[tor-commits] [tor-browser-bundle/master] Bug #7277: Switch to using Nick's OpenSSL branch w/ timestamp fix.

mikeperry at torproject.org mikeperry at torproject.org
Thu Nov 7 05:45:10 UTC 2013


commit c9ad5b5d63738d9bfe601ed2c8c91501aa59fb99
Author: Mike Perry <mikeperry-git at torproject.org>
Date:   Wed Nov 6 21:22:12 2013 -0800

    Bug #7277: Switch to using Nick's OpenSSL branch w/ timestamp fix.
    
    TBB's Tor client will now omit its timestamp in the TLS handshake.
---
 gitian/descriptors/linux/gitian-tor.yml   |    6 ++---
 gitian/descriptors/mac/gitian-tor.yml     |    6 ++---
 gitian/descriptors/windows/gitian-tor.yml |    6 ++---
 gitian/fetch-inputs.sh                    |   34 ++++++++++++++---------------
 gitian/mkbundle-linux.sh                  |    3 ++-
 gitian/mkbundle-mac.sh                    |    3 ++-
 gitian/mkbundle-windows.sh                |    3 ++-
 gitian/verify-tags.sh                     |    1 +
 gitian/versions                           |    9 ++++----
 gitian/versions.alpha                     |    9 ++++----
 10 files changed, 43 insertions(+), 37 deletions(-)

diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index dd17184..15437e2 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -23,8 +23,9 @@ remotes:
   "dir": "libevent"
 - "url": "https://github.com/madler/zlib.git"
   "dir": "zlib"
+- "url": "https://github.com/nmathewson/openssl.git"
+  "dir": "openssl"
 files:
-- "openssl.tar.gz"
 - "dzip.sh"
 script: |
   INSTDIR="$HOME/install"
@@ -63,8 +64,7 @@ script: |
   cp $INSTDIR/libevent/lib/libevent-2.0.so.5 $INSTDIR/Tor/
   cd ..
   #
-  tar xzf openssl.tar.gz
-  cd openssl-*
+  cd openssl
   find -type f | xargs touch --date="$REFERENCE_DATETIME"
   #./Configure -shared --prefix=$INSTDIR/openssl linux-elf
   ./config -shared --prefix=$INSTDIR/openssl
diff --git a/gitian/descriptors/mac/gitian-tor.yml b/gitian/descriptors/mac/gitian-tor.yml
index 7707555..c0b483b 100644
--- a/gitian/descriptors/mac/gitian-tor.yml
+++ b/gitian/descriptors/mac/gitian-tor.yml
@@ -22,8 +22,9 @@ remotes:
   "dir": "libevent"
 - "url": "https://github.com/madler/zlib.git"
   "dir": "zlib"
+- "url": "https://github.com/nmathewson/openssl.git"
+  "dir": "openssl"
 files:
-- "openssl.tar.gz"
 - "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb"
 - "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz"
 - "dzip.sh"
@@ -64,8 +65,7 @@ script: |
   #cp $INSTDIR/zlib/lib/*.dylib $INSTDIR/Tor/
   #cd ..
   #
-  tar xzf openssl.tar.gz
-  cd openssl-*
+  cd openssl
   find -type f | xargs touch --date="$REFERENCE_DATETIME"
   ./Configure --cross-compile-prefix=i686-apple-darwin11- $CFLAGS darwin-i386-cc --prefix=$INSTDIR/openssl
   make # SHARED_LDFLAGS="-shared -dynamiclib -L/usr/lib/apple/SDKs/MacOSX10.6.sdk/usr/lib/"
diff --git a/gitian/descriptors/windows/gitian-tor.yml b/gitian/descriptors/windows/gitian-tor.yml
index ff32c2e..c1af6a8 100644
--- a/gitian/descriptors/windows/gitian-tor.yml
+++ b/gitian/descriptors/windows/gitian-tor.yml
@@ -22,8 +22,9 @@ remotes:
   "dir": "libevent"
 - "url": "https://github.com/madler/zlib.git"
   "dir": "zlib"
+- "url": "https://github.com/nmathewson/openssl.git"
+  "dir": "openssl"
 files:
-- "openssl.tar.gz"
 - "dzip.sh"
 script: |
   INSTDIR="$HOME/install"
@@ -60,8 +61,7 @@ script: |
   cp $INSTDIR/libevent/bin/*.dll $INSTDIR/Tor/
   cd ..
   #
-  tar xzf openssl.tar.gz
-  cd openssl-*
+  cd openssl
   find -type f | xargs touch --date="$REFERENCE_DATETIME"
   ./Configure -shared --cross-compile-prefix=i686-w64-mingw32- mingw --prefix=$INSTDIR/openssl
   make
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index 7c71772..9295a1f 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -103,20 +103,20 @@ update_git() {
 # Get package files from mirror
 
 # Get+verify sigs that exist
-for i in OPENSSL # OBFSPROXY
-do
-  PACKAGE="${i}_PACKAGE"
-  URL="${MIRROR_URL}${!PACKAGE}"
-  SUFFIX="asc"
-  get "${!PACKAGE}" "$URL"
-  get "${!PACKAGE}.$SUFFIX" "$URL.$SUFFIX"
-
-  if ! verify "${!PACKAGE}" "$WRAPPER_DIR/gpg/$i.gpg" $SUFFIX; then
-    echo "$i: GPG signature is broken for ${URL}"
-    mv "${!PACKAGE}" "${!PACKAGE}.badgpg"
-    exit 1
-  fi
-done
+#for i in OPENSSL # OBFSPROXY
+#do
+#  PACKAGE="${i}_PACKAGE"
+#  URL="${MIRROR_URL}${!PACKAGE}"
+#  SUFFIX="asc"
+#  get "${!PACKAGE}" "$URL"
+#  get "${!PACKAGE}.$SUFFIX" "$URL.$SUFFIX"
+#
+#  if ! verify "${!PACKAGE}" "$WRAPPER_DIR/gpg/$i.gpg" $SUFFIX; then
+#    echo "$i: GPG signature is broken for ${URL}"
+#    mv "${!PACKAGE}" "${!PACKAGE}.badgpg"
+#    exit 1
+#  fi
+#done
 
 for i in BINUTILS GCC
 do
@@ -147,7 +147,7 @@ done
 # TOOLCHAIN4 each time. Rely only on SHA256 for now..
 mkdir -p verify
 cd verify
-for i in OPENSSL OSXSDK
+for i in OSXSDK #OPENSSL
 do
   URL="${i}_URL"
   PACKAGE="${i}_PACKAGE"
@@ -177,7 +177,7 @@ fi
 
 # Verify packages with weak or no signatures via direct sha256 check
 # (OpenSSL is signed with MD5, and OSXSDK is not signed at all)
-for i in OPENSSL OSXSDK TOOLCHAIN4 NOSCRIPT PDFJS MINGW MSVCR100
+for i in OSXSDK TOOLCHAIN4 NOSCRIPT PDFJS MINGW MSVCR100 # OPENSSL
 do
    PACKAGE="${i}_PACKAGE"
    HASH="${i}_HASH"
@@ -214,7 +214,6 @@ cd ..
 
 ln -sf "$NOSCRIPT_PACKAGE" noscript at noscript.net.xpi
 ln -sf "$PDFJS_PACKAGE" uriloader at pdf.js.xpi
-ln -sf "$OPENSSL_PACKAGE" openssl.tar.gz
 ln -sf "$BINUTILS_PACKAGE" binutils.tar.bz2
 ln -sf "$GCC_PACKAGE" gcc.tar.bz2
  
@@ -233,6 +232,7 @@ while read dir url tag; do
   update_git "$dir" "$url" "$tag"
 done << EOF
 tbb-windows-installer https://github.com/moba/tbb-windows-installer.git
+openssl               https://github.com/nmathewson/openssl.git
 zlib                  https://github.com/madler/zlib.git
 libevent              https://github.com/libevent/libevent.git
 tor-launcher          https://git.torproject.org/tor-launcher.git
diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh
index dc73f96..7db7316 100755
--- a/gitian/mkbundle-linux.sh
+++ b/gitian/mkbundle-linux.sh
@@ -65,6 +65,7 @@ then
   GITIAN_TAG=refs/tags/$GITIAN_TAG
   TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG
   TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG
+  OPENSSL_TAG=refs/tags/$OPENSSL_TAG
   TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG
   TOR_TAG=refs/tags/$TOR_TAG
   HTTPSE_TAG=refs/tags/$HTTPSE_TAG
@@ -80,7 +81,7 @@ then
   echo "****** Starting Tor Component of Linux Bundle (1/3 for Linux) ******"
   echo 
 
-  ./bin/gbuild -j $NUM_PROCS --commit zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/linux/gitian-tor.yml
+  ./bin/gbuild -j $NUM_PROCS --commit openssl=$OPENSSL_TAG,zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/linux/gitian-tor.yml
   if [ $? -ne 0 ];
   then
     #mv var/build.log ./tor-fail-linux.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh
index 42eb9ef..6ddcf24 100755
--- a/gitian/mkbundle-mac.sh
+++ b/gitian/mkbundle-mac.sh
@@ -65,6 +65,7 @@ then
   GITIAN_TAG=refs/tags/$GITIAN_TAG
   TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG
   TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG
+  OPENSSL_TAG=refs/tags/$OPENSSL_TAG
   TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG
   TOR_TAG=refs/tags/$TOR_TAG
   HTTPSE_TAG=refs/tags/$HTTPSE_TAG
@@ -80,7 +81,7 @@ then
   echo "****** Starting Tor Component of Mac Bundle (1/3 for Mac) ******"
   echo 
 
-  ./bin/gbuild -j $NUM_PROCS --commit zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/mac/gitian-tor.yml
+  ./bin/gbuild -j $NUM_PROCS --commit openssl=$OPENSSL_TAG,zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/mac/gitian-tor.yml
   if [ $? -ne 0 ];
   then
     #mv var/build.log ./tor-fail-mac.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/mkbundle-windows.sh b/gitian/mkbundle-windows.sh
index 16a1454..5241722 100755
--- a/gitian/mkbundle-windows.sh
+++ b/gitian/mkbundle-windows.sh
@@ -66,6 +66,7 @@ then
   GITIAN_TAG=refs/tags/$GITIAN_TAG
   TORLAUNCHER_TAG=refs/tags/$TORLAUNCHER_TAG
   TORBROWSER_TAG=refs/tags/$TORBROWSER_TAG
+  OPENSSL_TAG=refs/tags/$OPENSSL_TAG
   TORBUTTON_TAG=refs/tags/$TORBUTTON_TAG
   TOR_TAG=refs/tags/$TOR_TAG
   HTTPSE_TAG=refs/tags/$HTTPSE_TAG
@@ -81,7 +82,7 @@ then
   echo "****** Starting Tor Component of Windows Bundle (1/3 for Windows) ******"
   echo 
 
-  ./bin/gbuild -j $NUM_PROCS --commit zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/windows/gitian-tor.yml
+  ./bin/gbuild -j $NUM_PROCS --commit openssl=$OPENSSL_TAG,zlib=$ZLIB_TAG,libevent=$LIBEVENT_TAG,tor=$TOR_TAG $DESCRIPTOR_DIR/windows/gitian-tor.yml
   if [ $? -ne 0 ];
   then
     #mv var/build.log ./tor-fail-win32.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh
index 055cac5..73016a8 100755
--- a/gitian/verify-tags.sh
+++ b/gitian/verify-tags.sh
@@ -60,6 +60,7 @@ zlib                  zlib.gpg                  $ZLIB_TAG
 libevent              libevent.gpg              $LIBEVENT_TAG
 tor                   tor.gpg                   $TOR_TAG
 https-everywhere      https-everywhere.gpg      $HTTPSE_TAG
+openssl               tor.gpg                   $OPENSSL_TAG
 EOF
 
 cd "$INPUTS_DIR"
diff --git a/gitian/versions b/gitian/versions
index 02afa2b..f2b712a 100755
--- a/gitian/versions
+++ b/gitian/versions
@@ -5,6 +5,7 @@ VERIFY_TAGS=1
 
 TORBROWSER_TAG=tor-browser-17.0.10esr-3.0beta1-build2
 TOR_TAG=tor-0.2.4.17-rc
+OPENSSL_TAG=openssl-101e-no-gmt-time-v1
 TORLAUNCHER_TAG=0.2.3.1-beta
 TORBUTTON_TAG=1.6.4
 HTTPSE_TAG=3.4.2
@@ -15,13 +16,13 @@ MINGW_REV=5830
 
 GITIAN_TAG=tor-browser-builder-3.0-4
 
-OPENSSL_VER=1.0.1e
+# OPENSSL_VER=1.0.1e
 FIREFOX_LANG_VER=17.0.10esr
 BINUTILS_VER=2.22
 GCC_VER=4.6.3
 
 ## File names for the source packages
-OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
+# OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.2-fx+fn+sm.xpi
 PDFJS_PACKAGE=pdf_viewer-0.8.1-sm+fx+an.xpi
 TOOLCHAIN4_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz
@@ -32,7 +33,7 @@ BINUTILS_PACKAGE=binutils-${BINUTILS_VER}.tar.bz2
 GCC_PACKAGE=gcc-${GCC_VER}.tar.bz2
 
 # Hashes for packages with weak sigs or no sigs
-OPENSSL_HASH=f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3
+# OPENSSL_HASH=f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3
 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
 TOOLCHAIN4_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9
 NOSCRIPT_HASH=52b309f2e5ca1bee4d0f97cbb342fdac3be6a447c35f744a90348df55eea635f
@@ -41,7 +42,7 @@ MINGW_HASH=457f11d29f6e95425d190711a73955fa54a98a2113ce2c2bfd76291be71e3e2b
 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
 
 ## Non-git package URLs
-OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
+# OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
 TOOLCHAIN4_URL=https://mingw-and-ndk.googlecode.com/files/${TOOLCHAIN4_PACKAGE}
 OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSXSDK_PACKAGE}
 BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE}
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index 83d6b5d..07c1d8e 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -5,6 +5,7 @@ VERIFY_TAGS=0
 
 TORBROWSER_TAG=tor-browser-24.1.0esr-1
 TOR_TAG=tor-0.2.4.17-rc
+OPENSSL_TAG=openssl-101e-no-gmt-time-v1
 TORLAUNCHER_TAG=0.2.3.1-beta
 TORBUTTON_TAG=1.6.4
 HTTPSE_TAG=3.4.2
@@ -15,13 +16,13 @@ MINGW_REV=5830
 
 GITIAN_TAG=tor-browser-builder-3.0-4
 
-OPENSSL_VER=1.0.1e
+# OPENSSL_VER=1.0.1e
 FIREFOX_LANG_VER=24.1.0esr
 BINUTILS_VER=2.22
 GCC_VER=4.6.3
 
 ## File names for the source packages
-OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
+# OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
 NOSCRIPT_PACKAGE=noscript_security_suite-2.6.8.2-fx+fn+sm.xpi
 PDFJS_PACKAGE=pdf_viewer-0.8.1-sm+fx+an.xpi
 TOOLCHAIN4_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz
@@ -32,7 +33,7 @@ BINUTILS_PACKAGE=binutils-${BINUTILS_VER}.tar.bz2
 GCC_PACKAGE=gcc-${GCC_VER}.tar.bz2
 
 # Hashes for packages with weak sigs or no sigs
-OPENSSL_HASH=f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3
+# OPENSSL_HASH=f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3
 OSXSDK_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc
 TOOLCHAIN4_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9
 NOSCRIPT_HASH=52b309f2e5ca1bee4d0f97cbb342fdac3be6a447c35f744a90348df55eea635f
@@ -41,7 +42,7 @@ MINGW_HASH=457f11d29f6e95425d190711a73955fa54a98a2113ce2c2bfd76291be71e3e2b
 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
 
 ## Non-git package URLs
-OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
+# OPENSSL_URL=https://www.openssl.org/source/${OPENSSL_PACKAGE}
 TOOLCHAIN4_URL=https://mingw-and-ndk.googlecode.com/files/${TOOLCHAIN4_PACKAGE}
 OSXSDK_URL=https://launchpad.net/~flosoft/+archive/cross-apple/+files/${OSXSDK_PACKAGE}
 BINUTILS_URL=https://ftp.gnu.org/gnu/binutils/${BINUTILS_PACKAGE}



More information about the tor-commits mailing list