[tor-commits] [tor-browser-bundle/master] Bug 18291: Remove some uses of libfaketime
gk at torproject.org
gk at torproject.org
Fri Jun 3 10:05:32 UTC 2016
commit 3acd55740d447b2afb47ab5da5e3eece93337829
Author: Nicolas Vigier <boklm at torproject.org>
Date: Mon May 23 19:58:44 2016 +0200
Bug 18291: Remove some uses of libfaketime
Completely stop using libfaketime for Linux builds. For Windows builds
we have to keep using it for the tor, pluggable-transports and bundle
steps. For OSX builds, we keep it in the bundle steps for the timestamp
added when creating the dmg file with genisoimage.
---
gitian/descriptors/linux/gitian-bundle.yml | 16 ++++-------
gitian/descriptors/linux/gitian-firefox.yml | 30 ++------------------
.../linux/gitian-pluggable-transports.yml | 4 +--
gitian/descriptors/linux/gitian-tor.yml | 4 +--
gitian/descriptors/linux/gitian-utils.yml | 17 +++++------
gitian/descriptors/mac/gitian-firefox.yml | 29 ++-----------------
.../mac/gitian-pluggable-transports.yml | 4 +--
gitian/descriptors/mac/gitian-utils.yml | 33 ++++++++--------------
gitian/descriptors/windows/gitian-firefox.yml | 23 ++-------------
gitian/descriptors/windows/gitian-utils.yml | 15 +++++-----
.../patches/openssl-Make-build-reproducible.patch | 28 ++++++++++++++++++
11 files changed, 67 insertions(+), 136 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index 0316148..105cab7 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -28,8 +28,6 @@ remotes:
"dir": "meek"
- "url": "https://github.com/googlei18n/noto-fonts.git"
"dir": "noto-fonts"
-- "url": "https://github.com/wolfcw/libfaketime"
- "dir": "faketime"
files:
- "tor-browser-linux32-gbuilt.zip"
- "tor-browser-linux64-gbuilt.zip"
@@ -61,21 +59,13 @@ files:
script: |
INSTDIR="$HOME/install"
source versions
+ export REFERENCE_DATETIME
export LIBRARY_PATH="$INSTDIR/lib"
export TZ=UTC
export LC_ALL=C
export TORBROWSER_VERSION=`cat bare-version`
umask 0022
- # Building libfaketime
- cd faketime
- make
- DESTDIR="$INSTDIR/faketime" make install
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME=$REFERENCE_DATETIME
- export FAKETIME_SKIP_CMDS="rsync"
- cd ..
-
mkdir -p $OUTDIR/
# When we build with MULTI_LINGUAL=1, the browser will be packaged inside a
# directory named tor-browser (instead of tor-browser_en-US). Therefore we
@@ -202,6 +192,7 @@ script: |
cp defaults/preferences/000-tor-browser.js ~/build/
# Set the locale of the bundle.
echo "pref(\"general.useragent.locale\", \"en-US\");" >> defaults/preferences/000-tor-browser.js
+ touch --date="$REFERENCE_DATETIME" defaults/preferences/000-tor-browser.js
zip -Xm omni.ja defaults/preferences/000-tor-browser.js
rm -rf defaults
popd
@@ -237,6 +228,7 @@ script: |
# app.update.url).
pushd ${PKG_DIR}/Browser/
echo ${PKG_LOCALE} > update.locale
+ touch --date="$REFERENCE_DATETIME" update.locale
zip -Xm omni.ja update.locale
popd
fi
@@ -267,6 +259,7 @@ script: |
cp ~/build/000-tor-browser.js defaults/preferences/
# Set the locale of the bundle.
echo "pref(\"general.useragent.locale\", \"$LANG\");" >> defaults/preferences/000-tor-browser.js
