gitian: Bump descriptors to Focal for 22.0 #21036
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2fd5168 to
68a6ed5
Compare
|
To make this simpler, I've reverted to just continuing to use GCC 8.4 for the Linux builds. Updated the OP discussion and build hashes. @MarcoFalke I assume the above builds failed because @DrahtBot doesn't yet have a Focal based based vm. |
maflcko
reviewed
Jan 31, 2021
|
If we're planning to go Guix for 22.0, I suggest we just leave gitian at bionic until we can just entirely replace Ubuntu with Guix inside the gitian environment...? |
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
This was referenced Jan 31, 2021
Closed
I really hope so. That said, I don't think Guix transition should affect what we do in gitian. Historically, holding up incremental improvements because something better seems around the corner hasn't worked out that well. |
68a6ed5 to
2af23f4
Compare
I agree. It would be nice to have this in to "unblock" changes like #19716, instead of waiting on Guix in gitian changes, which from what I'm aware no-one is actively working on? I've pushed some changes to address CI updates. At this point the default Docker image should probably be |
|
The changes seem to be:
|
Compilers used change as follows: Linux native GCC 7.5 -> GCC 8.4 Linux cross GCC 8.4 -> GCC 8.4 Windows mingw-w64 7.3 -> mingw-w64 9.3 macOS Clang 8.0.0 -> Clang 8.0.0 The macOS and Win cross builds in the CI are updated to use Focal, and per the op, running the security tests is disabled in the Windows build.
When building with g++-10 (or 8) on Focal, binaries are being produced with noexecstack by default, so we can remove the workaround of explicitly passing "-Wl,-z,noexecstack" for risvc46 and powerpc64le. When building for powerpc64 this is still required.
2af23f4 to
2ecaf21
Compare
This was referenced Feb 4, 2021
Gitian builds
|
maflcko
pushed a commit
to maflcko/bitcoin-core
that referenced
this pull request
Feb 9, 2021
ac24af4 ci: use Ubuntu Focal for macOS cross build (fanquake) Pull request description: I had assumed Cirrus was spinning up Docker containers to run the CI, however we are actaully running on the Cirrus machines themselves. See `DANGER_RUN_CI_ON_HOST` and in the logs: ```bash Running on host system without docker wrapper ``` So with this change we will actually be using Focal for the macOS cross build. Follow up to bitcoin#21036. This originally contained Windows changes, and an attempt to get Cirrus running without `DANGER_RUN_CI_ON_HOST`, however that seems non-trival, so Windows changes have been dropped from here for now. ACKs for top commit: MarcoFalke: cr ACK ac24af4 Tree-SHA512: 587ba5acf741bcefecf1bc262fa1177f565ebfa9de56125eca19ed3c7db7b9aabfb96866e9c140681b88cb7015a3ded2bc6b4b1b235543d6f6e9dfc6984d569f
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Feb 9, 2021
ac24af4 ci: use Ubuntu Focal for macOS cross build (fanquake) Pull request description: I had assumed Cirrus was spinning up Docker containers to run the CI, however we are actaully running on the Cirrus machines themselves. See `DANGER_RUN_CI_ON_HOST` and in the logs: ```bash Running on host system without docker wrapper ``` So with this change we will actually be using Focal for the macOS cross build. Follow up to bitcoin#21036. This originally contained Windows changes, and an attempt to get Cirrus running without `DANGER_RUN_CI_ON_HOST`, however that seems non-trival, so Windows changes have been dropped from here for now. ACKs for top commit: MarcoFalke: cr ACK ac24af4 Tree-SHA512: 587ba5acf741bcefecf1bc262fa1177f565ebfa9de56125eca19ed3c7db7b9aabfb96866e9c140681b88cb7015a3ded2bc6b4b1b235543d6f6e9dfc6984d569f
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Feb 9, 2021
This reverts commit f2c9a6f.
maflcko
pushed a commit
to bitcoin-core/docs
that referenced
this pull request
Feb 10, 2021
6d330ca Update instructions due to the Bionic to Focal migration (Hennadii Stepanov) Pull request description: This PR accommodates the recent changes: - bitcoin/bitcoin#21036 - bitcoin/bitcoin#21130 ACKs for top commit: MarcoFalke: ACK 6d330ca Tree-SHA512: c74d48060cc8e41463f667a4924007fa4befb9a07dd246df4bd93b1538fa29b182463dd36f8a0160a9b3ac623ea84db9fc875839c4350f40400d0db634900242
laanwj
added a commit
to bitcoin-core/gui
that referenced
this pull request
Feb 10, 2021
166266a script: Make LXC container size suitable for gitian builds (Hennadii Stepanov) Pull request description: This change prevents "No space left on device" error. See: - bitcoin/bitcoin#21036 (comment) - bitcoin/bitcoin#21036 (comment) ACKs for top commit: jonasschnelli: ACK 166266a - I had to add this manually to my nighly build base image Tree-SHA512: 47d84c3a65f0a17013b2cb970c34bfa4e600e83066be302ff10280aefefa0a7c6cb6c21a191b3e8e6fcd1c292d1c434cc4769e04626c4536050aced29b34d573
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Feb 11, 2021
…ian builds 166266a script: Make LXC container size suitable for gitian builds (Hennadii Stepanov) Pull request description: This change prevents "No space left on device" error. See: - bitcoin#21036 (comment) - bitcoin#21036 (comment) ACKs for top commit: jonasschnelli: ACK 166266a - I had to add this manually to my nighly build base image Tree-SHA512: 47d84c3a65f0a17013b2cb970c34bfa4e600e83066be302ff10280aefefa0a7c6cb6c21a191b3e8e6fcd1c292d1c434cc4769e04626c4536050aced29b34d573
|
Apparently, gitian/guix builds do not work on bionic now (#21454). |
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Sep 2, 2021
…ian builds 166266a script: Make LXC container size suitable for gitian builds (Hennadii Stepanov) Pull request description: This change prevents "No space left on device" error. See: - bitcoin#21036 (comment) - bitcoin#21036 (comment) ACKs for top commit: jonasschnelli: ACK 166266a - I had to add this manually to my nighly build base image Tree-SHA512: 47d84c3a65f0a17013b2cb970c34bfa4e600e83066be302ff10280aefefa0a7c6cb6c21a191b3e8e6fcd1c292d1c434cc4769e04626c4536050aced29b34d573
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Sep 2, 2021
…ian builds 166266a script: Make LXC container size suitable for gitian builds (Hennadii Stepanov) Pull request description: This change prevents "No space left on device" error. See: - bitcoin#21036 (comment) - bitcoin#21036 (comment) ACKs for top commit: jonasschnelli: ACK 166266a - I had to add this manually to my nighly build base image Tree-SHA512: 47d84c3a65f0a17013b2cb970c34bfa4e600e83066be302ff10280aefefa0a7c6cb6c21a191b3e8e6fcd1c292d1c434cc4769e04626c4536050aced29b34d573
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Oct 23, 2021
2ecaf21 gitian: remove execstack workaround for ricv64 & powerpc64le (fanquake) 5baff2b build: use focal in gitian descriptors (fanquake) Pull request description: This PR changes the gitian descriptors to use Ubuntu Focal (20.04), over Bionic (18.04), moving from GCC 7.5 to GCC 8.4 for native Linux builds, mingw-w64 GCC 7.3 to mingw-w64 GCC 9.3 for Windows builds, while continuing to use GCC 8.4 for all cross builds and Clang 8.0.0 for macOS builds. It also drops the `-Wl,-z,noexecstack` workaround we've been using for the riscv64 and powerpc64le hosts, as it's no-longer needed. One new package is installed in the osx build, `libtinfo5`, as libtinfo5.so is required by our downloaded Clang 8. A bump to Focal will at least be required if we want to update to a newer Qt (5.15, bitcoin#19716) for 22.0, as we need a newer version of [`g++-mingw-w64`](https://packages.ubuntu.com/focal/g++-mingw-w64-x86-64) and the [`mingw-w64`](https://mingw-w64.org/doku.php) headers. This can still be done while continuing to use GCC 8.4 for Linux builds (see below), however the newer `g++-mingw-w64` will be based off of GCC 9.3. **Some considerations** GCC 9 is affected by bitcoin#20005 "memcmp with constants that contain zero bytes are broken in GCC", and the newer `g++-mingw-w64` will be based off of GCC 9.3. The `--no-*` variants of the Windows linker flags (i.e `--no-dynamicbase`) we use to [test our `security-check.py` script](https://github.com/bitcoin/bitcoin/blob/16b784d953365bb2d7ae65acd2b20a79ef8ba7b6/contrib/devtools/test-security-check.py#L53) are not patched into the mingw binutils in Focal (they have been re-added in Groovy (20.10)). This isn't currently an issue, however, we might add a call to `test-security-check` for Guix (bitcoin#20980), and if we wanted to do the same for gitian, it would not work. Note how it's quite "easy" for us to apply the `--no-*` variant patch to our Guix build; it would be quite a bit harder to do in Gitian. Gitian Builds @ 2ecaf21 #### Linux ```bash 8882ea78486fbae4fac574b9089eb1107c6372d0dd7dfcda4f0f930576f9d6c1 bitcoin-2ecaf214331b-aarch64-linux-gnu-debug.tar.gz 50a9e30943b4eee5163edff3331241e745ff32a2c4463c21a6fdc5986e2d0383 bitcoin-2ecaf214331b-aarch64-linux-gnu.tar.gz ec4e55a447fddf033fee33cd5f22bfeda3c3612f059194bcf6238859f7989d7a bitcoin-2ecaf214331b-arm-linux-gnueabihf-debug.tar.gz 444fe1b3b933c00bcbd4a9d86888cff3b61c1215b1debccd2843e842d1224777 bitcoin-2ecaf214331b-arm-linux-gnueabihf.tar.gz 88e486ff465980dc1a4aab9687d142ec6f727ed2c52cf539f69db2877dee83b2 bitcoin-2ecaf214331b-powerpc64-linux-gnu-debug.tar.gz 66144ac264c65cada9d86446e6026c85b04fb88198b8f41b42840f6031db3e6c bitcoin-2ecaf214331b-powerpc64-linux-gnu.tar.gz 34bcc13d78d929d575e34e77a6672f23ca7ea23230b28ec2eed563889352ba86 bitcoin-2ecaf214331b-powerpc64le-linux-gnu-debug.tar.gz b4c5f959664f3063df4330edfe343c17120eb6b556ee1c15c4aeb2c1c54ffd49 bitcoin-2ecaf214331b-powerpc64le-linux-gnu.tar.gz 918fa72ab6f6ebce4e9663c93f72fe26651c260477cbb54749f7eb61438b5cc1 bitcoin-2ecaf214331b-riscv64-linux-gnu-debug.tar.gz f704f9f8c053ffe37d854e2e81e0f4c0614c435dad7f5d82518c681b73a76ae6 bitcoin-2ecaf214331b-riscv64-linux-gnu.tar.gz b59e3a62f1df9d79f30e916b3c9655f654036fe3a420040c53acc8dd9f4162c5 bitcoin-2ecaf214331b-x86_64-linux-gnu-debug.tar.gz a4dc9ca877cc97544e65db11be38406d16f15d74fcdcd2318bb92474729bc60d bitcoin-2ecaf214331b-x86_64-linux-gnu.tar.gz b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz af6ebc91147778e4e6705eade62608dde4d6e60522d79087fa9129bdb7c01199 bitcoin-core-linux-22-res.yml ``` #### Windows ```bash 121a3970a6911cb8c453b2ce37d03f6cbb43333e29db8fa516c68563fb367f43 bitcoin-2ecaf214331b-win-unsigned.tar.gz 6294e9efebe935092f9ba119dc60ad4094f18b51c4181324e54d3057524d6101 bitcoin-2ecaf214331b-win64-debug.zip 5b5a236b63e67f5f6c07ad9aa716aa7b72fb63722c96798b332c6d164738f9cf bitcoin-2ecaf214331b-win64-setup-unsigned.exe c1fa5894c5e02a201637567c80b9bde9024f44673dcd06fd4d489c1709179279 bitcoin-2ecaf214331b-win64.zip b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz 665fd7eb61aed368150db58a254f15fb5efb51a4efa5abcc52571cb7a1a5de22 bitcoin-core-win-22-res.yml ``` #### macOS ```bash 6a1deae7662aa782baa82a42590f862c6bcdc4f4e38daa9b8c2a9eed1fbb5397 bitcoin-2ecaf214331b-osx-unsigned.dmg 1ee843266e84928a4323fa255c833528c2617a2c9fd2f98fb26ba19bbfc1227b bitcoin-2ecaf214331b-osx-unsigned.tar.gz 097b64dadc167d8e5b733421bf1541a40760ad952990f7cf3f35adc6ae2616d0 bitcoin-2ecaf214331b-osx64.tar.gz b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz 6e378fb543928e40c7119b96be6ff773d38506a9a888f8b02c7f1b8a0801a80e bitcoin-core-osx-22-res.yml ``` ACKs for top commit: laanwj: Build script changes review ACK 2ecaf21 Tree-SHA512: 975d5830b787d2e08988f43cbc6e839294171c1d94c8219636308b05f9b77041421612ae67be24a631674670cfc9c2d96d8177f2b3158a78fc3deea19631febf
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Oct 23, 2021
