commit 03ab64e39f210f16ac8419974c67eea03a19da6c
parent eb04551f9ad11d367310592ab260895eb48bcb90
Author: SomberNight <somber.night@protonmail.com>
Date: Wed, 6 Mar 2019 04:53:18 +0100
appimage: towards deterministic builds
same-machine build almost works.
$ diffoscope dist/electrum-3.3.4-76-geb04551-dirty-x86_64.AppImage1 dist/electrum-3.3.4-76-geb04551-dirty-x86_64.AppImage2
|############################| 100% Time: 0:00:05
--- dist/electrum-3.3.4-76-geb04551-dirty-x86_64.AppImage1
+++ dist/electrum-3.3.4-76-geb04551-dirty-x86_64.AppImage2
├── readelf --wide --decompress --hex-dump=.digest_md5 {}
│ @@ -1,4 +1,4 @@
│
│ Hex dump of section '.digest_md5':
│ - 0x00000000 77e356ea eefe1459 a40f00d9 ab5c0e00 w.V....Y.....\..
│ + 0x00000000 1dda23b5 31f9024c fe6d2755 e930a41a ..#.1..L.m'U.0..
Diffstat:
2 files changed, 31 insertions(+), 19 deletions(-)
diff --git a/contrib/build-linux/appimage/Dockerfile b/contrib/build-linux/appimage/Dockerfile
@@ -4,21 +4,22 @@ ENV LC_ALL=C.UTF-8 LANG=C.UTF-8
RUN apt-get update -q && \
apt-get install -qy \
- git \
- wget \
- make \
- autotools-dev \
- autoconf \
- libtool \
- xz-utils \
- libssl-dev \
- zlib1g-dev \
- libffi6 \
- libffi-dev \
- libusb-1.0-0-dev \
- libudev-dev \
- gettext \
- libzbar0 \
+ git=1:1.9.1-1ubuntu0.10 \
+ wget=1.15-1ubuntu1.14.04.4 \
+ make=3.81-8.2ubuntu3 \
+ autotools-dev=20130810.1 \
+ autoconf=2.69-6 \
+ libtool=2.4.2-1.7ubuntu1 \
+ xz-utils=5.1.1alpha+20120614-2ubuntu2 \
+ libssl-dev=1.0.1f-1ubuntu2.27 \
+ zlib1g-dev=1:1.2.8.dfsg-1ubuntu1.1 \
+ libffi6=3.1~rc1+r3.0.13-12ubuntu0.2 \
+ libffi-dev=3.1~rc1+r3.0.13-12ubuntu0.2 \
+ libusb-1.0-0-dev=2:1.0.17-1ubuntu2 \
+ libudev-dev=204-5ubuntu20.29 \
+ gettext=0.18.3.1-1ubuntu3.1 \
+ libzbar0=0.10+doc-9build1 \
+ faketime=0.9.5-2 \
&& \
rm -rf /var/lib/apt/lists/* && \
apt-get autoremove -y && \
diff --git a/contrib/build-linux/appimage/build.sh b/contrib/build-linux/appimage/build.sh
@@ -42,21 +42,22 @@ tar xf "$CACHEDIR/Python-$PYTHON_VERSION.tar.xz" -C "$BUILDDIR"
(
cd "$BUILDDIR/Python-$PYTHON_VERSION"
export SOURCE_DATE_EPOCH=1530212462
- ./configure \
+ TZ=UTC faketime -f '2019-01-01 01:01:01' ./configure \
--cache-file="$CACHEDIR/python.config.cache" \
--prefix="$APPDIR/usr" \
--enable-ipv6 \
--enable-shared \
--with-threads \
-q
- make -s
+ TZ=UTC faketime -f '2019-01-01 01:01:01' make -s
make -s install > /dev/null
)
info "building libsecp256k1."
(
- git clone https://github.com/bitcoin-core/secp256k1 "$CACHEDIR"/secp256k1 || (cd "$CACHEDIR"/secp256k1 && git pull)
+ git clone https://github.com/bitcoin-core/secp256k1 "$CACHEDIR"/secp256k1 \
+ || (cd "$CACHEDIR"/secp256k1 && git reset --hard && git pull)
cd "$CACHEDIR"/secp256k1
git reset --hard "$LIBSECP_VERSION"
git clean -f -x -q
@@ -151,13 +152,14 @@ info "finalizing AppDir."
info "stripping binaries from debug symbols."
+# "-R .note.gnu.build-id" also strips the build id
strip_binaries()
{
chmod u+w -R "$APPDIR"
{
printf '%s\0' "$APPDIR/usr/bin/python3.6"
find "$APPDIR" -type f -regex '.*\.so\(\.[0-9.]+\)?$' -print0
- } | xargs -0 --no-run-if-empty --verbose -n1 strip
+ } | xargs -0 --no-run-if-empty --verbose -n1 strip -R .note.gnu.build-id
}
strip_binaries
@@ -182,6 +184,15 @@ rm -rf "$APPDIR"/usr/lib/python3.6/site-packages/PyQt5/Qt/lib/libQt5Location*
rm -rf "$APPDIR"/usr/lib/python3.6/site-packages/PyQt5/Qt/lib/libQt5Test*
rm -rf "$APPDIR"/usr/lib/python3.6/site-packages/PyQt5/Qt/lib/libQt5Xml*
+# these are deleted as they were not deterministic; and are not needed anyway
+find "$APPDIR" -path '*/__pycache__*' -delete
+rm "$APPDIR"/usr/lib/libsecp256k1.a
+rm "$APPDIR"/usr/lib/python3.6/site-packages/pyblake2-*.dist-info/RECORD
+rm "$APPDIR"/usr/lib/python3.6/site-packages/hidapi-*.dist-info/RECORD
+
+
+find -exec touch -d '2000-11-11T11:11:11+00:00' {} +
+
info "creating the AppImage."
(
