketime.patch"
script: |
INSTDIR="$HOME/install"
source versions
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
@@ -59,6 +63,15 @@ script: |
export FAKETIME=$REFERENCE_DATETIME
cd ..
+ # Since we stopped using libfaketime, the clang archive is no longer
+ # reproducible. The reason is that it includes some .a archives and
+ # other files which include timestamps.
+ # Those files are however not part of the files we ship.
+ ~/build/dzip.sh clang-$CLANG_VER-linux64-wheezy-utils.zip clang
+ cp *utils.zip $OUTDIR/
+ else
+ # dpkg requires sbin directories in the PATH
+ export PATH="/usr/sbin:/sbin:$PATH"
sudo dpkg -i *.deb
tar xaf multiarch-darwin*tar.xz
export PATH="$PATH:$HOME/build/apple-osx/bin/"
@@ -77,7 +90,6 @@ script: |
./autogen.sh
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
./configure --disable-static --host=i686-apple-darwin11 --prefix=$INSTDIR/libevent
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
make $MAKEOPTS
make install
cd ..
@@ -85,6 +97,7 @@ script: |
# Building OpenSSL
tar xzf openssl.tar.gz
cd openssl-*
+ patch -p1 < ../openssl-Make-build-reproducible.patch
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
# TODO: Add enable-ec_nistp_64_gcc_128 for 64bit OS X.
./Configure --cross-compile-prefix=i686-apple-darwin11- $CFLAGS darwin64-x86_64-cc --prefix=$INSTDIR/openssl enable-ec_nistp_64_gcc_128
@@ -97,20 +110,19 @@ script: |
# Building GMP
tar xjf gmp.tar.bz2
cd gmp-*
- # |configure| can't cope with nano seconds faked. And even if we would revert
- # that feature it would hang sometimes for unknown but to libfaketime related
- # reasons.
- export LD_PRELOAD=""
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
# Even if we are not shipping libgmpxx anymore we still need --enable-xcc
# during compile time.
./configure --host=x86_64-apple-darwin11 --prefix=$INSTDIR/gmp --disable-static --enable-shared --enable-cxx
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
make
make install
cd ..
# Grabbing the results
+ # Since we stopped using libfaketime, the openssl archive is no
+ # longer reproducible. The main reason is that it includes some .a
+ # archives which include timestamps.
+ # Those files are however not part of the files we ship.
cd $INSTDIR
~/build/dzip.sh openssl-$OPENSSL_VER-mac64-utils.zip openssl
~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-mac64-utils.zip libevent
diff --git a/gitian/descriptors/windows/gitian-firefox.yml b/gitian/descriptors/windows/gitian-firefox.yml
index 2686c5f..3261199 100644
--- a/gitian/descriptors/windows/gitian-firefox.yml
+++ b/gitian/descriptors/windows/gitian-firefox.yml
@@ -12,8 +12,6 @@ reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://git.torproject.org/tor-browser.git";
"dir": "tor-browser"
-- "url": "https://github.com/wolfcw/libfaketime";
- "dir": "faketime"
files:
- "gcc-linux32-precise-utils.zip"
- "mingw-w64-win32-utils.zip"
@@ -28,6 +26,7 @@ files:
script: |
INSTDIR="$HOME/install"
source versions
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
@@ -44,14 +43,6 @@ script: |
export LD_LIBRARY_PATH=$INSTDIR/gcc/lib
export PATH=$INSTDIR/mingw-w64/bin:$INSTDIR/gcc/bin:$PATH
- # Building libfaketime
- cd faketime
- make
- DESTDIR="$INSTDIR/faketime" make install
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME=$REFERENCE_DATETIME
- cd ..
-
# We don't want to link against msvcrt.dll due to bug 9084.
i686-w64-mingw32-g++ -dumpspecs > msvcr100.spec
sed 's/msvcrt/msvcr100/' -i msvcr100.spec
@@ -82,10 +73,7 @@ script: |
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
rm -f configure
rm -f js/src/configure
- # |configure| can't cope with nano seconds faked. And even if we would revert
- # that feature it would hang sometimes for unknown but to libfaketime related
- # reasons.
- export LD_PRELOAD=""
+ export MOZ_BUILD_DATE=$(date -d "$REFERENCE_DATETIME" +%Y%m%d%H%M%S)
make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts"
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
#
@@ -93,13 +81,6 @@ script: |
cp ~/build/i686* ~/build/bin/
export PATH=~/build/bin:$PATH
#
- # We need libfaketime for all the timestamps e.g. written into the libraries.