2ecaf21 gitian: remove execstack workaround for ricv64 & powerpc64le (fanquake) 5baff2b build: use focal in gitian descriptors (fanquake) Pull request description: This PR changes the gitian descriptors to use Ubuntu Focal (20.04), over Bionic (18.04), moving from GCC 7.5 to GCC 8.4 for native Linux builds, mingw-w64 GCC 7.3 to mingw-w64 GCC 9.3 for Windows builds, while continuing to use GCC 8.4 for all cross builds and Clang 8.0.0 for macOS builds. It also drops the `-Wl,-z,noexecstack` workaround we've been using for the riscv64 and powerpc64le hosts, as it's no-longer needed. One new package is installed in the osx build, `libtinfo5`, as libtinfo5.so is required by our downloaded Clang 8. A bump to Focal will at least be required if we want to update to a newer Qt (5.15, bitcoin#19716) for 22.0, as we need a newer version of [`g++-mingw-w64`](https://packages.ubuntu.com/focal/g++-mingw-w64-x86-64) and the [`mingw-w64`](https://mingw-w64.org/doku.php) headers. This can still be done while continuing to use GCC 8.4 for Linux builds (see below), however the newer `g++-mingw-w64` will be based off of GCC 9.3. **Some considerations** GCC 9 is affected by bitcoin#20005 "memcmp with constants that contain zero bytes are broken in GCC", and the newer `g++-mingw-w64` will be based off of GCC 9.3. The `--no F438 -*` variants of the Windows linker flags (i.e `--no-dynamicbase`) we use to [test our `security-check.py` script](https://github.com/bitcoin/bitcoin/blob/16b784d953365bb2d7ae65acd2b20a79ef8ba7b6/contrib/devtools/test-security-check.py#L53) are not patched into the mingw binutils in Focal (they have been re-added in Groovy (20.10)). This isn't currently an issue, however, we might add a call to `test-security-check` for Guix (bitcoin#20980), and if we wanted to do the same for gitian, it would not work. Note how it's quite "easy" for us to apply the `--no-*` variant patch to our Guix build; it would be quite a bit harder to do in Gitian. Gitian Builds @ 2ecaf21 #### Linux ```bash 8882ea78486fbae4fac574b9089eb1107c6372d0dd7dfcda4f0f930576f9d6c1 bitcoin-2ecaf214331b-aarch64-linux-gnu-debug.tar.gz 50a9e30943b4eee5163edff3331241e745ff32a2c4463c21a6fdc5986e2d0383 bitcoin-2ecaf214331b-aarch64-linux-gnu.tar.gz ec4e55a447fddf033fee33cd5f22bfeda3c3612f059194bcf6238859f7989d7a bitcoin-2ecaf214331b-arm-linux-gnueabihf-debug.tar.gz 444fe1b3b933c00bcbd4a9d86888cff3b61c1215b1debccd2843e842d1224777 bitcoin-2ecaf214331b-arm-linux-gnueabihf.tar.gz 88e486ff465980dc1a4aab9687d142ec6f727ed2c52cf539f69db2877dee83b2 bitcoin-2ecaf214331b-powerpc64-linux-gnu-debug.tar.gz 66144ac264c65cada9d86446e6026c85b04fb88198b8f41b42840f6031db3e6c bitcoin-2ecaf214331b-powerpc64-linux-gnu.tar.gz 34bcc13d78d929d575e34e77a6672f23ca7ea23230b28ec2eed563889352ba86 bitcoin-2ecaf214331b-powerpc64le-linux-gnu-debug.tar.gz b4c5f959664f3063df4330edfe343c17120eb6b556ee1c15c4aeb2c1c54ffd49 bitcoin-2ecaf214331b-powerpc64le-linux-gnu.tar.gz 918fa72ab6f6ebce4e9663c93f72fe26651c260477cbb54749f7eb61438b5cc1 bitcoin-2ecaf214331b-riscv64-linux-gnu-debug.tar.gz f704f9f8c053ffe37d854e2e81e0f4c0614c435dad7f5d82518c681b73a76ae6 bitcoin-2ecaf214331b-riscv64-linux-gnu.tar.gz b59e3a62f1df9d79f30e916b3c9655f654036fe3a420040c53acc8dd9f4162c5 bitcoin-2ecaf214331b-x86_64-linux-gnu-debug.tar.gz a4dc9ca877cc97544e65db11be38406d16f15d74fcdcd2318bb92474729bc60d bitcoin-2ecaf214331b-x86_64-linux-gnu.tar.gz b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz af6ebc91147778e4e6705eade62608dde4d6e60522d79087fa9129bdb7c01199 bitcoin-core-linux-22-res.yml ``` #### Windows ```bash 121a3970a6911cb8c453b2ce37d03f6cbb43333e29db8fa516c68563fb367f43 bitcoin-2ecaf214331b-win-unsigned.tar.gz 6294e9efebe935092f9ba119dc60ad4094f18b51c4181324e54d3057524d6101 bitcoin-2ecaf214331b-win64-debug.zip 5b5a236b63e67f5f6c07ad9aa716aa7b72fb63722c96798b332c6d164738f9cf bitcoin-2ecaf214331b-win64-setup-unsigned.exe c1fa5894c5e02a201637567c80b9bde9024f44673dcd06fd4d489c1709179279 bitcoin-2ecaf214331b-win64.zip b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz 665fd7eb61aed368150db58a254f15fb5efb51a4efa5abcc52571cb7a1a5de22 bitcoin-core-win-22-res.yml ``` #### macOS ```bash 6a1deae7662aa782baa82a42590f862c6bcdc4f4e38daa9b8c2a9eed1fbb5397 bitcoin-2ecaf214331b-osx-unsigned.dmg 1ee843266e84928a4323fa255c833528c2617a2c9fd2f98fb26ba19bbfc1227b bitcoin-2ecaf214331b-osx-unsigned.tar.gz 097b64dadc167d8e5b733421bf1541a40760ad952990f7cf3f35adc6ae2616d0 bitcoin-2ecaf214331b-osx64.tar.gz b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz 6e378fb543928e40c7119b96be6ff773d38506a9a888f8b02c7f1b8a0801a80e bitcoin-core-osx-22-res.yml ``` ACKs for top commit: laanwj: Build script changes review ACK 2ecaf21 Tree-SHA512: 975d5830b787d2e08988f43cbc6e839294171c1d94c8219636308b05f9b77041421612ae67be24a631674670cfc9c2d96d8177f2b3158a78fc3deea19631febf
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Oct 23, 2021
2ecaf21 gitian: remove execstack workaround for ricv64 & powerpc64le (fanquake) 5baff2b build: use focal in gitian descriptors (fanquake) Pull request description: This PR changes the gitian descriptors to use Ubuntu Focal (20.04), over Bionic (18.04), moving from GCC 7.5 to GCC 8.4 for native Linux builds, mingw-w64 GCC 7.3 to mingw-w64 GCC 9.3 for Windows builds, while continuing to use GCC 8.4 for all cross builds and Clang 8.0.0 for macOS builds. It also drops the `-Wl,-z,noexecstack` workaround we've been using for the riscv64 and powerpc64le hosts, as it's no-longer needed. One new package is installed in the osx build, `libtinfo5`, as libtinfo5.so is required by our downloaded Clang 8. A bump to Focal will at least be required if we want to update to a newer Qt (5.15, bitcoin#19716) for 22.0, as we need a newer version of [`g++-mingw-w64`](https://packages.ubuntu.com/focal/g++-mingw-w64-x86-64) and the [`mingw-w64`](https://mingw-w64.org/doku.php) headers. This can still be done while continuing to use GCC 8.4 for Linux builds (see below), however the newer `g++-mingw-w64` will be based off of GCC 9.3. **Some considerations** GCC 9 is affected by bitcoin#20005 "memcmp with constants that contain zero bytes are broken in GCC", and the newer `g++-mingw-w64` will be based off of GCC 9.3. The `--no-*` variants of the Windows linker flags (i.e `--no-dynamicbase`) we use to [test our `security-check.py` script](https://github.com/bitcoin/bitcoin/blob/16b784d953365bb2d7ae65acd2b20a79ef8ba7b6/contrib/devtools/test-security-check.py#L53) are not patched into the mingw binutils in Focal (they have been re-added in Groovy (20.10)). This isn't currently an issue, however, we might add a call to `test-security-check` for Guix (bitcoin#20980), and if we wanted to do the same for gitian, it would not work. Note how it's quite "easy" for us to apply the `--no-*` variant patch to our Guix build; it would be quite a bit harder to do in Gitian. Gitian Builds @ 2ecaf21 #### Linux ```bash 8882ea78486fbae4fac574b9089eb1107c6372d0dd7dfcda4f0f930576f9d6c1 bitcoin-2ecaf214331b-aarch64-linux-gnu-debug.tar.gz 50a9e30943b4eee5163edff3331241e745ff32a2c4463c21a6fdc5986e2d0383 bitcoin-2ecaf214331b-aarch64-linux-gnu.tar.gz ec4e55a447fddf033fee33cd5f22bfeda3c3612f059194bcf6238859f7989d7a bitcoin-2ecaf214331b-arm-linux-gnueabihf-debug.tar.gz 444fe1b3b933c00bcbd4a9d86888cff3b61c1215b1debccd2843e842d1224777 bitcoin-2ecaf214331b-arm-linux-gnueabihf.tar.gz 88e486ff465980dc1a4aab9687d142ec6f727ed2c52cf539f69db2877dee83b2 bitcoin-2ecaf214331b-powerpc64-linux-gnu-debug.tar.gz 66144ac264c65cada9d86446e6026c85b04fb88198b8f41b42840f6031db3e6c bitcoin-2ecaf214331b-powerpc64-linux-gnu.tar.gz 34bcc13d78d929d575e34e77a6672f23ca7ea23230b28ec2eed563889352ba86 bitcoin-2ecaf214331b-powerpc64le-linux-gnu-debug.tar.gz b4c5f959664f3063df4330edfe343c17120eb6b556ee1c15c4aeb2c1c54ffd49 bitcoin-2ecaf214331b-powerpc64le-linux-gnu.tar.gz 918fa72ab6f6ebce4e9663c93f72fe26651c260477cbb54749f7eb61438b5cc1 bitcoin-2ecaf214331b-riscv64-linux-gnu-debug.tar.gz f704f9f8c053ffe37d854e2e81e0f4c0614c435dad7f5d82518c681b73a76ae6 bitcoin-2ecaf214331b-riscv64-linux-gnu.tar.gz b59e3a62f1df9d79f30e916b3c9655f654036fe3a420040c53acc8dd9f4162c5 bitcoin-2ecaf214331b-x86_64-linux-gnu-debug.tar.gz a4dc9ca877cc97544e65db11be38406d16f15d74fcdcd2318bb92474729bc60d bitcoin-2ecaf214331b-x86_64-linux-gnu.tar.gz b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz af6ebc91147778e4e6705eade62608dde4d6e60522d79087fa9129bdb7c01199 bitcoin-core-linux-22-res.yml ``` #### Windows ```bash 121a3970a6911cb8c453b2ce37d03f6cbb43333e29db8fa516c68563fb367f43 bitcoin-2ecaf214331b-win-unsigned.tar.gz 6294e9efebe935092f9ba119dc60ad4094f18b51c4181324e54d3057524d6101 bitcoin-2ecaf214331b-win64-debug.zip 5b5a236b63e67f5f6c07ad9aa716aa7b72fb63722c96798b332c6d164738f9cf bitcoin-2ecaf214331b-win64-setup-unsigned.exe c1fa5894c5e02a201637567c80b9bde9024f44673dcd06fd4d489c1709179279 bitcoin-2ecaf214331b-win64.zip b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz 665fd7eb61aed368150db58a254f15fb5efb51a4efa5abcc52571cb7a1a5de22 bitcoin-core-win-22-res.yml ``` #### macOS ```bash 6a1deae7662aa782baa82a42590f862c6bcdc4f4e38daa9b8c2a9eed1fbb5397 bitcoin-2ecaf214331b-osx-unsigned.dmg 1ee843266e84928a4323fa255c833528c2617a2c9fd2f98fb26ba19bbfc1227b bitcoin-2ecaf214331b-osx-unsigned.tar.gz 097b64dadc167d8e5b733421bf1541a40760ad952990f7cf3f35adc6ae2616d0 bitcoin-2ecaf214331b-osx64.tar.gz b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz 6e378fb543928e40c7119b96be6ff773d38506a9a888f8b02c7f1b8a0801a80e bitcoin-core-osx-22-res.yml ``` ACKs for top commit: laanwj: Build script changes review ACK 2ecaf21 Tree-SHA512: 975d5830b787d2e08988f43cbc6e839294171c1d94c8219636308b05f9b77041421612ae67be24a631674670cfc9c2d96d8177f2b3158a78fc3deea19631febf
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Dec 4, 2021
2ecaf21 gitian: remove execstack workaround for ricv64 & powerpc64le (fanquake) 5baff2b build: use focal in gitian descriptors (fanquake) Pull request description: This PR changes the gitian descriptors to use Ubuntu Focal (20.04), over Bionic (18.04), moving from GCC 7.5 to GCC 8.4 for native Linux builds, mingw-w64 GCC 7.3 to mingw-w64 GCC 9.3 for Windows builds, while continuing to use GCC 8.4 for all cross builds and Clang 8.0.0 for macOS builds. It also drops the `-Wl,-z,noexecstack` workaround we've been using for the riscv64 and powerpc64le hosts, as it's no-longer needed. One new package is installed in the osx build, `libtinfo5`, as libtinfo5.so is required by our downloaded Clang 8. A bump to Focal will at least be required if we want to update to a newer Qt (5.15, bitcoin#19716) for 22.0, as we need a newer version of [`g++-mingw-w64`](https://packages.ubuntu.com/focal/g++-mingw-w64-x86-64) and the [`mingw-w64`](https://mingw-w64.org/doku.php) headers. This can still be done while continuing to use GCC 8.4 for Linux builds (see below), however the newer `g++-mingw-w64` will be based off of GCC 9.3. **Some considerations** GCC 9 is affected by bitcoin#20005 "memcmp with constants that contain zero bytes are broken in GCC", and the newer `g++-mingw-w64` will be based off of GCC 9.3. The `--no-*` variants of the Windows linker flags (i.e `--no-dynamicbase`) we use to [test our `security-check.py` script](https://github.com/bitcoin/bitcoin/blob/16b784d953365bb2d7ae65acd2b20a79ef8ba7b6/contrib/devtools/test-security-check.py#L53) are not patched into the mingw binutils in Focal (they have been re-added in Groovy (20.10)). This isn't currently an issue, however, we might add a call to `test-security-check` for Guix (bitcoin#20980), and if we wanted to do the same for gitian, it would not work. Note how it's quite "easy" for us to apply the `--no-*` variant patch to our Guix build; it would be quite a bit harder to do in Gitian. Gitian Builds @ 2ecaf21 #### Linux ```bash 8882ea78486fbae4fac574b9089eb1107c6372d0dd7dfcda4f0f930576f9d6c1 bitcoin-2ecaf214331b-aarch64-linux-gnu-debug.tar.gz 50a9e30943b4eee5163edff3331241e745ff32a2c4463c21a6fdc5986e2d0383 bitcoin-2ecaf214331b-aarch64-linux-gnu.tar.gz ec4e55a447fddf033fee33cd5f22bfeda3c3612f059194bcf6238859f7989d7a bitcoin-2ecaf214331b-arm-linux-gnueabihf-debug.tar.gz 444fe1b3b933c00bcbd4a9d86888cff3b61c1215b1debccd2843e842d1224777 bitcoin-2ecaf214331b-arm-linux-gnueabihf.tar.gz 88e486ff465980dc1a4aab9687d142ec6f727ed2c52cf539f69db2877dee83b2 bitcoin-2ecaf214331b-powerpc64-linux-gnu-debug.tar.gz 66144ac264c65cada9d86446e6026c85b04fb88198b8f41b42840f6031db3e6c bitcoin-2ecaf214331b-powerpc64-linux-gnu.tar.gz 34bcc13d78d929d575e34e77a6672f23ca7ea23230b28ec2eed563889352ba86 bitcoin-2ecaf214331b-powerpc64le-linux-gnu-debug.tar.gz b4c5f959664f3063df4330edfe343c17120eb6b556ee1c15c4aeb2c1c54ffd49 bitcoin-2ecaf214331b-powerpc64le-linux-gnu.tar.gz 918fa72ab6f6ebce4e9663c93f72fe26651c260477cbb54749f7eb61438b5cc1 bitcoin-2ecaf214331b-riscv64-linux-gnu-debug.tar.gz f704f9f8c053ffe37d854e2e81e0f4c0614c435dad7f5d82518c681b73a76ae6 bitcoin-2ecaf214331b-riscv64-linux-gnu.tar.gz b59e3a62f1df9d79f30e916b3c9655f654036fe3a420040c53acc8dd9f4162c5 bitcoin-2ecaf214331b-x86_64-linux-gnu-debug.tar.gz a4dc9ca877cc97544e65db11be38406d16f15d74fcdcd2318bb92474729bc60d bitcoin-2ecaf214331b-x86_64-linux-gnu.tar.gz b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz af6ebc91147778e4e6705eade62608dde4d6e60522d79087fa9129bdb7c01199 bitcoin-core-linux-22-res.yml ``` #### Windows ```bash 121a3970a6911cb8c453b2ce37d03f6cbb43333e29db8fa516c68563fb367f43 bitcoin-2ecaf214331b-win-unsigned.tar.gz 6294e9efebe935092f9ba119dc60ad4094f18b51c4181324e54d3057524d6101 bitcoin-2ecaf214331b-win64-debug.zip 5b5a236b63e67f5f6c07ad9aa716aa7b72fb63722c96798b332c6d164738f9cf bitcoin-2ecaf214331b-win64-setup-unsigned.exe c1fa5894c5e02a201637567c80b9bde9024f44673dcd06fd4d489c1709179279 bitcoin-2ecaf214331b-win64.zip b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz 665fd7eb61aed368150db58a254f15fb5efb51a4efa5abcc52571cb7a1a5de22 bitcoin-core-win-22-res.yml ``` #### macOS ```bash 6a1deae7662aa782baa82a42590f862c6bcdc4f4e38daa9b8c2a9eed1fbb5397 bitcoin-2ecaf214331b-osx-unsigned.dmg 1ee843266e84928a4323fa255c833528c2617a2c9fd2f98fb26ba19bbfc1227b bitcoin-2ecaf214331b-osx-unsigned.tar.gz 097b64dadc167d8e5b733421bf1541a40760ad952990f7cf3f35adc6ae2616d0 bitcoin-2ecaf214331b-osx64.tar.gz b40ba2d5da498330ade92a4ccebcceb1452b94c8ffeacb336f87e93b5c88d8af src/bitcoin-2ecaf214331b.tar.gz 6e378fb543928e40c7119b96be6ff773d38506a9a888f8b02c7f1b8a0801a80e bitcoin-core-osx-22-res.yml ``` ACKs for top commit: laanwj: Build script changes review ACK 2ecaf21 Tree-SHA512: 975d5830b787d2e08988f43cbc6e839294171c1d94c8219636308b05f9b77041421612ae67be24a631674670cfc9c2d96d8177f2b3158a78fc3deea19631febf
UdjinM6
added a commit
to dashpay/dash
that referenced
this pull request
Dec 5, 2021
fanquake
added a commit
to fanquake/bitcoin
that referenced
this pull request
Jun 8, 2022
Now that we use GCC 10 for release builds, we no-longer need to pass-Wl,-z,noexecstack to get a non-executable stack in RISC-V binaries. This was originally removed in bitcoin#21036, but then re-added in bitcoin#21799, when we reverted to using GCC 8.
laanwj
added a commit
that referenced
this pull request
Jun 13, 2022
2dcf3e1 guix: re-revert riscv execstack workaround (fanquake) Pull request description: Now that we use GCC 10 for release builds, we no-longer need to pass `-Wl,-z,noexecstack` to get a non-executable stack in RISC-V binaries. This was originally removed in #21036, but then re-added in #21799, when we reverted to using GCC 8. Guix Build (arm64): ```bash 0655a94f88e8e89b1e048ae96e99c7dd45aed32011fe4ed9d03d0d1dfa073650 guix-build-2dcf3e153fbc/output/arm-linux-gnueabihf/SHA256SUMS.part 7c803347073839e2c7d8c1260e691964ab00b149da506edda4dc693df8e7f345 guix-build-2dcf3e153fbc/output/arm-linux-gnueabihf/bitcoin-2dcf3e153fbc-arm-linux-gnueabihf-debug.tar.gz 3b9ce2f349b9a4a463f66c9a2838e8490d4990c5b8dea9ad458b0bafeba8d1ac guix-build-2dcf3e153fbc/output/arm-linux-gnueabihf/bitcoin-2dcf3e153fbc-arm-linux-gnueabihf.tar.gz 557c01453e3cedf6ef171715a02fe63abd7223f779a8c9b94ddc9ec17a4a45e4 guix-build-2dcf3e153fbc/output/arm64-apple-darwin/SHA256SUMS.part 26fcdbd10ad372ef541f519cc4990bdb5d513b51b05252ce9bde6e84258157b9 guix-build-2dcf3e153fbc/output/arm64-apple-darwin/bitcoin-2dcf3e153fbc-arm64-apple-darwin-unsigned.dmg b145a9f6716f8e7f8c23d247fa82a02e4e7b76bebb17d55a1190448d0db5ab23 guix-build-2dcf3e153fbc/output/arm64-apple-darwin/bitcoin-2dcf3e153fbc-arm64-apple-darwin-unsigned.tar.gz f172cd4c799a7ab065a36829fb8d546e83ce6791d9cb326d7cef14ad74d63d7a guix-build-2dcf3e153fbc/output/arm64-apple-darwin/bitcoin-2dcf3e153fbc-arm64-apple-darwin.tar.gz 9a6c886a0bc81e729e3bb50dd972e10c8d4563bcbd917a9ba9c418a6fbe2de71 guix-build-2dcf3e153fbc/output/dist-archive/bitcoin-2dcf3e153fbc.tar.gz 254a11143d61aeb98749cd405ed307cca77e80198d58b7bb669ef9490cc8eaf6 guix-build-2dcf3e153fbc/output/powerpc64-linux-gnu/SHA256SUMS.part 83d7dc51404e328f6965f4d2da0b76fbe0a712d48465d6713348e0c4eb314a0a guix-build-2dcf3e153fbc/output/powerpc64-linux-gnu/bitcoin-2dcf3e153fbc-powerpc64-linux-gnu-debug.tar.gz 522b98c63ab76dac6083a17f6b8f8173e9683f7d79e6f46b0a2e56c48e841a02 guix-build-2dcf3e153fbc/output/powerpc64-linux-gnu/bitcoin-2dcf3e153fbc-powerpc64-linux-gnu.tar.gz 96053b629ba60446f499d19400a25913932a02920bad963aaa12f1b6337b9f6e guix-build-2dcf3e153fbc/output/powerpc64le-linux-gnu/SHA256SUMS.part 147f0b1d07b986879a859e6d6186c339085bcfcac4c5fe30586f94e0ab09ce77 guix-build-2dcf3e153fbc/output/powerpc64le-linux-gnu/bitcoin-2dcf3e153fbc-powerpc64le-linux-gnu-debug.tar.gz c916680e75fb265e4099244cb876c2535c45981fbba9cfef9ad47c3aa58bc60b guix-build-2dcf3e153fbc/output/powerpc64le-linux-gnu/bitcoin-2dcf3e153fbc-powerpc64le-linux-gnu.tar.gz b90329d8531afb450678ec3d0981d3b1542f7b17d2feb0f2630216d0479630ad guix-build-2dcf3e153fbc/output/riscv64-linux-gnu/SHA256SUMS.part c77f02947d57ad2b841d594dca55271c9aecc1ef03f55371e0109ccaa5782aba guix-build-2dcf3e153fbc/output/riscv64-linux-gnu/bitcoin-2dcf3e153fbc-riscv64-linux-gnu-debug.tar.gz 234f54da9df09ef2f330be016d58ab11e81e49644db01b6093050b5fcd5c5c82 guix-build-2dcf3e153fbc/output/riscv64-linux-gnu/bitcoin-2dcf3e153fbc-riscv64-linux-gnu.tar.gz 637f4a77d17493b319fb404e91c949373e0105caff61200f2a62729ca515f6de guix-build-2dcf3e153fbc/output/x86_64-apple-darwin/SHA256SUMS.part 6cbe6c91e0a35df9f92af461f68f823c7d12c37237c33e0169825ba56eb9a7c3 guix-build-2dcf3e153fbc/output/x86_64-apple-darwin/bitcoin-2dcf3e153fbc-x86_64-apple-darwin-unsigned.dmg b9b8cc7317e62a34f2286e07f743d4274b7ad00e93653e281257fc3bc068f30c guix-build-2dcf3e153fbc/output/x86_64-apple-darwin/bitcoin-2dcf3e153fbc-x86_64-apple-darwin-unsigned.tar.gz b846df40c5a956ca02a017fbd2b97bc39caba876f7b6ad080ba1962b9092cb0d guix-build-2dcf3e153fbc/output/x86_64-apple-darwin/bitcoin-2dcf3e153fbc-x86_64-apple-darwin.tar.gz 5260fe7678567af5e73d296bfb115e09cc352e039fa6ae41007a6a93a5d1d6fd guix-build-2dcf3e153fbc/output/x86_64-linux-gnu/SHA256SUMS.part 2ddbf9afe86ff3bcde44a6beb8e1fa2a8b9a35ceae33aa1633878d8c7f611939 guix-build-2dcf3e153fbc/output/x86_64-linux-gnu/bitcoin-2dcf3e153fbc-x86_64-linux-gnu-debug.tar.gz a21eb3ad0671d3f09ce3b1e5263ba6cd9ea56f2c51d849bc39010b9c2b273ebf guix-build-2dcf3e153fbc/output/x86_64-linux-gnu/bitcoin-2dcf3e153fbc-x86_64-linux-gnu.tar.gz 0043277076a16b2baf5dc1957c2e176d5c5d95abe693b3d6bd6dec7ccb9f5481 guix-build-2dcf3e153fbc/output/x86_64-w64-mingw32/SHA256SUMS.part c7271c7ee7361c2f3349a00fd444fcfd42b07dbe77905a5570366312ba413fbc guix-build-2dcf3e153fbc/output/x86_64-w64-mingw32/bitcoin-2dcf3e153fbc-win64-debug.zip 19197d3abd2f422ad860a888578369da453509be3f8cab04cbf80055263b83c9 guix-build-2dcf3e153fbc/output/x86_64-w64-mingw32/bitcoin-2dcf3e153fbc-win64-setup-unsigned.exe 21bfae266d684e95ebe8bcf40102c3ee8468e3d7364f6d6c5c6dd9dfc06b376a guix-build-2dcf3e153fbc/output/x86_64-w64-mingw32/bitcoin-2dcf3e153fbc-win64-unsigned.tar.gz 2feb16aab1fb0007670f816b1e25bff031acca01f68e3b5a8b20d13b60542b48 guix-build-2dcf3e153fbc/output/x86_64-w64-mingw32/bitcoin-2dcf3e153fbc-win64.zip ``` ACKs for top commit: laanwj: ACK 2dcf3e1 hebasto: ACK 2dcf3e1 Tree-SHA512: 04dd2fcd731c6370a903bdc4bff493ed3f4b2c853be47da1a1f8838a6f6b69333464181ea945d513247a81fab1c798b3d2ad61aa8b23314890d9bd83b2f55873
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Jun 13, 2022
2dcf3e1 guix: re-revert riscv execstack workaround (fanquake) Pull request description: Now that we use GCC 10 for release builds, we no-longer need to pass `-Wl,-z,noexecstack` to get a non-executable stack in RISC-V binaries. This was originally removed in bitcoin#21036, but then re-added in bitcoin#21799, when we reverted to using GCC 8. Guix Build (arm64): ```bash 0655a94f88e8e89b1e048ae96e99c7dd45aed32011fe4ed9d03d0d1dfa073650 guix-build-2dcf3e153fbc/output/arm-linux-gnueabihf/SHA256SUMS.part 7c803347073839e2c7d8c1260e691964ab00b149da506edda4dc693df8e7f345 guix-build-2dcf3e153fbc/output/arm-linux-gnueabihf/bitcoin-2dcf3e153fbc-arm-linux-gnueabihf-debug.tar.gz 3b9ce2f349b9a4a463f66c9a2838e8490d4990c5b8dea9ad458b0bafeba8d1ac guix-build-2dcf3e153fbc/output/arm-linux-gnueabihf/bitcoin-2dcf3e153fbc-arm-linux-gnueabihf.tar.gz 557c01453e3cedf6ef171715a02fe63abd7223f779a8c9b94ddc9ec17a4a45e4 guix-build-2dcf3e153fbc/output/arm64-apple-darwin/SHA256SUMS.part 26fcdbd10ad372ef541f519cc4990bdb5d513b51b05252ce9bde6e84258157b9 guix-build-2dcf3e153fbc/output/arm64-apple-darwin/bitcoin-2dcf3e153fbc-arm64-apple-darwin-unsigned.dmg b145a9f6716f8e7f8c23d247fa82a02e4e7b76bebb17d55a1190448d0db5ab23 guix-build-2dcf3e153fbc/output/arm64-apple-darwin/bitcoin-2dcf3e153fbc-arm64-apple-darwin-unsigned.tar.gz f172cd4c799a7ab065a36829fb8d546e83ce6791d9cb326d7cef14ad74d63d7a guix-build-2dcf3e153fbc/output/arm64-apple-darwin/bitcoin-2dcf3e153fbc-arm64-apple-darwin.tar.gz 9a6c886a0bc81e729e3bb50dd972e10c8d4563bcbd917a9ba9c418a6fbe2de71 guix-build-2dcf3e153fbc/output/dist-archive/bitcoin-2dcf3e153fbc.tar.gz 254a11143d61aeb98749cd405ed307cca77e80198d58b7bb669ef9490cc8eaf6 guix-build-2dcf3e153fbc/output/powerpc64-linux-gnu/SHA256SUMS.part 83d7dc51404e328f6965f4d2da0b76fbe0a712d48465d6713348e0c4eb314a0a guix-build-2dcf3e153fbc/output/powerpc64-linux-gnu/bitcoin-2dcf3e153fbc-powerpc64-linux-gnu-debug.tar.gz 522b98c63ab76dac6083a17f6b8f8173e9683f7d79e6f46b0a2e56c48e841a02 guix-build-2dcf3e153fbc/output/powerpc64-linux-gnu/bitcoin-2dcf3e153fbc-powerpc64-linux-gnu.tar.gz 96053b629ba60446f499d19400a25913932a02920bad963aaa12f1b6337b9f6e guix-build-2dcf3e153fbc/output/powerpc64le-linux-gnu/SHA256SUMS.part 147f0b1d07b986879a859e6d6186c339085bcfcac4c5fe30586f94e0ab09ce77 guix-build-2dcf3e153fbc/output/powerpc64le-linux-gnu/bitcoin-2dcf3e153fbc-powerpc64le-linux-gnu-debug.tar.gz c916680e75fb265e4099244cb876c2535c45981fbba9cfef9ad47c3aa58bc60b guix-build-2dcf3e153fbc/output/powerpc64le-linux-gnu/bitcoin-2dcf3e153fbc-powerpc64le-linux-gnu.tar.gz b90329d8531afb450678ec3d0981d3b1542f7b17d2feb0f2630216d0479630ad guix-build-2dcf3e153fbc/output/riscv64-linux-gnu/SHA256SUMS.part c77f02947d57ad2b841d594dca55271c9aecc1ef03f55371e0109ccaa5782aba guix-build-2dcf3e153fbc/output/riscv64-linux-gnu/bitcoin-2dcf3e153fbc-riscv64-linux-gnu-debug.tar.gz 234f54da9df09ef2f330be016d58ab11e81e49644db01b6093050b5fcd5c5c82 guix-build-2dcf3e153fbc/output/riscv64-linux-gnu/bitcoin-2dcf3e153fbc-riscv64-linux-gnu.tar.gz 637f4a77d17493b319fb404e91c949373e0105caff61200f2a62729ca515f6de guix-build-2dcf3e153fbc/output/x86_64-apple-darwin/SHA256SUMS.part 6cbe6c91e0a35df9f92af461f68f823c7d12c37237c33e0169825ba56eb9a7c3 guix-build-2dcf3e153fbc/output/x86_64-apple-darwin/bitcoin-2dcf3e153fbc-x86_64-apple-darwin-unsigned.dmg b9b8cc7317e62a34f2286e07f743d4274b7ad00e93653e281257fc3bc068f30c guix-build-2dcf3e153fbc/output/x86_64-apple-darwin/bitcoin-2dcf3e153fbc-x86_64-apple-darwin-unsigned.tar.gz b846df40c5a956ca02a017fbd2b97bc39caba876f7b6ad080ba1962b9092cb0d guix-build-2dcf3e153fbc/output/x86_64-apple-darwin/bitcoin-2dcf3e153fbc-x86_64-apple-darwin.tar.gz 5260fe7678567af5e73d296bfb115e09cc352e039fa6ae41007a6a93a5d1d6fd guix-build-2dcf3e153fbc/output/x86_64-linux-gnu/SHA256SUMS.part 2ddbf9afe86ff3bcde44a6beb8e1fa2a8b9a35ceae33aa1633878d8c7f611939 guix-build-2dcf3e153fbc/output/x86_64-linux-gnu/bitcoin-2dcf3e153fbc-x86_64-linux-gnu-debug.tar.gz a21eb3ad0671d3f09ce3b1e5263ba6cd9ea56f2c51d849bc39010b9c2b273ebf guix-build-2dcf3e153fbc/output/x86_64-linux-gnu/bitcoin-2dcf3e153fbc-x86_64-linux-gnu.tar.gz 0043277076a16b2baf5dc1957c2e176d5c5d95abe693b3d6bd6dec7ccb9f5481 guix-build-2dcf3e153fbc/output/x86_64-w64-mingw32/SHA256SUMS.part c7271c7ee7361c2f3349a00fd444fcfd42b07dbe77905a5570366312ba413fbc guix-build-2dcf3e153fbc/output/x86_64-w64-mingw32/bitcoin-2dcf3e153fbc-win64-debug.zip 19197d3abd2f422ad860a888578369da453509be3f8cab04cbf80055263b83c9 guix-build-2dcf3e153fbc/output/x86_64-w64-mingw32/bitcoin-2dcf3e153fbc-win64-setup-unsigned.exe 21bfae266d684e95ebe8bcf40102c3ee8468e3d7364f6d6c5c6dd9dfc06b376a guix-build-2dcf3e153fbc/output/x86_64-w64-mingw32/bitcoin-2dcf3e153fbc-win64-unsigned.tar.gz 2feb16aab1fb0007670f816b1e25bff031acca01f68e3b5a8b20d13b60542b48 guix-build-2dcf3e153fbc/output/x86_64-w64-mingw32/bitcoin-2dcf3e153fbc-win64.zip ``` ACKs for top commit: laanwj: ACK 2dcf3e1 hebasto: ACK 2dcf3e1 Tree-SHA512: 04dd2fcd731c6370a903bdc4bff493ed3f4b2c853be47da1a1f8838a6f6b69333464181ea945d513247a81fab1c798b3d2ad61aa8b23314890d9bd83b2f55873
dekm
pushed a commit
to unigrid-project/daemon
that referenced
this pull request
Oct 27, 2022
Now that we use GCC 10 for release builds, we no-longer need to pass-Wl,-z,noexecstack to get a non-executable stack in RISC-V binaries. This was originally removed in bitcoin#21036, but then re-added in bitcoin#21799, when we reverted to using GCC 8.
dekm
added a commit
to unigrid-project/daemon
that referenced
this pull request
Nov 7, 2022
* guix: Add guix-verify script
* guix-attest: Only use cross-platform flags for find+xargs
* guix-attest: Use ascii-armor signatures
* guix-attest: Allow skipping GPG signing with NO_SIGN
* guix: Minor quoting fix in libexec/build.sh
* guix: Construct $OUTDIR in ${DISTSRC}/output
While files are being output to $OUTDIR, it will be under
${DISTSRC}/output, and only when everything is done, will
${DISTSRC}/output be moved to the actual $OUTDIR.
This makes it so that a Ctrl-C in the middle of a build is less likely
to result in a partially-constructed $OUTDIR. In fact, if I understand
correctly, if $OUTDIR and $DISTSRC reside on the same filesystem, the
move (rename) is likely atomic.
Also, since the "working $OUTDIR" is under ${DISTSRC}/output, it will be
cleaned properly by the guix-clean script.
* guix: Attest to inputs in inputs.SHA256SUMS
At build/codesigning-time, hash build inputs and output the digest to
${OUTDIR}/inputs.SHA256SUMS, which gets included in the final SHA256SUMS
constructed by guix-attest.
Example final SHA256SUMS:
ee832d2a35b7701bff581dea05a536118b118e3ad0a587a2855b6ee8cd6fba20 inputs/bitcoin-78199266af7b.tar.gz
ca765e70a0c12866dd63c0be228b675278a26329e5f8f5b5c52fd09200fedf21 bitcoin-78199266af7b-powerpc64le-linux-gnu-debug.tar.gz
dae95327d7f2c324e2728c4b73627be6cb2c0d2f2e5bea940d1d5e6463939327 bitcoin-78199266af7b-powerpc64le-linux-gnu.tar.gz
* guix: Skip attesting to dist-archive
We already attest to the relevant dist-archive in inputs.SHA256SUMS,
which is recorded at build-time.
We use a SKIPATTEST.TAG file to indicate output directories which do not
require attestation (much like the CACHEDIR.TAG specification).
Generally, it's better to have build scripts declare properties of
directories instead of introducing name-based special cases in attest
scripts since build scripts have a more detailed context of what is
going on.
* guix: Consistently use gcc-8 for $HOST
* guix-attest: Avoid incomplete sigdirs with ERR traps
Sometimes GPG connects to the wrong agent... or you don't have your
smartcard handy...
* guix: install LIEF in Guix container
Co-authored-by: Carl Dong <contact@carldong.me>
* build: Makes rcc output always deterministic
The Qt Resource Compiler (rcc) has a command-line option
`--format-version` which has the default value 2.
The only difference from `--format-version 1` is adding a last modified
timestamp to the output file. That, in turn, forces us to use
`QT_RCC_SOURCE_DATE_OVERRIDE=1` to get deterministic builds.
This change makes rcc output always deterministic by using
`--format-version 1` option that makes usage of the
`QT_RCC_SOURCE_DATE_OVERRIDE` needless. Also it improves interaction
with ccache.
Co-authored-by: fanquake <fanquake@gmail.com>
* guix: Reindent existing manifest.scm
* guix: Package codesigning tools
* guix: Add codesigning functionality
* guix: repro: Sort find output in libtool for gcc-8
Otherwise the resulting .a static libraries (e.g. libstdc++.a) will not
be reproducible and end up making the Bitcoin binaries non-reproducible
as well.
See: https://reproducible-builds.org/docs/archives/#gnu-libtool
* guix: Remove dest if OUTDIR mv fails
* guix: Check for disk space availability before building
* Use latest signapple commit
Update gitian and guix to use the same latest signapple commit
* Make SHA256SUMS fragment right after build
* Rewrite guix-{attest,verify} for new hier
* scripts: LIEF 0.11.5
* guix-attest: Error out if SHA256SUMS is unexpected
* guix: Rebase toolchain on glibc 2.24 (2.27 for riscv64)
Support for riscv64 in glibc landed in 2.27 so it's unavoidable that we
use 2.27.
Running a Bitcoin build with toolchains based on 2.24 for platforms
other than riscv64 seem to produce binaries which do not have 2.17
symbols. So use 2.24 since it's more recent and maintained by Debian
Stretch.
* guix: Build depends/qt with our platform definition
Our 'bitcoin-linux-g++' definition better integrates with our depends
system than the stock linux-g++-64 definition.
This fixes a bug whereby Guix builds on x86_64 for x86_64 did not
produce a QMinimalIntegrationPlugin and led to bitcoin-qt not being
built.
* guix: Also sort SHA256SUMS.part
* guix: no-longer pass --enable-glibc-back-compat to Guix
Now that our Guix builds are performed on glibc 2.24 and 2.27 (RISCV),
we no-longer need to pass the --enable-glibc-back-compat option.
Replace it with --disable-threadlocal, to prevent the usage of symbols
from glibc 2.18.
None of the binaries produced required symbols later than 2.17, and 2.27
(RISCV).
* guix: add additional documentation to patches
* Avoid GCC 7.1 ABI change warning in guix build
* guix: Patch binutils to add security-related disable flags
We use these flags in our test-security-check make target, but they are
only available because debian patches them in.
We can patch them in for our Guix builds so that we can check the sanity
of our security/symbol checking suite before running them.
* guix: Test security-check sanity before performing them
* guix: Check for a sane services database
On bare systems, it is possible to be lacking a services database. Check
for basic entries before attempting a build.
See the error message in the diff for more context.
* guix: Update various check_tools lists
* guix: Pin kernel header version
- Use 4.19 for riscv64 (earliest LTS release w/ riscv64 support)
- Use 4.9 for all others (second-oldest LTS release, released in
combination with glibc glibc 2.24 in Debian stretch)
* guix: Bump to version-1.3.0 from upstream
The chosen commit is the HEAD of Guix's version-1.3.0 branch as of July
15th, 2021.
Also fix visual indenting.
* guix: Overhaul README
- Added detailed Guix bootstrap/installation instructions
* guix-attest: Produce and sign normalized documents
That way we can easily combine the document and detached signature to
produce cleartext signature files for upload during the release process.
See subsequent commits which modify doc/release-process.md for more
details.
* guix/INSTALL: Add coreutils/inotify-dir-recreate troubleshooting
* guix/INSTALL: Guix installs init scripts in libdir
* guix: Silence getent(1) invocation
* guix/INSTALL: Misc fixups
* guix/build: Remove vestigial SKIPATTEST.TAG
* guix: Make all.SHA256SUMS rather than codesigned.SHA256SUMS
* guix: Allow changing the base manifest in guix-verify
When verifying guix attestations, it is useful to set a particular
signer's manifest as the base to compare against.
* Updated Readme, Corrected the codesign typo
* script, doc: guix touchups
* guix: Remove extra \r from all.SHA256SUMS line ending
guix-attest mistakenly added an extra \r to the line endings in
all.SHA256SUMS, causing guix-verify to erroneously fail.
Co-Authored-By: Carl Dong <contact@carldong.me>
* guix: Ensure EPOCH_SOURCE_DATE does not include GPG information
If the user has set log.showSignature=true in their git config, then the
git log will always output GPG signature information. Since git log is
used to set EPOCH_SOURCE_DATE, this will mistakenly have GPG signature
information in it which causes issues for the build. To avoid this
issue, we override the config and force log.showSignature=false.
* release: Release with separate SHA256SUMS and sig files
This allows us to remove the rfc4880 EOL hacks and release with a
SHA256SUMS.asc file that's a combination of all signer signatures.
* guix-verify: Non-zero exit code when anything fails
Previously, if verification fails, the correct message will be printed,
but the exit code would still be 0.
* guix: Don't include directory name in SHA256SUMS
The SHA256SUMS file can be used in a sha256sum -c command to verify
downloaded binaries. However users are likely to download just a single
file and not place this file in the correct directory relative to the
SHA256SUMS file for the simple verification command to work. By not
including the directory name in the SHA256SUMS file, it will be easier
for users to verify downloaded binaries.
Co-authored-by: Carl Dong <contact@carldong.me>
* guix/prelude: Override VERSION with FORCE_VERSION
Previously, if the builder exported $VERSION in their environment (as
past Gitian-building docs told them to), but their HEAD does not
actually point to v$VERSION, their build outputs will differ from those
of other builders.
This is because the contrib/guix/guix-* scripts only ever act on the
current git worktree, and does not try to check out $VERSION if $VERSION
is set in the environment.
Setting $VERSION only makes the scripts pretend like the current
worktree is $VERSION.
This problem was seen in jonatack's attestation for all.SHA256SUMS,
where only his bitcoin-22.0rc3-osx-signed.dmg differed from everyone
else's.
Here is my deduced sequence of events:
1. Aug 27th: He guix-builds 22.0rc3 and uploads his attestations up to
guix.sigs
2. Aug 30th, sometime after POSIX time 1630310848: he pulls the latest
changes from master in the same worktree where he guix-built 22.0rc3
and ends up at 7be143a
3. Aug 30th, sometime before POSIX time 1630315907: With his worktree
still on 7be143a, he guix-codesigns. Normally, this would result
in outputs going in guix-build-7be143a960e2, but he had
VERSION=22.0rc3 in his environment, so the guix-* scripts pretended
like he was building 22.0rc3, and used 22.0rc3's guix-build directory
to locate un-codesigned outputs and dump codesigned ones.
However, our SOURCE_DATE_EPOCH defaults to the POSIX time of HEAD
(7be143a), which made all timestamps in the resulting codesigned
DMG 1630310848, 7be143a's POSIX timestamp. This differs from the
POSIX timestamp of 22.0rc3, which is 1630348517. Note that the
windows codesigning procedure does not consider SOURCE_DATE_EPOCH.
We resolve this by only allowing VERSION overrides via the FORCE_VERSION
environment variable.
* build: set OSX_MIN_VERSION to 10.15
This is required to use std::filesystem on macOS as support for it only
landed in the libc++ dylib shipped with 10.15.
See also: https://developer.apple.com/documentation/xcode-release-notes/xcode-11-release-notes
Clang now supports the C++17 <filesystem> library for iOS 13, macOS 10.15, watchOS 6, and tvOS 13.
* Enable TLS in links in documentation
* Integrate univalue into our buildsystem
This addresses issues like the one in bitcoin#12467, where some of our compiler flags
end up being dropped during the subconfigure of Univalue. Specifically, we're
still using the compiler-default c++ version rather than forcing c++17.
We can drop the need subconfigure completely in favor of a tighter build
integration, where the sources are listed separately from the build recipes,
so that they may be included directly by upstream projects. This is
similar to the way leveldb build integration works in Core.
Core benefits of this approach include:
- Better caching (for ex. ccache and autoconf)
- No need for a slow subconfigure
- Faster autoconf
- No more missing compile flags
- Compile only the objects needed
There are no benefits to Univalue itself that I can think of. These changes
should be a no-op there, and to downstreams as well until they take advantage
of the new sources.mk.
This also removes the option to use an external univalue to avoid similar ABI
issues with mystery binaries.
Co-authored-by: fanquake <fanquake@gmail.com>
* guix: Fix powerpc64(le) dynamic linker name
I used Guix's values for the powerpc64(le) dynamic linkers, and the
/lib-prefix seems to be a Guix-ism rather than standard. The standard
path for the linker-loaders start with /lib64.
I've taken the new loader values from SYSDEP_KNOWN_INTERPRETER_NAMES in
glibc's sysdeps/unix/sysv/linux/powerpc/ldconfig.h file.
For future reference, loader path values can also be found on glibc's
website: https://sourceware.org/glibc/wiki/ABIList?action=recall&rev=16
* build: require glibc 2.18+ for release builds
From what I can see the only platform this drops support for is CentOS
7. CentOS 7 reached the end of it's "full update" support at the end of
2020. It does receive maintenance updates until 2024, however I don't
think supporting glibc 2.17 until 2024 is realistic. Note that anyone
wanting to self-compile and target a glibc 2.17 runtime could build with
--disable-threadlocal.
glibc 2.18 was released in August 2013.
https://sourceware.org/legacy-ml/libc-alpha/2013-08/msg00160.html
* scripted-diff: Drop Darwin version for better maintainability
-BEGIN VERIFY SCRIPT-
sed -i 's/darwin19/darwin/g' $(git grep --files-with-matches 'darwin19')
-END VERIFY SCRIPT-
* test: Make more shell scripts verifiable by the `shellcheck` tool
* test: Bump shellcheck version to 0.8.0
* scripted-diff: Insert missed copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py insert contrib/guix/libexec/build.sh
./contrib/devtools/copyright_header.py insert contrib/guix/libexec/codesign.sh
./contrib/devtools/copyright_header.py insert contrib/tracing/log_raw_p2p_msgs.py
./contrib/devtools/copyright_header.py insert contrib/tracing/log_utxocache_flush.py
./contrib/devtools/copyright_header.py insert contrib/tracing/p2p_monitor.py
./contrib/devtools/copyright_header.py insert test/lint/lint-files.sh
-END VERIFY SCRIPT-
* build: use a static .tiff for macOS .dmg over generating
Co-authored-by: Pavol Rusnak <pavol@rusnak.io>
* guix: use GCC 10 (over GCC 8) to build releases
This currently points to the version-1.4.0 branch.
* guix: use uptream nsis-x86_64
Our patch is now used upstream.
* build: use python-asn1crypto from upstream
It is the exact same package definition.
* guix: use upstream python-requests (2.26.0)
Upstream python requests is now modern enough to be used as a dependency for
signapple. Which requires requests>=2.25.1.
* build: Point Guix to the current top of the "version-1.4.0" branch
* build: point to latest commit on the master branch
The version-1.4.0 branch no-longer exists, and will be branched off
master again shortly.
* guix: ignore additioanl failing certvalidator test
======================================================================
ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft
validate_path(context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path
return _validate_path(validation_context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path
raise PathValidationError(pretty_message(
certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-01-14 12:00:00Z
* build: Fix xargs warnings for Guix builds
* build: use macOS 11 SDK (Xcode 12.2)
This should be sufficient to support building for Apple ARM when
cross-compiling.
* guix: use autoconf 2.71
This allows for building with newer targets, like arm64-apple-darwin, due to
having a newer bundled config.guess and config.sub.
* guix: add arm64-apple-darwin triplet
* build: Fix gcc-cross-x86_64-w64-mingw32-10.3.0 in Guix
* build: Point Guix to recent commit on the master branch
* Replace "can not" with "cannot" in docs, user messages, and tests
* guix: use same commit for codesigning time-machine
The time machines should be updated in lockstep.
* build: Move guix time machine to prelude
This deduplicates some code, and enforces consistency of the time
machine configuration between scripts.
* guix: only use native GCC 7 toolchain for Linux builds
The macOS and Windows builds do not require a GCC 7 toolchain, and this
is actually causing build issues, i.e bitcoin#24211. So switch to using a GCC
10 native toolchain for both.
* guix: use latest upstream python-certvalidator
This should also allow re-enabling previously failing tests.
* guix: use latest upstream signapple
This should improve support for signing for M1 binaries.
* guix: Drop unneeded openssl dependency for signapple
* guix: use latest signapple
* guix: only check for the macOS SDK once
If we are building for both macOS HOSTS, there's no need to check and
print that the SDK exists two times.
* guix: Use $HOST instead of generic osx{64} for macOS artifacts
* guix: make it possible to override gpg binary
For example on Qubes OS one might want to use qubes-gpg-client-wrapper instead
* guix: Drop "-signed" suffix for signed macOS .dmg files
This change makes naming of the signed artifacts consistent across
different OSes, including Windows.
* guix: Use "win64" for Windows artifacts consistently
* Update signapple for platform identifier fix
* doc, guix: Include arm64-apple-darwin into codesigned archs
* guix: point to latest upstream commit
* Revert "build: Fix gcc-cross-x86_64-w64-mingw32-10.3.0 in Guix"
This reverts commit 7f2f35f.
* macdeploy: remove unused detached-sig-apply
Signature application is now done with signapple.
* guix: Drop code for the unsupported `i686-linux-gnu` host
Now GUIX build for the `i686-linux-gnu` host is broken, and there are no
plans to re-add it.
* contrib: use LIEF 0.12.0 for symbol and security checks
* build: Fix "ERR: Unsigned tarballs do not exist"
* guix: fix vmov alignment issues with gcc 10.3.0 & mingw-w64
This introduces a patch to our GCC (10.3.0) mingw-w64 compiler, in Guix, to make
it avoid using aligned vmov instructions. This works around a longstanding issue
in GCC, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54412, which was recently
discovered to be causing issues, see bitcoin#24726.
Note that distros like Debian are also patching around this issue, and that is
where this patch comes from. This would also explain why we haven't run into this
problem earlier, in development builds. See:
https://salsa.debian.org/mingw-w64-team/gcc-mingw-w64/-/blob/master/debian/patches/vmov-alignment.patch.
Fixes bitcoin#24726.
Alternative to bitcoin#24727.
See also:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939559
* build: don't compress macOS DMG
* guix: fix GCC 10.3.0 + mingw-w64 setjmp/longjmp issues
This commit backports a patch to the GCC 10.3.0 we build for Windows
cross-compilation in Guix. The commit has been backported to the GCC
releases/gcc-10 branch, but hasn't yet made it into a release.
The patch corrects a regression from an earlier GCC commit, see:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=357c4350680bf29f0c7a115424e3da11c53b5582
and
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=074226d5aa86cd3de517014acfe34c7f69a2ccc7,
related to the way newer versions of mingw-w64 implement setjmp/longjmp.
Ultimately this was causing a crash for us when Windows users were
viewing the network traffic tab inside the GUI. After some period, long
enough that a buffer would need reallocating, a call into FreeTypes
gray_record_cell() would result in a call to ft_longjmp (longjmp), which
would then trigger a crash.
Fixes: bitcoin-core/gui#582.
See also:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e8d1ca7d2c344a411779892616c423e157f4aea8.
https://bugreports.qt.io/browse/QTBUG-93476.
* guix: Improve error message about missed macOS SDK
* guix: consolidate kernel headers to 5.15
Given no reason to use an older version of the kernel headers for the
non-RISCV linux builds, consolidate all Linux builds to 5.15.x.
Note that using older kernel headers isn't some sort of compatibility
"hack", and glibc explicitly recommends against doing so. See:
https://sourceware.org/glibc/wiki/FAQ#What_version_of_the_Linux_kernel_headers_should_be_used.3F.
* build: include bitcoin.conf in build outputs
copy over bitcoin.conf during the build process.
this means `contrib/devtools/gen-bitcoin-conf.sh` will need
to be run and the generated file committed during the release process.
this is the same process used for generating man pages for each release.
* guix: bump time-machine to 998eda3067c7d21e0d9bb3310d2f5a14b8f1c681
There are two reasons to perform this bump:
* Fixes bitcoin#25082 by bumping to a commit that includes a fix for time-dependent unit
tests in libgit2 (f5fe0082abe4547f3fb9f29d8351473cfb3a387b).
* Gives us access to clang-toolchain-14 (14.0.3, 998eda3067c7d21e0d9bb3310d2f5a14b8f1c681),
which is useful for the Guix portion of bitcoin#21778.
Note that with this bump:
Linux kernels headers update from 5.15.28 to 5.15.37.
* guix: compile glibc without -werror
Compiling glibc 2.24 and 2.27 with the new GCC 10 results in a number of new warnings,
i.e:
```bash
libc-tls.c: In function ‘__libc_setup_tls’:
libc-tls.c:208:30: error: array subscript 1 is outside the bounds of an interior zero-length array ‘struct dtv_slotinfo[0]’ [-Werror=zero-length-bounds]
208 | static_slotinfo.si.slotinfo[1].map = main_map;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~
In file included from ../sysdeps/x86_64/ldsodefs.h:54,
from ../sysdeps/gnu/ldsodefs.h:46,
from ../sysdeps/unix/sysv/linux/ldsodefs.h:25,
from libc-tls.c:20:
../sysdeps/generic/ldsodefs.h:398:7: note: while referencing ‘slotinfo’
398 | } slotinfo[0];
| ^~~~~~~~
```
While we could try and backport all the patches required to fix these up, it would
currently seem easier to disable -Werror, which Guix uses by default when building
glibc.
* guix: adjust RISC-V __has_include() patch to work with GCC 10
The actual macro is __has_include(), not __has_include__(), using the
later would result in build failures when using GCC 10. i.e:
```bash
../sysdeps/unix/sysv/linux/riscv/flush-icache.c:24:5: warning: "__has_include__" is not defined, evaluates to 0 [-Wundef]
24 | #if __has_include__ (<asm/syscalls.h>)
```
Looks like at least someone else has run into the same thing, see:
http://lists.busybox.net/pipermail/buildroot/2020-July/590376.html.
See also:
https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005finclude.html
https://clang.llvm.org/docs/LanguageExtensions.html#has-include
* guix: fix glibc 2.27 multiple definition warnings with GCC 10
* guix: use -fcommon when building glibc 2.24
GCC 10 started using -fno-common by default, which causes issues with
the powerpc builds using gibc 2.24. A patch was commited to glibc to fix
the issue, 18363b4f010da9ba459b13310b113ac0647c2fcc but is non-trvial
to backport, and was broken in at least one way, see the followup in
commit 7650321ce037302bfc2f026aa19e0213b8d02fe6.
For now, retain the legacy GCC behaviour by passing -fcommon when
building glibc 2.24.
https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html.
https://sourceware.org/git/?p=glibc.git;a=commit;h=18363b4f010da9ba459b13310b113ac0647c2fcc
https://sourceware.org/git/?p=glibc.git;a=commit;h=7650321ce037302bfc2f026aa19e0213b8d02fe6
* guix: native GCC 10 toolchain for Linux builds
* guix: re-revert riscv execstack workaround
Now that we use GCC 10 for release builds, we no-longer need to
pass-Wl,-z,noexecstack to get a non-executable stack in RISC-V binaries.
This was originally removed in bitcoin#21036, but then re-added in bitcoin#21799, when
we reverted to using GCC 8.
* guix: use libtool 2.4.7
As of version 2.4.7, libtool now respects ARFLAGS, which we use, and has
changed the default ARFLAGS from cru to cr (which we also do, see
configure).
This eliminates spammy `ar` output such as:
```bash
CXXLD libunivalue.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
AR libbitcoin_zmq.a
AR libbitcoin_consensus.a
CXXLD crypto/libbitcoin_crypto_base.la
CXXLD crypto/libbitcoin_crypto_sse41.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
CXXLD crypto/libbitcoin_crypto_avx2.la
CXXLD crypto/libbitcoin_crypto_x86_shani.la
CXXLD leveldb/libleveldb.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
CXXLD crc32c/libcrc32c.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
CXXLD leveldb/libmemenv.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
AR libbitcoin_cli.a
```
Libtool 2.4.7 release notes:
https://lists.gnu.org/archive/html/autotools-announce/2022-03/msg00000.html
* guix: remove explicit glibc stack protector disabling
While glibc 2.25 and newer *can* be built with stack-smashing-protection
enabled, it isn't used by default, and still isn't, as of glibc 2.35,
so I can't see a reason to explicitly disable it.
I'd also like to move in the direction of enabling, by default,
hardening options for the toolchains we build, so removing the explicit
disabling is a step in that direction.
Will be following up with some changes based on this PR.
* guix: parallelize LIEF build
* guix: remove usage of -Wl,-z,noexecstack for PPC64 HOST
The PPC64 ABI has a non-executable stack by default, and does not need a
GNU_STACK program header.
See also:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/powerpc/include/asm/page_64.h#n92
* guix: use LIEF 0.12.1
* guix: patch LIEF to fix PPC64 NX default
This patches our LIEF build using the change merged upstream:
lief-project/LIEF#718.
This can be dropped the next time we update LIEF.
* guix: Map all guix store prefixes to /usr
Without ffile-prefix-map, the debug symbols will contain paths for the
guix store which will include the hashes of each package. However, the
hash for the same package will differ when on different architectures.
In order to be reproducible regardless of the architecture used to build
the package, map all guix store prefixes to something fixed, e.g. /usr.
* guix: Remove guix store paths from glibc
Without ffile-prefix-map, the debug symbols will contain paths for the
guix store which will include the hashes of each package. However, the
hash for the same package will differ when on different architectures.
In order to be reproducible regardless of the architecture used to build
the package, map all guix store prefixes to something fixed, e.g. /usr.
We might be able to drop this in favour of using --with-nonshared-cflags
when we being using newer versions of glibc.
* guix: use elfesteem 2eb1e5384ff7a220fd1afacd4a0170acff54fe56
Our patch has been merged upstream, see
LRGH/elfesteem#3
* guix: patch gcc 10 with pthreads to remap guix store paths
* guix: Drop repetition of option's default value
* guix: enable SSP for RISC-V glibc (2.27)
Pass `--enable-stack-protector=all` when building the glibc used for the
RISC-V toolchain, to enable stack smashing protection on all functions,
in the glibc code.
* guix: pass enable-bind-now to glibc
Both glibcs we build support `--enable-bind-now`:
Disable lazy binding for installed shared objects and programs.
This provides additional security hardening because it enables full RELRO
and a read-only global offset table (GOT), at the cost of slightly
increased program load times.
See:
https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
* guix: enable hardening options in GCC Build
Pass `--enable-default-pie` and `--enable-default-ssp` when configuring
our GCCs. This achieves the following:
--enable-default-pie
Turn on -fPIE and -pie by default.
--enable-default-ssp
Turn on -fstack-protector-strong by default.
Note that this isn't a replacement for passing hardneing flags
ourselves, but introduces some redundency, and there isn't really a
reason to not build a more "hardenings enabled" toolchain by default.
See also:
https://gcc.gnu.org/install/configure.html
* guix: ignore additional failing certvalidator test
Similar to 8588591.
```bash
ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft
validate_path(context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path
return _validate_path(validation_context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path
raise PathValidationError(pretty_message(
certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-07-27 12:00:00Z
```
* guix: patch NSIS to remove .reloc sections from install stubs
With the release of binutils/ld 2.36, ld swapped to much improved
default settings when producing windows binaries with mingw-w64. One of
these changes was to stop stripping the .reloc section from binaries,
which is required for working ASLR.
.reloc section stripping is something we've accounted for previously,
see bitcoin#18702. The related upstream discussion is in this thread:
https://sourceware.org/bugzilla/show_bug.cgi?id=19011.
When we switched to using a newer Guix time-machine in bitcoin#23778, we begun
using binutils 2.37 to produce releases. Since then, our windows
installer (produced with makensis) has not functioned correctly when run on
a Windows system with the "Force randomization for images (Mandatory ASLR)"
option enabled. Note that all of our other release binaries, which all
contain .reloc sections, function fine under the same option, so it
cannot be just the presence of a .reloc section that is the issue.
For now, restore makensis to it's pre-binutils-2.36 behaviour, which
fixes the produced installer. The underlying issue can be further
investigated in future.
* doc: minor updates to guix README
* build: include share/rpcauth in tarball & installer
Fixes bitcoin#19081.
* guix: use --build={arch}-guix-linux-gnu in cross toolchain
Technically we are always cross-compiling, so make that explicit.
Fixes: bitcoin#22458.
* guix: consistently use -ffile-prefix-map
Aside from being the newer, more comprehensive option, it's what we
claim to use in the patch docs, and everywhere else in guix.
* guix: use git-minimal over git
From the git-minimal package definition:
> The size of the closure of 'git-minimal' is two thirds that of 'git'.
> Its test suite runs slightly faster and most importantly it doesn't
> depend on packages that are expensive to build such as Subversion.
We don't need any fancy / additional git functionality above the basics,
so switch to git-minimal and save some CPU, while also pruning the
greater dependency graph.
```diff
-name: git
+name: git-minimal
version: 2.37.3
outputs:
-+ send-email: see Appendix H
-+ svn: see Appendix H
-+ credential-netrc: see Appendix H
-+ credential-libsecret: see Appendix H
-+ subtree: see Appendix H
-+ gui: see Appendix H
+ out: everything else
-systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux i686-linux armhf-linux powerpc-linux
-dependencies: asciidoc@9.1.0 bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 docbook-xsl@1.79.2 expat@2.4.1 gettext-minimal@0.21 glib@2.70.2 libsecret@0.20.4 openssl@1.1.1l pcre2@10.37 perl-authen-sasl@2.16 perl-cgi@4.52
-+ perl-io-socket-ssl@2.068 perl-net-smtp-ssl@1.04 perl-term-readkey@2.38 perl@5.34.0 pkg-config@0.29.2 python@3.9.9 subversion@1.14.1 tcl@8.6.11 tk@8.6.11.1 xmlto@0.0.28 zlib@1.2.11
-location: gnu/packages/version-control.scm:222:2
+systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux riscv64-linux i686-linux armhf-linux powerpc-linux
+dependencies: bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 expat@2.4.1 gettext-minimal@0.21 openssl@1.1.1l perl@5.34.0 zlib@1.2.11
+location: gnu/packages/version-control.scm:608:2
homepage: https://git-scm.com/
license: GPL 2
synopsis: Distributed version control system
```
* guix: Drop perl package
* Revert "guix: Build depends/qt with our platform definition"
This reverts commit dc4137a.
* MS: restclient start
* MS: bumped c++ version from 14 to 17
* only gitian build for linux x86_64 for now. We can add back aarch64 later when needed.
* Testing whether OSX SDK needs to updated for gitian building for c++17
* test if bitcoins last gitian-build method works with unigrid
* yaml format error
* updated darwin host file for py build gitian
* Update depends make to work with latest build
* update darwin builder for new gitian
* DOWNLOAD_RETRIES:=3 readded for curl
* linux host update gitian
* check in default depends
* upgrade dawrwin to 19
* use focal
* remove i686 windows gitian
* testing whether jammy has same compile error for osx cctools
* switch back to focal
* place guix in proper directory
* guix util file
* guix util file
* lief is failing on guix build. try a newer version
* change hash for lief
* try and downgrade lief
* lief hash
* update darwin to never xcode version and osx 10.15 minimum
* added missing native_clang depends
* test jammy build focal cannot find repos
* missing some jammy in build.py
* build with kinetic
* focal appears to be the only docker container that builds correctly
* test building with g++9 linux
* test if reverting to c++14 builds work
* upgrade build.sh to use focal base VM. Remove some uneeded dependencies for linux builds.
* use jammy for builds and test building with c++17 or 20 if available
* force c++17
* don't check clock_gettime by default
* docker still cannot find ubuntu jammy revert to focal
* fdelt is required
* aarch64 required to compile
* disable arm build
* test disable glib backward support
* darwin builds were missing libtapi. native_cdrkit replaced with xorriso.
* change order of native_libtapi
* libtapi and clang are split out of cctools
* darwin unable to find glibtoolize
* upgrading boost and remove references to specific darwin versions
* split boost into build/host
* boost fail build on linux
* define minimum required boost
* adding missing required boost libraries after updating boost version
* errors building with boost 1.73.0 revert back to 1.71.0
* wrong xcode version in darwin build
* up boost version to 1.73.0
* test building with boost 1.80.0
* remove unused dependency and set min boost version
* upgrading boost requires more refactoring
* test if building osx works with c++11
* c++11 build fails on the rest client test to see if c++17 resolves this error
* accidental edit of robin-hood submodule
* use 12.2 osx sdk
* use 12.2 osx sdk for gitian-builder
* proper cheksum of Xcode
* checksum was not correct
* remove downloaded sdk
* attempted build with boost 1.80
* revert to c++14 and downgrade boost
* configure.ac set c++14
* Ms restclient (#5)
* MS: Updated univalue lib to latest version. Fixed parsing of json from restclient
* ms: added -hport as an argument in for unigridd.
* ms: added mint class to handel values from hedgehog. did some cleanup.
* ms: fixed compilation error
* ms: rewrote the rest client so its now working and getting json data from hedgehog
* ms: removed auto keyword
* ms: changed return type to bool to check if data got tranferd as expected from hedgehog
* ms: reverted c++ version to 14 from 17
Co-authored-by: Fim-84 <marcus.stenberg@gmail.com>
* set depends to build with c++11
* compile cc++ test update
* revert to old method of building boost that worked on OSX
* remove native_b2 ref
* remove native_cdrkit
* build ref for native_libtapi
* misisng endif
* try bitcoin boost build method
* errors compiling openssl with xcode 12.2 revert to 12.1
* test if old gitian build works with rest client update
* revert boost to old build
* reverting native cc tools build
* revert depends make to master
* missing cdrkit added
* cdrkit in wrong directory
* revert darwin host
* remove updated gitian build script from this branch. If we decide to stick with gitian this can be pulled from the EG_uposx_12_1 branch.
Co-authored-by: Carl Dong <contact@carldong.me>
Co-authored-by: fanquake <fanquake@gmail.com>
Co-authored-by: W. J. van der Laan <laanwj@protonmail.com>
Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
Co-authored-by: Andrew Chow <achow101-github@achow101.com>
Co-authored-by: Pieter Wuille <pieter@wuille.net>
Co-authored-by: h <harshit_goyal333@outlook.com>
Co-authored-by: jonatack <jon@atack.com>
Co-authored-by: Jeremy Rand <jeremyrand@airmail.cc>
Co-authored-by: Cory Fields <cory-nospam-@coryfields.com>
Co-authored-by: Pavol Rusnak <pavol@rusnak.io>
Co-authored-by: laanwj <126646+laanwj@users.noreply.github.com>
Co-authored-by: josibake <josibake@protonmail.com>
Co-authored-by: Stacie <staciewaleyko@gmail.com>
Co-authored-by: Fim-84 <marcus.stenberg@gmail.com>
dekm
added a commit
to unigrid-project/daemon
that referenced
this pull request
Nov 12, 2022
* rest client (#6) * guix: Add guix-verify script * guix-attest: Only use cross-platform flags for find+xargs * guix-attest: Use ascii-armor signatures * guix-attest: Allow skipping GPG signing with NO_SIGN * guix: Minor quoting fix in libexec/build.sh * guix: Construct $OUTDIR in ${DISTSRC}/output While files are being output to $OUTDIR, it will be under ${DISTSRC}/output, and only when everything is done, will ${DISTSRC}/output be moved to the actual $OUTDIR. This makes it so that a Ctrl-C in the middle of a build is less likely to result in a partially-constructed $OUTDIR. In fact, if I understand correctly, if $OUTDIR and $DISTSRC reside on the same filesystem, the move (rename) is likely atomic. Also, since the "working $OUTDIR" is under ${DISTSRC}/output, it will be cleaned properly by the guix-clean script. * guix: Attest to inputs in inputs.SHA256SUMS At build/codesigning-time, hash build inputs and output the digest to ${OUTDIR}/inputs.SHA256SUMS, which gets included in the final SHA256SUMS constructed by guix-attest. Example final SHA256SUMS: ee832d2a35b7701bff581dea05a536118b118e3ad0a587a2855b6ee8cd6fba20 inputs/bitcoin-78199266af7b.tar.gz ca765e70a0c12866dd63c0be228b675278a26329e5f8f5b5c52fd09200fedf21 bitcoin-78199266af7b-powerpc64le-linux-gnu-debug.tar.gz dae95327d7f2c324e2728c4b73627be6cb2c0d2f2e5bea940d1d5e6463939327 bitcoin-78199266af7b-powerpc64le-linux-gnu.tar.gz * guix: Skip attesting to dist-archive We already attest to the relevant dist-archive in inputs.SHA256SUMS, which is recorded at build-time. We use a SKIPATTEST.TAG file to indicate output directories which do not require attestation (much like the CACHEDIR.TAG specification). Generally, it's better to have build scripts declare properties of directories instead of introducing name-based special cases in attest scripts since build scripts have a more detailed context of what is going on. * guix: Consistently use gcc-8 for $HOST * guix-attest: Avoid incomplete sigdirs with ERR traps Sometimes GPG connects to the wrong agent... or you don't have your smartcard handy... * guix: install LIEF in Guix container Co-authored-by: Carl Dong <contact@carldong.me> * build: Makes rcc output always deterministic The Qt Resource Compiler (rcc) has a command-line option `--format-version` which has the default value 2. The only difference from `--format-version 1` is adding a last modified timestamp to the output file. That, in turn, forces us to use `QT_RCC_SOURCE_DATE_OVERRIDE=1` to get deterministic builds. This change makes rcc output always deterministic by using `--format-version 1` option that makes usage of the `QT_RCC_SOURCE_DATE_OVERRIDE` needless. Also it improves interaction with ccache. Co-authored-by: fanquake <fanquake@gmail.com> * guix: Reindent existing manifest.scm * guix: Package codesigning tools * guix: Add codesigning functionality * guix: repro: Sort find output in libtool for gcc-8 Otherwise the resulting .a static libraries (e.g. libstdc++.a) will not be reproducible and end up making the Bitcoin binaries non-reproducible as well. See: https://reproducible-builds.org/docs/archives/#gnu-libtool * guix: Remove dest if OUTDIR mv fails * guix: Check for disk space availability before building * Use latest signapple commit Update gitian and guix to use the same latest signapple commit * Make SHA256SUMS fragment right after build * Rewrite guix-{attest,verify} for new hier * scripts: LIEF 0.11.5 * guix-attest: Error out if SHA256SUMS is unexpected * guix: Rebase toolchain on glibc 2.24 (2.27 for riscv64) Support for riscv64 in glibc landed in 2.27 so it's unavoidable that we use 2.27. Running a Bitcoin build with toolchains based on 2.24 for platforms other than riscv64 seem to produce binaries which do not have 2.17 symbols. So use 2.24 since it's more recent and maintained by Debian Stretch. * guix: Build depends/qt with our platform definition Our 'bitcoin-linux-g++' definition better integrates with our depends system than the stock linux-g++-64 definition. This fixes a bug whereby Guix builds on x86_64 for x86_64 did not produce a QMinimalIntegrationPlugin and led to bitcoin-qt not being built. * guix: Also sort SHA256SUMS.part * guix: no-longer pass --enable-glibc-back-compat to Guix Now that our Guix builds are performed on glibc 2.24 and 2.27 (RISCV), we no-longer need to pass the --enable-glibc-back-compat option. Replace it with --disable-threadlocal, to prevent the usage of symbols from glibc 2.18. None of the binaries produced required symbols later than 2.17, and 2.27 (RISCV). * guix: add additional documentation to patches * Avoid GCC 7.1 ABI change warning in guix build * guix: Patch binutils to add security-related disable flags We use these flags in our test-security-check make target, but they are only available because debian patches them in. We can patch them in for our Guix builds so that we can check the sanity of our security/symbol checking suite before running them. * guix: Test security-check sanity before performing them * guix: Check for a sane services database On bare systems, it is possible to be lacking a services database. Check for basic entries before attempting a build. See the error message in the diff for more context. * guix: Update various check_tools lists * guix: Pin kernel header version - Use 4.19 for riscv64 (earliest LTS release w/ riscv64 support) - Use 4.9 for all others (second-oldest LTS release, released in combination with glibc glibc 2.24 in Debian stretch) * guix: Bump to version-1.3.0 from upstream The chosen commit is the HEAD of Guix's version-1.3.0 branch as of July 15th, 2021. Also fix visual indenting. * guix: Overhaul README - Added detailed Guix bootstrap/installation instructions * guix-attest: Produce and sign normalized documents That way we can easily combine the document and detached signature to produce cleartext signature files for upload during the release process. See subsequent commits which modify doc/release-process.md for more details. * guix/INSTALL: Add coreutils/inotify-dir-recreate troubleshooting * guix/INSTALL: Guix installs init scripts in libdir * guix: Silence getent(1) invocation * guix/INSTALL: Misc fixups * guix/build: Remove vestigial SKIPATTEST.TAG * guix: Make all.SHA256SUMS rather than codesigned.SHA256SUMS * guix: Allow changing the base manifest in guix-verify When verifying guix attestations, it is useful to set a particular signer's manifest as the base to compare against. * Updated Readme, Corrected the codesign typo * script, doc: guix touchups * guix: Remove extra \r from all.SHA256SUMS line ending guix-attest mistakenly added an extra \r to the line endings in all.SHA256SUMS, causing guix-verify to erroneously fail. Co-Authored-By: Carl Dong <contact@carldong.me> * guix: Ensure EPOCH_SOURCE_DATE does not include GPG information If the user has set log.showSignature=true in their git config, then the git log will always output GPG signature information. Since git log is used to set EPOCH_SOURCE_DATE, this will mistakenly have GPG signature information in it which causes issues for the build. To avoid this issue, we override the config and force log.showSignature=false. * release: Release with separate SHA256SUMS and sig files This allows us to remove the rfc4880 EOL hacks and release with a SHA256SUMS.asc file that's a combination of all signer signatures. * guix-verify: Non-zero exit code when anything fails Previously, if verification fails, the correct message will be printed, but the exit code would still be 0. * guix: Don't include directory name in SHA256SUMS The SHA256SUMS file can be used in a sha256sum -c command to verify downloaded binaries. However users are likely to download just a single file and not place this file in the correct directory relative to the SHA256SUMS file for the simple verification command to work. By not including the directory name in the SHA256SUMS file, it will be easier for users to verify downloaded binaries. Co-authored-by: Carl Dong <contact@carldong.me> * guix/prelude: Override VERSION with FORCE_VERSION Previously, if the builder exported $VERSION in their environment (as past Gitian-building docs told them to), but their HEAD does not actually point to v$VERSION, their build outputs will differ from those of other builders. This is because the contrib/guix/guix-* scripts only ever act on the current git worktree, and does not try to check out $VERSION if $VERSION is set in the environment. Setting $VERSION only makes the scripts pretend like the current worktree is $VERSION. This problem was seen in jonatack's attestation for all.SHA256SUMS, where only his bitcoin-22.0rc3-osx-signed.dmg differed from everyone else's. Here is my deduced sequence of events: 1. Aug 27th: He guix-builds 22.0rc3 and uploads his attestations up to guix.sigs 2. Aug 30th, sometime after POSIX time 1630310848: he pulls the latest changes from master in the same worktree where he guix-built 22.0rc3 and ends up at 7be143a 3. Aug 30th, sometime before POSIX time 1630315907: With his worktree still on 7be143a, he guix-codesigns. Normally, this would result in outputs going in guix-build-7be143a960e2, but he had VERSION=22.0rc3 in his environment, so the guix-* scripts pretended like he was building 22.0rc3, and used 22.0rc3's guix-build directory to locate un-codesigned outputs and dump codesigned ones. However, our SOURCE_DATE_EPOCH defaults to the POSIX time of HEAD (7be143a), which made all timestamps in the resulting codesigned DMG 1630310848, 7be143a's POSIX timestamp. This differs from the POSIX timestamp of 22.0rc3, which is 1630348517. Note that the windows codesigning procedure does not consider SOURCE_DATE_EPOCH. We resolve this by only allowing VERSION overrides via the FORCE_VERSION environment variable. * build: set OSX_MIN_VERSION to 10.15 This is required to use std::filesystem on macOS as support for it only landed in the libc++ dylib shipped with 10.15. See also: https://developer.apple.com/documentation/xcode-release-notes/xcode-11-release-notes Clang now supports the C++17 <filesystem> library for iOS 13, macOS 10.15, watchOS 6, and tvOS 13. * Enable TLS in links in documentation * Integrate univalue into our buildsystem This addresses issues like the one in bitcoin#12467, where some of our compiler flags end up being dropped during the subconfigure of Univalue. Specifically, we're still using the compiler-default c++ version rather than forcing c++17. We can drop the need subconfigure completely in favor of a tighter build integration, where the sources are listed separately from the build recipes, so that they may be included directly by upstream projects. This is similar to the way leveldb build integration works in Core. Core benefits of this approach include: - Better caching (for ex. ccache and autoconf) - No need for a slow subconfigure - Faster autoconf - No more missing compile flags - Compile only the objects needed There are no benefits to Univalue itself that I can think of. These changes should be a no-op there, and to downstreams as well until they take advantage of the new sources.mk. This also removes the option to use an external univalue to avoid similar ABI issues with mystery binaries. Co-authored-by: fanquake <fanquake@gmail.com> * guix: Fix powerpc64(le) dynamic linker name I used Guix's values for the powerpc64(le) dynamic linkers, and the /lib-prefix seems to be a Guix-ism rather than standard. The standard path for the linker-loaders start with /lib64. I've taken the new loader values from SYSDEP_KNOWN_INTERPRETER_NAMES in glibc's sysdeps/unix/sysv/linux/powerpc/ldconfig.h file. For future reference, loader path values can also be found on glibc's website: https://sourceware.org/glibc/wiki/ABIList?action=recall&rev=16 * build: require glibc 2.18+ for release builds From what I can see the only platform this drops support for is CentOS 7. CentOS 7 reached the end of it's "full update" support at the end of 2020. It does receive maintenance updates until 2024, however I don't think supporting glibc 2.17 until 2024 is realistic. Note that anyone wanting to self-compile and target a glibc 2.17 runtime could build with --disable-threadlocal. glibc 2.18 was released in August 2013. https://sourceware.org/legacy-ml/libc-alpha/2013-08/msg00160.html * scripted-diff: Drop Darwin version for better maintainability -BEGIN VERIFY SCRIPT- sed -i 's/darwin19/darwin/g' $(git grep --files-with-matches 'darwin19') -END VERIFY SCRIPT- * test: Make more shell scripts verifiable by the `shellcheck` tool * test: Bump shellcheck version to 0.8.0 * scripted-diff: Insert missed copyright headers -BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py insert contrib/guix/libexec/build.sh ./contrib/devtools/copyright_header.py insert contrib/guix/libexec/codesign.sh ./contrib/devtools/copyright_header.py insert contrib/tracing/log_raw_p2p_msgs.py ./contrib/devtools/copyright_header.py insert contrib/tracing/log_utxocache_flush.py ./contrib/devtools/copyright_header.py insert contrib/tracing/p2p_monitor.py ./contrib/devtools/copyright_header.py insert test/lint/lint-files.sh -END VERIFY SCRIPT- * build: use a static .tiff for macOS .dmg over generating Co-authored-by: Pavol Rusnak <pavol@rusnak.io> * guix: use GCC 10 (over GCC 8) to build releases This currently points to the version-1.4.0 branch. * guix: use uptream nsis-x86_64 Our patch is now used upstream. * build: use python-asn1crypto from upstream It is the exact same package definition. * guix: use upstream python-requests (2.26.0) Upstream python requests is now modern enough to be used as a dependency for signapple. Which requires requests>=2.25.1. * build: Point Guix to the current top of the "version-1.4.0" branch * build: point to latest commit on the master branch The version-1.4.0 branch no-longer exists, and will be branched off master again shortly. * guix: ignore additioanl failing certvalidator test ====================================================================== ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft validate_path(context, path) File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path return _validate_path(validation_context, path) File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path raise PathValidationError(pretty_message( certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-01-14 12:00:00Z * build: Fix xargs warnings for Guix builds * build: use macOS 11 SDK (Xcode 12.2) This should be sufficient to support building for Apple ARM when cross-compiling. * guix: use autoconf 2.71 This allows for building with newer targets, like arm64-apple-darwin, due to having a newer bundled config.guess and config.sub. * guix: add arm64-apple-darwin triplet * build: Fix gcc-cross-x86_64-w64-mingw32-10.3.0 in Guix * build: Point Guix to recent commit on the master branch * Replace "can not" with "cannot" in docs, user messages, and tests * guix: use same commit for codesigning time-machine The time machines should be updated in lockstep. * build: Move guix time machine to prelude This deduplicates some code, and enforces consistency of the time machine configuration between scripts. * guix: only use native GCC 7 toolchain for Linux builds The macOS and Windows builds do not require a GCC 7 toolchain, and this is actually causing build issues, i.e bitcoin#24211. So switch to using a GCC 10 native toolchain for both. * guix: use latest upstream python-certvalidator This should also allow re-enabling previously failing tests. * guix: use latest upstream signapple This should improve support for signing for M1 binaries. * guix: Drop unneeded openssl dependency for signapple * guix: use latest signapple * guix: only check for the macOS SDK once If we are building for both macOS HOSTS, there's no need to check and print that the SDK exists two times. * guix: Use $HOST instead of generic osx{64} for macOS artifacts * guix: make it possible to override gpg binary For example on Qubes OS one might want to use qubes-gpg-client-wrapper instead * guix: Drop "-signed" suffix for signed macOS .dmg files This change makes naming of the signed artifacts consistent across different OSes, including Windows. * guix: Use "win64" for Windows artifacts consistently * Update signapple for platform identifier fix * doc, guix: Include arm64-apple-darwin into codesigned archs * guix: point to latest upstream commit * Revert "build: Fix gcc-cross-x86_64-w64-mingw32-10.3.0 in Guix" This reverts commit 7f2f35f. * macdeploy: remove unused detached-sig-apply Signature application is now done with signapple. * guix: Drop code for the unsupported `i686-linux-gnu` host Now GUIX build for the `i686-linux-gnu` host is broken, and there are no plans to re-add it. * contrib: use LIEF 0.12.0 for symbol and security checks * build: Fix "ERR: Unsigned tarballs do not exist" * guix: fix vmov alignment issues with gcc 10.3.0 & mingw-w64 This introduces a patch to our GCC (10.3.0) mingw-w64 compiler, in Guix, to make it avoid using aligned vmov instructions. This works around a longstanding issue in GCC, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54412, which was recently discovered to be causing issues, see bitcoin#24726. Note that distros like Debian are also patching around this issue, and that is where this patch comes from. This would also explain why we haven't run into this problem earlier, in development builds. See: https://salsa.debian.org/mingw-w64-team/gcc-mingw-w64/-/blob/master/debian/patches/vmov-alignment.patch. Fixes bitcoin#24726. Alternative to bitcoin#24727. See also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939559 * build: don't compress macOS DMG * guix: fix GCC 10.3.0 + mingw-w64 setjmp/longjmp issues This commit backports a patch to the GCC 10.3.0 we build for Windows cross-compilation in Guix. The commit has been backported to the GCC releases/gcc-10 branch, but hasn't yet made it into a release. The patch corrects a regression from an earlier GCC commit, see: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=357c4350680bf29f0c7a115424e3da11c53b5582 and https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=074226d5aa86cd3de517014acfe34c7f69a2ccc7, related to the way newer versions of mingw-w64 implement setjmp/longjmp. Ultimately this was causing a crash for us when Windows users were viewing the network traffic tab inside the GUI. After some period, long enough that a buffer would need reallocating, a call into FreeTypes gray_record_cell() would result in a call to ft_longjmp (longjmp), which would then trigger a crash. Fixes: bitcoin-core/gui#582. See also: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e8d1ca7d2c344a411779892616c423e157f4aea8. https://bugreports.qt.io/browse/QTBUG-93476. * guix: Improve error message about missed macOS SDK * guix: consolidate kernel headers to 5.15 Given no reason to use an older version of the kernel headers for the non-RISCV linux builds, consolidate all Linux builds to 5.15.x. Note that using older kernel headers isn't some sort of compatibility "hack", and glibc explicitly recommends against doing so. See: https://sourceware.org/glibc/wiki/FAQ#What_version_of_the_Linux_kernel_headers_should_be_used.3F. * build: include bitcoin.conf in build outputs copy over bitcoin.conf during the build process. this means `contrib/devtools/gen-bitcoin-conf.sh` will need to be run and the generated file committed during the release process. this is the same process used for generating man pages for each release. * guix: bump time-machine to 998eda3067c7d21e0d9bb3310d2f5a14b8f1c681 There are two reasons to perform this bump: * Fixes bitcoin#25082 by bumping to a commit that includes a fix for time-dependent unit tests in libgit2 (f5fe0082abe4547f3fb9f29d8351473cfb3a387b). * Gives us access to clang-toolchain-14 (14.0.3, 998eda3067c7d21e0d9bb3310d2f5a14b8f1c681), which is useful for the Guix portion of bitcoin#21778. Note that with this bump: Linux kernels headers update from 5.15.28 to 5.15.37. * guix: compile glibc without -werror Compiling glibc 2.24 and 2.27 with the new GCC 10 results in a number of new warnings, i.e: ```bash libc-tls.c: In function ‘__libc_setup_tls’: libc-tls.c:208:30: error: array subscript 1 is outside the bounds of an interior zero-length array ‘struct dtv_slotinfo[0]’ [-Werror=zero-length-bounds] 208 | static_slotinfo.si.slotinfo[1].map = main_map; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~ In file included from ../sysdeps/x86_64/ldsodefs.h:54, from ../sysdeps/gnu/ldsodefs.h:46, from ../sysdeps/unix/sysv/linux/ldsodefs.h:25, from libc-tls.c:20: ../sysdeps/generic/ldsodefs.h:398:7: note: while referencing ‘slotinfo’ 398 | } slotinfo[0]; | ^~~~~~~~ ``` While we could try and backport all the patches required to fix these up, it would currently seem easier to disable -Werror, which Guix uses by default when building glibc. * guix: adjust RISC-V __has_include() patch to work with GCC 10 The actual macro is __has_include(), not __has_include__(), using the later would result in build failures when using GCC 10. i.e: ```bash ../sysdeps/unix/sysv/linux/riscv/flush-icache.c:24:5: warning: "__has_include__" is not defined, evaluates to 0 [-Wundef] 24 | #if __has_include__ (<asm/syscalls.h>) ``` Looks like at least someone else has run into the same thing, see: http://lists.busybox.net/pipermail/buildroot/2020-July/590376.html. See also: https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005finclude.html https://clang.llvm.org/docs/LanguageExtensions.html#has-include * guix: fix glibc 2.27 multiple definition warnings with GCC 10 * guix: use -fcommon when building glibc 2.24 GCC 10 started using -fno-common by default, which causes issues with the powerpc builds using gibc 2.24. A patch was commited to glibc to fix the issue, 18363b4f010da9ba459b13310b113ac0647c2fcc but is non-trvial to backport, and was broken in at least one way, see the followup in commit 7650321ce037302bfc2f026aa19e0213b8d02fe6. For now, retain the legacy GCC behaviour by passing -fcommon when building glibc 2.24. https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html. https://sourceware.org/git/?p=glibc.git;a=commit;h=18363b4f010da9ba459b13310b113ac0647c2fcc https://sourceware.org/git/?p=glibc.git;a=commit;h=7650321ce037302bfc2f026aa19e0213b8d02fe6 * guix: native GCC 10 toolchain for Linux builds * guix: re-revert riscv execstack workaround Now that we use GCC 10 for release builds, we no-longer need to pass-Wl,-z,noexecstack to get a non-executable stack in RISC-V binaries. This was originally removed in bitcoin#21036, but then re-added in bitcoin#21799, when we reverted to using GCC 8. * guix: use libtool 2.4.7 As of version 2.4.7, libtool now respects ARFLAGS, which we use, and has changed the default ARFLAGS from cru to cr (which we also do, see configure). This eliminates spammy `ar` output such as: ```bash CXXLD libunivalue.la /root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U') AR libbitcoin_zmq.a AR libbitcoin_consensus.a CXXLD crypto/libbitcoin_crypto_base.la CXXLD crypto/libbitcoin_crypto_sse41.la /root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U') /root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U') CXXLD crypto/libbitcoin_crypto_avx2.la CXXLD crypto/libbitcoin_crypto_x86_shani.la CXXLD leveldb/libleveldb.la /root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U') CXXLD crc32c/libcrc32c.la /root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U') CXXLD leveldb/libmemenv.la /root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U') /root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U') /root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U') AR libbitcoin_cli.a ``` Libtool 2.4.7 release notes: https://lists.gnu.org/archive/html/autotools-announce/2022-03/msg00000.html * guix: remove explicit glibc stack protector disabling While glibc 2.25 and newer *can* be built with stack-smashing-protection enabled, it isn't used by default, and still isn't, as of glibc 2.35, so I can't see a reason to explicitly disable it. I'd also like to move in the direction of enabling, by default, hardening options for the toolchains we build, so removing the explicit disabling is a step in that direction. Will be following up with some changes based on this PR. * guix: parallelize LIEF build * guix: remove usage of -Wl,-z,noexecstack for PPC64 HOST The PPC64 ABI has a non-executable stack by default, and does not need a GNU_STACK program header. See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/powerpc/include/asm/page_64.h#n92 * guix: use LIEF 0.12.1 * guix: patch LIEF to fix PPC64 NX default This patches our LIEF build using the change merged upstream: lief-project/LIEF#718. This can be dropped the next time we update LIEF. * guix: Map all guix store prefixes to /usr Without ffile-prefix-map, the debug symbols will contain paths for the guix store which will include the hashes of each package. However, the hash for the same package will differ when on different architectures. In order to be reproducible regardless of the architecture used to build the package, map all guix store prefixes to something fixed, e.g. /usr. * guix: Remove guix store paths from glibc Without ffile-prefix-map, the debug symbols will contain paths for the guix store which will include the hashes of each package. However, the hash for the same package will differ when on different architectures. In order to be reproducible regardless of the architecture used to build the package, map all guix store prefixes to something fixed, e.g. /usr. We might be able to drop this in favour of using --with-nonshared-cflags when we being using newer versions of glibc. * guix: use elfesteem 2eb1e5384ff7a220fd1afacd4a0170acff54fe56 Our patch has been merged upstream, see LRGH/elfesteem#3 * guix: patch gcc 10 with pthreads to remap guix store paths * guix: Drop repetition of option's default value * guix: enable SSP for RISC-V glibc (2.27) Pass `--enable-stack-protector=all` when building the glibc used for the RISC-V toolchain, to enable stack smashing protection on all functions, in the glibc code. * guix: pass enable-bind-now to glibc Both glibcs we build support `--enable-bind-now`: Disable lazy binding for installed shared objects and programs. This provides additional security hardening because it enables full RELRO and a read-only global offset table (GOT), at the cost of slightly increased program load times. See: https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html * guix: enable hardening options in GCC Build Pass `--enable-default-pie` and `--enable-default-ssp` when configuring our GCCs. This achieves the following: --enable-default-pie Turn on -fPIE and -pie by default. --enable-default-ssp Turn on -fstack-protector-strong by default. Note that this isn't a replacement for passing hardneing flags ourselves, but introduces some redundency, and there isn't really a reason to not build a more "hardenings enabled" toolchain by default. See also: https://gcc.gnu.org/install/configure.html * guix: ignore additional failing certvalidator test Similar to 