+ touch --date="$REFERENCE_DATETIME" defaults/preferences/000-tor-browser.js
zip -Xm omni.ja defaults/preferences/000-tor-browser.js
rm -rf defaults
popd
@@ -276,6 +269,7 @@ script: |
# recreate precomplete file (needs to be accurate for full MAR updates).
pushd tor-browser_$LANG/Browser/
echo "$LANG" > update.locale
+ touch --date="$REFERENCE_DATETIME" update.locale
zip -Xm omni.ja update.locale
rm -rf dictionaries
rm -f precomplete
diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml
index 22dcbd4..1316ed8 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -28,8 +28,6 @@ reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://git.torproject.org/tor-browser.git"
"dir": "tor-browser"
-- "url": "https://github.com/wolfcw/libfaketime"
- "dir": "faketime"
files:
- "binutils-linux32-utils.zip"
- "binutils-linux64-utils.zip"
@@ -41,6 +39,7 @@ files:
script: |
source versions
INSTDIR="$HOME/install"
+ export REFERENCE_DATETIME
export CFLAGS="-frandom-seed=tor"
export CXXFLAGS="-frandom-seed=tor"
export TZ=UTC
@@ -87,42 +86,17 @@ script: |
mkdir -p $INSTDIR/Debug/Browser/components
mkdir -p $INSTDIR/Debug/Browser/browser/components
- # Building libfaketime
- cd faketime
- make
- DESTDIR="$INSTDIR/faketime" make install
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME=$REFERENCE_DATETIME
- cd ..
-
cd tor-browser
# .git and the src takes up a lot of useless space, and we need the space to build
rm -rf .git
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
rm -f configure
rm -f js/src/configure
- # |configure| can't cope with nano seconds faked. And even if we would revert
- # that feature it would hang sometimes for unknown but to libfaketime related
- # reasons.
- export LD_PRELOAD=""
+ export MOZ_BUILD_DATE=$(date -d "$REFERENCE_DATETIME" +%Y%m%d%H%M%S)
make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts"
- # We need libfaketime for all the timestamps e.g. written into the libraries.
- # BUT we need to exclude |make build| from it. Otherwise the build fails close
- # to the end, see #12461 comment 8 and later. Additionally, we need to avoid
- # breaking the ICU compilation. Exlcuding |bash| helps here. See #12461
- # comment 13. Finally, we need to exclude |python2.7| as not doing so would
- # stall the build right at the beginning. See #13877.
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME_SKIP_CMDS="python2.7,bash,make"
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
make $MAKEOPTS -f client.mk build
- # Packaging is broken with libfaketime enabled, thus we disable it again. See
- # #12461 comments 11 and 12 for details.
- export LD_PRELOAD=""
make -C obj-* package INNER_MAKE_PACKAGE=true
- # Without libfaketime enabled we would get different omni.ja and *debug.zip
- # files.
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
cp -a obj-*/dist/firefox/* $INSTDIR/Browser/
# Remove firefox-bin (we don't use it, see ticket #10126)
rm -f $INSTDIR/Browser/firefox-bin
diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml
index a1cdc48..38804dd 100644
--- a/gitian/descriptors/linux/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml
@@ -7,7 +7,6 @@ architectures:
- "i386"
- "amd64"
packages:
-- "faketime"
- "unzip"
- "python-setuptools"
- "python-dev"
@@ -57,7 +56,7 @@ script: |
INSTDIR="$HOME/install"
PTDIR="$INSTDIR/Tor/PluggableTransports"
mkdir -p $PTDIR
- export FAKETIME=$REFERENCE_DATETIME
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
export PYTHON=python2
@@ -262,7 +261,6 @@ script: |
cd ../..
# Grabbing the results and making sure timestamps don't spoil them
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
cd $INSTDIR
~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/
cp pluggable-transports-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/
diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index bc1dc67..bfb683a 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -7,7 +7,6 @@ architectures:
- "i386"
- "amd64"
packages:
-- "faketime"
- "unzip"
- "automake"
- "libtool"
@@ -30,7 +29,7 @@ files:
script: |
INSTDIR="$HOME/install"
source versions
- export FAKETIME=$REFERENCE_DATETIME
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
@@ -94,7 +93,6 @@ script: |
done
# Grabbing the results and making sure timestamps don't spoil them
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
~/build/dzip.sh tor-linux$GBUILD_BITS-gbuilt.zip Data/ Tor/
~/build/dzip.sh tor-linux$GBUILD_BITS-debug.zip Debug/
cp tor-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/
diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml
index e8801cc..0adcf5d 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -7,7 +7,6 @@ architectures:
- "i386"
- "amd64"
packages:
-- "faketime"
- "automake"
- "libtool"
- "zip"
@@ -33,6 +32,7 @@ files:
- "binutils.tar.bz2"
- "gcc.tar.bz2"
- "openssl.tar.gz"
+- "openssl-Make-build-reproducible.patch"
- "gmp.tar.bz2"
- "versions"
- "dzip.sh"
@@ -41,7 +41,7 @@ script: |
source versions
export TZ=UTC
export LC_ALL=C
- export FAKETIME=$REFERENCE_DATETIME
+ export REFERENCE_DATETIME
umask 0022
# Config options for hardening-wrapper
@@ -76,10 +76,6 @@ script: |
# anymore. It seems it got audited for those problems already:
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48817.
export DEB_BUILD_HARDENING_FORMAT=0
- # libfaketime gets into our way when building GCC 4.9.x. See:
- # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61314 for details. Thus, we
- # avoid it for the toolchain and cross our fingers.
- # TODO: Test a newer libfaketime than 0.8.
# Building GCC
tar xjf gcc.tar.bz2
cd gcc-*
@@ -99,9 +95,9 @@ script: |
cd ..
# Building OpenSSL
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
tar xzf openssl.tar.gz
cd openssl-*
+ patch -p1 < ../openssl-Make-build-reproducible.patch
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
if [ $GBUILD_BITS == "64" ];
then
@@ -115,8 +111,6 @@ script: |
make install
cd ..
- export LD_PRELOAD=""
-
# Building GMP
tar xjf gmp.tar.bz2
cd gmp-*
@@ -131,7 +125,10 @@ script: |
cd ..
# Grabbing the remaining results and making sure timestamps don't spoil them
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
+ # Since we stopped using libfaketime, the binutils, gcc, openssl,
+ # libevent archives are no longer reproducible. The main reason
+ # is that they include some .a archives which include timestamps.
+ # Those files are however not part of the files we ship.
cd $INSTDIR
~/build/dzip.sh binutils-$BINUTILS_VER-linux$GBUILD_BITS-utils.zip binutils
~/build/dzip.sh gcc-$GCC_VER-linux$GBUILD_BITS-utils.zip gcc
diff --git a/gitian/descriptors/mac/gitian-firefox.yml b/gitian/descriptors/mac/gitian-firefox.yml
index 17c4c8b..fdec679 100644
--- a/gitian/descriptors/mac/gitian-firefox.yml
+++ b/gitian/descriptors/mac/gitian-firefox.yml
@@ -15,8 +15,6 @@ reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://git.torproject.org/tor-browser.git"
"dir": "tor-browser"
-- "url": "https://github.com/wolfcw/libfaketime"
- "dir": "faketime"
files:
- "clang-linux64-wheezy-utils.zip"
- "cctools.tar.gz"
@@ -24,11 +22,11 @@ files:
- "re-dzip.sh"
- "dzip.sh"
- "fix-info-plist.py"
-- "libfaketime.patch"
- "versions"
script: |
INSTDIR="$HOME/install/"
source versions
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
@@ -36,18 +34,6 @@ script: |
mkdir -p $INSTDIR/TorBrowser.app/Contents/MacOS/
mkdir -p $OUTDIR/
- # Building libfaketime.
- cd faketime
- export GIT_COMMITTER_NAME="nobody"
- export GIT_COMMITTER_EMAIL="nobody at localhost"
- export GIT_COMMITTER_DATE="$REFERENCE_DATETIME"
- git am ~/build/libfaketime.patch
- make
- DESTDIR="$INSTDIR/faketime" make install
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME=$REFERENCE_DATETIME
- cd ..
-
cd tor-browser
# Extracting all the necessary tools
tar xaf ../MacOSX10.7.sdk.tar.gz
@@ -62,20 +48,9 @@ script: |
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
rm -f configure
rm -f js/src/configure
- # |configure| can't cope with nano seconds faked. And even if we would revert
- # that feature it would hang sometimes for unknown but to libfaketime related
- # reasons.
- export LD_PRELOAD=""
+ export MOZ_BUILD_DATE=$(date -d "$REFERENCE_DATETIME" +%Y%m%d%H%M%S)
make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts"
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
- # We need libfaketime for all the timestamps e.g. written into the libraries.
- # BUT we need to exclude |make build| from it. Otherwise the build fails close
- # to the end, see #12812 comment 6 and #12461 comment 8 and later.
- # Additionally, we need to exclude |rsync| due to #10153 which is reproducible
- # reliably with the new libfaketime and |python2.7| as well as the build would
- # stall otherwise right at the beginning. See #13877 for details.
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME_SKIP_CMDS="python2.7,rsync,make"
make $MAKEOPTS -f client.mk build
#
make -C obj-macos package INNER_MAKE_PACKAGE=true
diff --git a/gitian/descriptors/mac/gitian-pluggable-transports.yml b/gitian/descriptors/mac/gitian-pluggable-transports.yml
index 33b134e..cb7ac5c 100644
--- a/gitian/descriptors/mac/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/mac/gitian-pluggable-transports.yml
@@ -6,7 +6,6 @@ suites:
architectures:
- "i386"
packages:
-- "faketime"
- "unzip"
- "python-setuptools"
- "python-dev"
@@ -69,8 +68,7 @@ script: |
INCLUDE_FTE=1
fi
export LIBRARY_PATH="$INSTDIR/lib"
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
- export FAKETIME=$REFERENCE_DATETIME
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
diff --git a/gitian/descriptors/mac/gitian-utils.yml b/gitian/descriptors/mac/gitian-utils.yml
index cef1533..33db2e8 100644
--- a/gitian/descriptors/mac/gitian-utils.yml
+++ b/gitian/descriptors/mac/gitian-utils.yml
@@ -7,7 +7,6 @@ architectures:
- "i386"
- "amd64"
packages:
-- "faketime"
- "automake"
- "libtool"
- "zip"
@@ -15,8 +14,6 @@ reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://github.com/libevent/libevent.git"
"dir": "libevent"
-- "url": "https://github.com/wolfcw/libfaketime"
- "dir": "faketime"
- "url": "https://github.com/llvm-mirror/llvm"
"dir": "llvm"
- "url": "https://github.com/llvm-mirror/clang"
@@ -27,13 +24,14 @@ files:
- "apple-uni-sdk-10.6_20110407-0.flosoft1_i386.deb"
- "multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz"
- "openssl.tar.gz"
+- "openssl-Make-build-reproducible.patch"
- "gmp.tar.bz2"
- "versions"
- "dzip.sh"
-- "libfaketime.patch"
script: |
INSTDIR="$HOME/install"
source versions
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
@@ -56,21 +54,13 @@ script: |
make $MAKEOPTS
make install
cd $INSTDIR
+ # Since we stopped using libfaketime, the clang archive is no longer
+ # reproducible. The reason is that it includes some .a archives and
+ # other files which include timestamps.
+ # Those files are however not part of the files we ship.
~/build/dzip.sh clang-$CLANG_VER-linux64-wheezy-utils.zip clang
cp *utils.zip $OUTDIR/
else
- # Building libfaketime.
- cd faketime
- export GIT_COMMITTER_NAME="nobody"
- export GIT_COMMITTER_EMAIL="nobody at localhost"
- export GIT_COMMITTER_DATE="$REFERENCE_DATETIME"
- git am ~/build/libfaketime.patch
- make
- DESTDIR="$INSTDIR/faketime" make install
- export FAKETIME_SKIP_CMDS="make"
- export FAKETIME=$REFERENCE_DATETIME
- cd ..
-
# dpkg requires sbin directories in the PATH
export PATH="/usr/sbin:/sbin:$PATH"
sudo dpkg -i *.deb
@@ -91,7 +81,6 @@ script: |
./autogen.sh
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
./configure --disable-static --host=i686-apple-darwin11 --prefix=$INSTDIR/libevent
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
make $MAKEOPTS
make install
cd ..
@@ -99,6 +88,7 @@ script: |
# Building OpenSSL
tar xzf openssl.tar.gz
cd openssl-*
+ patch -p1 < ../openssl-Make-build-reproducible.patch
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
# TODO: Add enable-ec_nistp_64_gcc_128 for 64bit OS X.
./Configure --cross-compile-prefix=i686-apple-darwin11- $CFLAGS darwin64-x86_64-cc --prefix=$INSTDIR/openssl enable-ec_nistp_64_gcc_128
@@ -111,20 +101,19 @@ script: |
# Building GMP
tar xjf gmp.tar.bz2
cd gmp-*
- # |configure| can't cope with nano seconds faked. And even if we would revert
- # that feature it would hang sometimes for unknown but to libfaketime related
- # reasons.
- export LD_PRELOAD=""
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
# Even if we are not shipping libgmpxx anymore we still need --enable-xcc
# during compile time.
./configure --host=x86_64-apple-darwin11 --prefix=$INSTDIR/gmp --disable-static --enable-shared --enable-cxx
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
make
make install
cd ..
# Grabbing the results
+ # Since we stopped using libfaketime, the openssl archive is no
+ # longer reproducible. The main reason is that it includes some .a
+ # archives which include timestamps.
+ # Those files are however not part of the files we ship.
cd $INSTDIR
~/build/dzip.sh openssl-$OPENSSL_VER-mac64-utils.zip openssl
~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-mac64-utils.zip libevent
diff --git a/gitian/descriptors/windows/gitian-firefox.yml b/gitian/descriptors/windows/gitian-firefox.yml
index 2686c5f..3261199 100644
--- a/gitian/descriptors/windows/gitian-firefox.yml
+++ b/gitian/descriptors/windows/gitian-firefox.yml
@@ -12,8 +12,6 @@ reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://git.torproject.org/tor-browser.git"
"dir": "tor-browser"
-- "url": "https://github.com/wolfcw/libfaketime"
- "dir": "faketime"
files:
- "gcc-linux32-precise-utils.zip"
- "mingw-w64-win32-utils.zip"
@@ -28,6 +26,7 @@ files:
script: |
INSTDIR="$HOME/install"
source versions
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
@@ -44,14 +43,6 @@ script: |
export LD_LIBRARY_PATH=$INSTDIR/gcc/lib
export PATH=$INSTDIR/mingw-w64/bin:$INSTDIR/gcc/bin:$PATH
- # Building libfaketime
- cd faketime
- make
- DESTDIR="$INSTDIR/faketime" make install
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME=$REFERENCE_DATETIME
- cd ..
-
# We don't want to link against msvcrt.dll due to bug 9084.
i686-w64-mingw32-g++ -dumpspecs > msvcr100.spec
sed 's/msvcrt/msvcr100/' -i msvcr100.spec
@@ -82,10 +73,7 @@ script: |
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
rm -f configure
rm -f js/src/configure
- # |configure| can't cope with nano seconds faked. And even if we would revert
- # that feature it would hang sometimes for unknown but to libfaketime related
- # reasons.
- export LD_PRELOAD=""
+ export MOZ_BUILD_DATE=$(date -d "$REFERENCE_DATETIME" +%Y%m%d%H%M%S)
make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts"
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
#
@@ -93,13 +81,6 @@ script: |
cp ~/build/i686* ~/build/bin/
export PATH=~/build/bin:$PATH
#
- # We need libfaketime for all the timestamps e.g. written into the libraries.
- # BUT we need to exclude |make build| from it. Otherwise the build fails close
- # to the end, see #12811 comment 14 and #12461 comment 8 and later.
- # Additionally, we need to exclude |python2.7| as well as the build would
- # stall otherwise right at the beginning. See #13877 for details.
- export LD_PRELOAD="$INSTDIR/faketime/usr/local/lib/faketime/libfaketime.so.1"
- export FAKETIME_SKIP_CMDS="python2.7,make"
make $MAKEOPTS -f client.mk build
#
make -C obj-* package INNER_MAKE_PACKAGE=true
diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml
index 2767bad..0876bff 100644
--- a/gitian/descriptors/windows/gitian-utils.yml
+++ b/gitian/descriptors/windows/gitian-utils.yml
@@ -5,7 +5,6 @@ suites:
architectures:
- "i386"
packages:
-- "faketime"
- "automake"
- "libtool"
- "zip"
@@ -28,6 +27,7 @@ files:
- "binutils.tar.bz2"
- "gcc.tar.bz2"
- "openssl.tar.gz"
+- "openssl-Make-build-reproducible.patch"
- "gmp.tar.bz2"
- "enable-reloc-section-ld.patch"
- "peXXigen.patch"
@@ -39,6 +39,7 @@ files:
script: |
INSTDIR="$HOME/install"
source versions
+ export REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
umask 0022
@@ -115,13 +116,6 @@ script: |
cp i686-w64-mingw32/libgcc/shlib/libgcc_s_sjlj-1.dll $INSTDIR/gcclibs
cd ..
- # XXX: Build the libraries we include into the bundles deterministically. As
- # libfaketime breaks the mingw-w64 build (probably due to bug 11459) we omit
- # the compiler and linker from it. It seems we get away with this strategy
- # and the libgcc* and libss* which we ship, too, are still built in a
- # reproducible fashion.
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
- export FAKETIME=$REFERENCE_DATETIME
# Building zlib
export CFLAGS="-mwindows -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security"
export LDFLAGS="-mwindows -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs/"
@@ -143,6 +137,7 @@ script: |
# Building OpenSSL
tar xzf openssl.tar.gz
cd openssl-*
+ patch -p1 < ../openssl-Make-build-reproducible.patch
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
# TODO: Add enable-ec_nistp_64_gcc_128 for 64bit Windows.
./Configure -shared --cross-compile-prefix=i686-w64-mingw32- mingw "-fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$INSTDIR/gcclibs/" --prefix=$INSTDIR/openssl
@@ -185,6 +180,10 @@ script: |
cd ..
# Grabbing the remaining results
+ # Since we stopped using libfaketime, the gcc, gmp, zlib, openssl,
+ # libevent, mingw-w64 archives are no longer reproducible. The main
+ # reason is that they include some .a archives which include timestamps.
+ # Those files are however not part of the files we ship.
cd $INSTDIR
# We might want to bump binutils independent of bumping mingw-w64.
touch binutils-$BINUTILS_VER-win32-utils.zip
diff --git a/gitian/patches/openssl-Make-build-reproducible.patch b/gitian/patches/openssl-Make-build-reproducible.patch
new file mode 100644
index 0000000..d86f5ba
--- /dev/null
+++ b/gitian/patches/openssl-Make-build-reproducible.patch
@@ -0,0 +1,28 @@
+From b88c021b5a7c539f821b7b7c47c72138cc3c3271 Mon Sep 17 00:00:00 2001
+From: Kurt Roeckx <kurt at roeckx.be>
+Date: Fri, 2 Jan 2015 12:27:57 +0100
+Subject: [PATCH] Make build reproducible
+
+It contained a date on when it was build.
+
+Reviewed-by: Rich Salz <rsalz at openssl.org>
+---
+ crypto/cversion.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/crypto/cversion.c b/crypto/cversion.c
+index 9e6f50d78182..c417d1d1121f 100644
+--- a/crypto/cversion.c
++++ b/crypto/cversion.c
+@@ -68,7 +68,11 @@ const char *SSLeay_version(int t)
+ return OPENSSL_VERSION_TEXT;
+ if (t == SSLEAY_BUILT_ON) {
+ #ifdef DATE
++# ifdef OPENSSL_USE_BUILD_DATE
+ return (DATE);
++# else
++ return("built on: reproducible build, date unspecified");
++# endif
+ #else
+ return ("built on: date not available");
+ #endif
More information about the tor-commits
mailing list