- # BUT we need to exclude |make build| from it. Otherwise the build fails close
- # to the end, see #12811 comment 14 and #12461 comment 8 and later.
- # Additionally, we need to exclude |python2.7| as well as the build would
- # stall otherwise right at the beginning. See #13877 for details.
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME_SKIP_CMDS="python2.7,make"
make $MAKEOPTS -f client.mk build
#
make -C obj-* package INNER_MAKE_PACKAGE=true
diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml
index ae938af..9296724 100644
--- a/gitian/descriptors/windows/gitian-utils.yml
+++ b/gitian/descriptors/windows/gitian-utils.yml
@@ -5,7 +5,6 @@ suites:
architectures:
- "i386"
packages:
-- "faketime"
- "automake"
- "libtool"
- "zip"
@@ -25,6 +24,7 @@ files:
- "binutils.tar.bz2"
- "gcc.tar.bz2"
- "openssl.tar.gz"
+- "openssl-Make-build-reproducible.patch"
- "gmp.tar.bz2"
- "enable-reloc-section-ld.patch"
- "peXXigen.patch"
@@ -33,6 +33,7 @@ files:
script: |
INSTDIR="$HOME/install"
source versions
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
@@ -109,13 +110,6 @@ script: |
cp i686-w64-mingw32/libgcc/shlib/libgcc_s_sjlj-1.dll $INSTDIR/gcclibs
cd ..
- # XXX: Build the libraries we include into the bundles deterministically. As
- # libfaketime breaks the mingw-w64 build (probably due to bug 11459) we omit
- # the compiler and linker from it. It seems we get away with this strategy
- # and the libgcc* and libss* which we ship, too, are still built in a
- # reproducible fashion.
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
- export FAKETIME=$REFERENCE_DATETIME
# Building zlib
export CFLAGS="-mwindows -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security"
export LDFLAGS="-mwindows -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs/"
@@ -137,6 +131,7 @@ script: |
# Building OpenSSL
tar xzf openssl.tar.gz
cd openssl-*
+ patch -p1 < ../openssl-Make-build-reproducible.patch
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
# TODO: Add enable-ec_nistp_64_gcc_128 for 64bit Windows.
./Configure -shared --cross-compile-prefix=i686-w64-mingw32- mingw "-fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs/" --prefix=$INSTDIR/openssl
@@ -158,6 +153,10 @@ script: |
cd ..
# Grabbing the remaining results
+ # Since we stopped using libfaketime, the gcc, gmp, zlib, openssl,
+ # libevent, mingw-w64 archives are no longer reproducible. The main
+ # reason is that they include some .a archives which include timestamps.
+ # Those files are however not part of the files we ship.
cd $INSTDIR
# We might want to bump binutils independent of bumping mingw-w64.
touch binutils-$BINUTILS_VER-win32-utils.zip
diff --git a/gitian/patches/openssl-Make-build-reproducible.patch b/gitian/patches/openssl-Make-build-reproducible.patch
new file mode 100644
index 0000000..d86f5ba
--- /dev/null
+++ b/gitian/patches/openssl-Make-build-reproducible.patch
@@ -0,0 +1,28 @@
+From b88c021b5a7c539f821b7b7c47c72138cc3c3271 Mon Sep 17 00:00:00 2001
+From: Kurt Roeckx <kurt@xxxxxxxxx>
+Date: Fri, 2 Jan 2015 12:27:57 +0100
+Subject: [PATCH] Make build reproducible
+
+It contained a date on when it was build.
+
+Reviewed-by: Rich Salz <rsalz@xxxxxxxxxxx>
+---
+ crypto/cversion.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/crypto/cversion.c b/crypto/cversion.c
+index 9e6f50d78182..c417d1d1121f 100644
+--- a/crypto/cversion.c
++++ b/crypto/cversion.c
+@@ -68,7 +68,11 @@ const char *SSLeay_version(int t)
+ return OPENSSL_VERSION_TEXT;
+ if (t == SSLEAY_BUILT_ON) {
+ #ifdef DATE
++# ifdef OPENSSL_USE_BUILD_DATE
+ return (DATE);
++# else
++ return("built on: reproducible build, date unspecified");
++# endif
+ #else
+ return ("built on: date not available");
+ #endif
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits