appimage: towards deterministic builds

same-machine build almost works. $ diffoscope dist/electrum-3.3.4-76-geb04551-dirty-x86_64.AppImage1 dist/electrum-3.3.4-76-geb04551-dirty-x86_64.AppImage2 |############################| 100% Time: 0:00:05 --- dist/electrum-3.3.4-76-geb04551-dirty-x86_64.AppImage1 +++ dist/electrum-3.3.4-76-geb04551-dirty-x86_64.AppImage2 ├── readelf --wide --decompress --hex-dump=.digest_md5 {} │ @@ -1,4 +1,4 @@ │ │ Hex dump of section '.digest_md5': │ - 0x00000000 77e356ea eefe1459 a40f00d9 ab5c0e00 w.V....Y.....\.. │ + 0x00000000 1dda23b5 31f9024c fe6d2755 e930a41a ..#.1..L.m'U.0..
6 years ago · 03ab64e39f
2 changed files with 31 additions and 19 deletions
--- a/contrib/build-linux/appimage/Dockerfile
+++ b/contrib/build-linux/appimage/Dockerfile
@ -4,21 +4,22 @@ ENV LC_ALL=C.UTF-8 LANG=C.UTF-8

 RUN apt-get update -q && \
    apt-get install -qy \
-        git \
-        wget \
-        make \
-        autotools-dev \
-        autoconf \
-        libtool \
-        xz-utils \
-        libssl-dev \
-        zlib1g-dev \
-        libffi6 \
-        libffi-dev \
-        libusb-1.0-0-dev \
-        libudev-dev \
-        gettext \
-        libzbar0  \
+        git=1:1.9.1-1ubuntu0.10 \
+        wget=1.15-1ubuntu1.14.04.4 \
+        make=3.81-8.2ubuntu3 \
+        autotools-dev=20130810.1 \
+        autoconf=2.69-6 \
+        libtool=2.4.2-1.7ubuntu1 \
+        xz-utils=5.1.1alpha+20120614-2ubuntu2 \
+        libssl-dev=1.0.1f-1ubuntu2.27 \
+        zlib1g-dev=1:1.2.8.dfsg-1ubuntu1.1 \
+        libffi6=3.1~rc1+r3.0.13-12ubuntu0.2 \
+        libffi-dev=3.1~rc1+r3.0.13-12ubuntu0.2 \
+        libusb-1.0-0-dev=2:1.0.17-1ubuntu2 \
+        libudev-dev=204-5ubuntu20.29 \
+        gettext=0.18.3.1-1ubuntu3.1 \
+        libzbar0=0.10+doc-9build1  \
+        faketime=0.9.5-2 \
        && \
    rm -rf /var/lib/apt/lists/* && \
    apt-get autoremove -y && \
--- a/contrib/build-linux/appimage/build.sh
+++ b/contrib/build-linux/appimage/build.sh
@ -42,21 +42,22 @@ tar xf "$CACHEDIR/Python-$PYTHON_VERSION.tar.xz" -C "$BUILDDIR"
 (
    cd "$BUILDDIR/Python-$PYTHON_VERSION"
    export SOURCE_DATE_EPOCH=1530212462
-    ./configure \
+    TZ=UTC faketime -f '2019-01-01 01:01:01' ./configure \
      --cache-file="$CACHEDIR/python.config.cache" \
      --prefix="$APPDIR/usr" \
      --enable-ipv6 \
      --enable-shared \
      --with-threads \
      -q
-    make -s
+    TZ=UTC faketime -f '2019-01-01 01:01:01' make -s
    make -s install > /dev/null
 )


 info "building libsecp256k1."
 (
-    git clone https://github.com/bitcoin-core/secp256k1 "$CACHEDIR"/secp256k1 || (cd "$CACHEDIR"/secp256k1 && git pull)
+    git clone https://github.com/bitcoin-core/secp256k1 "$CACHEDIR"/secp256k1 \
+        || (cd "$CACHEDIR"/secp256k1 && git reset --hard && git pull)
    cd "$CACHEDIR"/secp256k1
    git reset --hard "$LIBSECP_VERSION"
    git clean -f -x -q
@ -151,13 +152,14 @@ info "finalizing AppDir."


 info "stripping binaries from debug symbols."
+# "-R .note.gnu.build-id" also strips the build id
 strip_binaries()
 {
  chmod u+w -R "$APPDIR"
  {
    printf '%s\0' "$APPDIR/usr/bin/python3.6"
    find "$APPDIR" -type f -regex '.*\.so\(\.[0-9.]+\)?$' -print0
-  } | xargs -0 --no-run-if-empty --verbose -n1 strip
+  } | xargs -0 --no-run-if-empty --verbose -n1 strip -R .note.gnu.build-id
 }
 strip_binaries

@ -182,6 +184,15 @@ rm -rf "$APPDIR"/usr/lib/python3.6/site-packages/PyQt5/Qt/lib/libQt5Location*
 rm -rf "$APPDIR"/usr/lib/python3.6/site-packages/PyQt5/Qt/lib/libQt5Test*
 rm -rf "$APPDIR"/usr/lib/python3.6/site-packages/PyQt5/Qt/lib/libQt5Xml*

+# these are deleted as they were not deterministic; and are not needed anyway
+find "$APPDIR" -path '*/__pycache__*' -delete
+rm "$APPDIR"/usr/lib/libsecp256k1.a
+rm "$APPDIR"/usr/lib/python3.6/site-packages/pyblake2-*.dist-info/RECORD
+rm "$APPDIR"/usr/lib/python3.6/site-packages/hidapi-*.dist-info/RECORD
+
+
+find -exec touch -d '2000-11-11T11:11:11+00:00' {} +
+

 info "creating the AppImage."
 (