8588591. ```bash ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft validate_path(context, path) File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path return _validate_path(validation_context, path) File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path raise PathValidationError(pretty_message( certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-07-27 12:00:00Z ``` * guix: patch NSIS to remove .reloc sections from install stubs With the release of binutils/ld 2.36, ld swapped to much improved default settings when producing windows binaries with mingw-w64. One of these changes was to stop stripping the .reloc section from binaries, which is required for working ASLR. .reloc section stripping is something we've accounted for previously, see bitcoin#18702. The related upstream discussion is in this thread: https://sourceware.org/bugzilla/show_bug.cgi?id=19011. When we switched to using a newer Guix time-machine in bitcoin#23778, we begun using binutils 2.37 to produce releases. Since then, our windows installer (produced with makensis) has not functioned correctly when run on a Windows system with the "Force randomization for images (Mandatory ASLR)" option enabled. Note that all of our other release binaries, which all contain .reloc sections, function fine under the same option, so it cannot be just the presence of a .reloc section that is the issue. For now, restore makensis to it's pre-binutils-2.36 behaviour, which fixes the produced installer. The underlying issue can be further investigated in future. * doc: minor updates to guix README * build: include share/rpcauth in tarball & installer Fixes bitcoin#19081. * guix: use --build={arch}-guix-linux-gnu in cross toolchain Technically we are always cross-compiling, so make that explicit. Fixes: bitcoin#22458. * guix: consistently use -ffile-prefix-map Aside from being the newer, more comprehensive option, it's what we claim to use in the patch docs, and everywhere else in guix. * guix: use git-minimal over git From the git-minimal package definition: > The size of the closure of 'git-minimal' is two thirds that of 'git'. > Its test suite runs slightly faster and most importantly it doesn't > depend on packages that are expensive to build such as Subversion. We don't need any fancy / additional git functionality above the basics, so switch to git-minimal and save some CPU, while also pruning the greater dependency graph. ```diff -name: git +name: git-minimal version: 2.37.3 outputs: -+ send-email: see Appendix H -+ svn: see Appendix H -+ credential-netrc: see Appendix H -+ credential-libsecret: see Appendix H -+ subtree: see Appendix H -+ gui: see Appendix H + out: everything else -systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux i686-linux armhf-linux powerpc-linux -dependencies: asciidoc@9.1.0 bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 docbook-xsl@1.79.2 expat@2.4.1 gettext-minimal@0.21 glib@2.70.2 libsecret@0.20.4 openssl@1.1.1l pcre2@10.37 perl-authen-sasl@2.16 perl-cgi@4.52 -+ perl-io-socket-ssl@2.068 perl-net-smtp-ssl@1.04 perl-term-readkey@2.38 perl@5.34.0 pkg-config@0.29.2 python@3.9.9 subversion@1.14.1 tcl@8.6.11 tk@8.6.11.1 xmlto@0.0.28 zlib@1.2.11 -location: gnu/packages/version-control.scm:222:2 +systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux riscv64-linux i686-linux armhf-linux powerpc-linux +dependencies: bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 expat@2.4.1 gettext-minimal@0.21 openssl@1.1.1l perl@5.34.0 zlib@1.2.11 +location: gnu/packages/version-control.scm:608:2 homepage: https://git-scm.com/ license: GPL 2 synopsis: Distributed version control system ``` * guix: Drop perl package * Revert "guix: Build depends/qt with our platform definition" This reverts commit dc4137a. * MS: restclient start * MS: bumped c++ version from 14 to 17 * only gitian build for linux x86_64 for now. We can add back aarch64 later when needed. * Testing whether OSX SDK needs to updated for gitian building for c++17 * test if bitcoins last gitian-build method works with unigrid * yaml format error * updated darwin host file for py build gitian * Update depends make to work with latest build * update darwin builder for new gitian * DOWNLOAD_RETRIES:=3 readded for curl * linux host update gitian * check in default depends * upgrade dawrwin to 19 * use focal * remove i686 windows gitian * testing whether jammy has same compile error for osx cctools * switch back to focal * place guix in proper directory * guix util file * guix util file * lief is failing on guix build. try a newer version * change hash for lief * try and downgrade lief * lief hash * update darwin to never xcode version and osx 10.15 minimum * added missing native_clang depends * test jammy build focal cannot find repos * missing some jammy in build.py * build with kinetic * focal appears to be the only docker container that builds correctly * test building with g++9 linux * test if reverting to c++14 builds work * upgrade build.sh to use focal base VM. Remove some uneeded dependencies for linux builds. * use jammy for builds and test building with c++17 or 20 if available * force c++17 * don't check clock_gettime by default * docker still cannot find ubuntu jammy revert to focal * fdelt is required * aarch64 required to compile * disable arm build * test disable glib backward support * darwin builds were missing libtapi. native_cdrkit replaced with xorriso. * change order of native_libtapi * libtapi and clang are split out of cctools * darwin unable to find glibtoolize * upgrading boost and remove references to specific darwin versions * split boost into build/host * boost fail build on linux * define minimum required boost * adding missing required boost libraries after updating boost version * errors building with boost 1.73.0 revert back to 1.71.0 * wrong xcode version in darwin build * up boost version to 1.73.0 * test building with boost 1.80.0 * remove unused dependency and set min boost version * upgrading boost requires more refactoring * test if building osx works with c++11 * c++11 build fails on the rest client test to see if c++17 resolves this error * accidental edit of robin-hood submodule * use 12.2 osx sdk * use 12.2 osx sdk for gitian-builder * proper cheksum of Xcode * checksum was not correct * remove downloaded sdk * attempted build with boost 1.80 * revert to c++14 and downgrade boost * configure.ac set c++14 * Ms restclient (#5) * MS: Updated univalue lib to latest version. Fixed parsing of json from restclient * ms: added -hport as an argument in for unigridd. * ms: added mint class to handel values from hedgehog. did some cleanup. * ms: fixed compilation error * ms: rewrote the rest client so its now working and getting json data from hedgehog * ms: removed auto keyword * ms: changed return type to bool to check if data got tranferd as expected from hedgehog * ms: reverted c++ version to 14 from 17 Co-authored-by: Fim-84 <marcus.stenberg@gmail.com> * set depends to build with c++11 * compile cc++ test update * revert to old method of building boost that worked on OSX * remove native_b2 ref * remove native_cdrkit * build ref for native_libtapi * misisng endif * try bitcoin boost build method * errors compiling openssl with xcode 12.2 revert to 12.1 * test if old gitian build works with rest client update * revert boost to old build * reverting native cc tools build * revert depends make to master * missing cdrkit added * cdrkit in wrong directory * revert darwin host * remove updated gitian build script from this branch. If we decide to stick with gitian this can be pulled from the EG_uposx_12_1 branch. Co-authored-by: Carl Dong <contact@carldong.me> Co-authored-by: fanquake <fanquake@gmail.com> Co-authored-by: W. J. van der Laan <laanwj@protonmail.com> Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com> Co-authored-by: Andrew Chow <achow101-github@achow101.com> Co-authored-by: Pieter Wuille <pieter@wuille.net> Co-authored-by: h <harshit_goyal333@outlook.com> Co-authored-by: jonatack <jon@atack.com> Co-authored-by: Jeremy Rand <jeremyrand@airmail.cc> Co-authored-by: Cory Fields <cory-nospam-@coryfields.com> Co-authored-by: Pavol Rusnak <pavol@rusnak.io> Co-authored-by: laanwj <126646+laanwj@users.noreply.github.com> Co-authored-by: josibake <josibake@protonmail.com> Co-authored-by: Stacie <staciewaleyko@gmail.com> Co-authored-by: Fim-84 <marcus.stenberg@gmail.com> * refactor of masternode to gridnode. Init will check for masternode.conf and rename the file to gridnode.conf on startup. * having issues with the ubuntu bionic installs. try with ubuntu jammy * remove uneeded break as we are not looping through strings anymore * increase GLIBC version for newer OS building * A complete refactor of the repo, to update Unigrid's naming convention of gridnodes instead of masternodes. * refactor additions for gridnodes vs masternodes * spelling error Gridnodeconfig * SPORK_20_UNDONKEY_MNREWARDS refactored :D * set build environment to bionic for gitian Co-authored-by: Carl Dong <contact@carldong.me> Co-authored-by: fanquake <fanquake@gmail.com> Co-authored-by: W. J. van der Laan <laanwj@protonmail.com> Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com> Co-authored-by: Andrew Chow <achow101-github@achow101.com> Co-authored-by: Pieter Wuille <pieter@wuille.net> Co-authored-by: h <harshit_goyal333@outlook.com> Co-authored-by: jonatack <jon@atack.com> Co-authored-by: Jeremy Rand <jeremyrand@airmail.cc> Co-authored-by: Cory Fields <cory-nospam-@coryfields.com> Co-authored-by: Pavol Rusnak <pavol@rusnak.io> Co-authored-by: laanwj <126646+laanwj@users.noreply.github.com> Co-authored-by: josibake <josibake@protonmail.com> Co-authored-by: Stacie <staciewaleyko@gmail.com> Co-authored-by: Fim-84 <marcus.stenberg@gmail.com>
dekm
added a commit
to unigrid-project/daemon
that referenced
this pull request
Apr 6, 2023
* try and downgrade lief
* lief hash
* update darwin to never xcode version and osx 10.15 minimum
* MS: Updated univalue lib to latest version. Fixed parsing of json from restclient
* added missing native_clang depends
* test jammy build focal cannot find repos
* missing some jammy in build.py
* build with kinetic
* ms: added -hport as an argument in for unigridd.
* focal appears to be the only docker container that builds correctly
* ms: added mint class to handel values from hedgehog. did some cleanup.
* test building with g++9 linux
* test if reverting to c++14 builds work
* upgrade build.sh to use focal base VM. Remove some uneeded dependencies for linux builds.
* ms: fixed compilation error
* use jammy for builds and test building with c++17 or 20 if available
* force c++17
* don't check clock_gettime by default
* docker still cannot find ubuntu jammy revert to focal
* fdelt is required
* aarch64 required to compile
* disable arm build
* test disable glib backward support
* darwin builds were missing libtapi. native_cdrkit replaced with xorriso.
* change order of native_libtapi
* libtapi and clang are split out of cctools
* darwin unable to find glibtoolize
* upgrading boost and remove references to specific darwin versions
* split boost into build/host
* boost fail build on linux
* define minimum required boost
* adding missing required boost libraries after updating boost version
* errors building with boost 1.73.0 revert back to 1.71.0
* wrong xcode version in darwin build
* up boost version to 1.73.0
* test building with boost 1.80.0
* remove unused dependency and set min boost version
* upgrading boost requires more refactoring
* ms: rewrote the rest client so its now working and getting json data from hedgehog
* test if building osx works with c++11
* c++11 build fails on the rest client test to see if c++17 resolves this error
* ms: removed auto keyword
* accidental edit of robin-hood submodule
* use 12.2 osx sdk
* use 12.2 osx sdk for gitian-builder
* proper cheksum of Xcode
* ms: changed return type to bool to check if data got tranferd as expected from hedgehog
* checksum was not correct
* remove downloaded sdk
* attempted build with boost 1.80
* ms: reverted c++ version to 14 from 17
* revert to c++14 and downgrade boost
* configure.ac set c++14
* ms: rest client done. started work on hadeling locking of tokens
* ms: blocks transactions from minted addresses
* ms: mint hedgehog supply
* Eg refactormasternode (#8)
* rest client (#6)
* guix: Add guix-verify script
* guix-attest: Only use cross-platform flags for find+xargs
* guix-attest: Use ascii-armor signatures
* guix-attest: Allow skipping GPG signing with NO_SIGN
* guix: Minor quoting fix in libexec/build.sh
* guix: Construct $OUTDIR in ${DISTSRC}/output
While files are being output to $OUTDIR, it will be under
${DISTSRC}/output, and only when everything is done, will
${DISTSRC}/output be moved to the actual $OUTDIR.
This makes it so that a Ctrl-C in the middle of a build is less likely
to result in a partially-constructed $OUTDIR. In fact, if I understand
correctly, if $OUTDIR and $DISTSRC reside on the same filesystem, the
move (rename) is likely atomic.
Also, since the "working $OUTDIR" is under ${DISTSRC}/output, it will be
cleaned properly by the guix-clean script.
* guix: Attest to inputs in inputs.SHA256SUMS
At build/codesigning-time, hash build inputs and output the digest to
${OUTDIR}/inputs.SHA256SUMS, which gets included in the final SHA256SUMS
constructed by guix-attest.
Example final SHA256SUMS:
ee832d2a35b7701bff581dea05a536118b118e3ad0a587a2855b6ee8cd6fba20 inputs/bitcoin-78199266af7b.tar.gz
ca765e70a0c12866dd63c0be228b675278a26329e5f8f5b5c52fd09200fedf21 bitcoin-78199266af7b-powerpc64le-linux-gnu-debug.tar.gz
dae95327d7f2c324e2728c4b73627be6cb2c0d2f2e5bea940d1d5e6463939327 bitcoin-78199266af7b-powerpc64le-linux-gnu.tar.gz
* guix: Skip attesting to dist-archive
We already attest to the relevant dist-archive in inputs.SHA256SUMS,
which is recorded at build-time.
We use a SKIPATTEST.TAG file to indicate output directories which do not
require attestation (much like the CACHEDIR.TAG specification).
Generally, it's better to have build scripts declare properties of
directories instead of introducing name-based special cases in attest
scripts since build scripts have a more detailed context of what is
going on.
* guix: Consistently use gcc-8 for $HOST
* guix-attest: Avoid incomplete sigdirs with ERR traps
Sometimes GPG connects to the wrong agent... or you don't have your
smartcard handy...
* guix: install LIEF in Guix container
Co-authored-by: Carl Dong <contact@carldong.me>
* build: Makes rcc output always deterministic
The Qt Resource Compiler (rcc) has a command-line option
`--format-version` which has the default value 2.
The only difference from `--format-version 1` is adding a last modified
timestamp to the output file. That, in turn, forces us to use
`QT_RCC_SOURCE_DATE_OVERRIDE=1` to get deterministic bu
F438
ilds.
This change makes rcc output always deterministic by using
`--format-version 1` option that makes usage of the
`QT_RCC_SOURCE_DATE_OVERRIDE` needless. Also it improves interaction
with ccache.
Co-authored-by: fanquake <fanquake@gmail.com>
* guix: Reindent existing manifest.scm
* guix: Package codesigning tools
* guix: Add codesigning functionality
* guix: repro: Sort find output in libtool for gcc-8
Otherwise the resulting .a static libraries (e.g. libstdc++.a) will not
be reproducible and end up making the Bitcoin binaries non-reproducible
as well.
See: https://reproducible-builds.org/docs/archives/#gnu-libtool
* guix: Remove dest if OUTDIR mv fails
* guix: Check for disk space availability before building
* Use latest signapple commit
Update gitian and guix to use the same latest signapple commit
* Make SHA256SUMS fragment right after build
* Rewrite guix-{attest,verify} for new hier
* scripts: LIEF 0.11.5
* guix-attest: Error out if SHA256SUMS is unexpected
* guix: Rebase toolchain on glibc 2.24 (2.27 for riscv64)
Support for riscv64 in glibc landed in 2.27 so it's unavoidable that we
use 2.27.
Running a Bitcoin build with toolchains based on 2.24 for platforms
other than riscv64 seem to produce binaries which do not have 2.17
symbols. So use 2.24 since it's more recent and maintained by Debian
Stretch.
* guix: Build depends/qt with our platform definition
Our 'bitcoin-linux-g++' definition better integrates with our depends
system than the stock linux-g++-64 definition.
This fixes a bug whereby Guix builds on x86_64 for x86_64 did not
produce a QMinimalIntegrationPlugin and led to bitcoin-qt not being
built.
* guix: Also sort SHA256SUMS.part
* guix: no-longer pass --enable-glibc-back-compat to Guix
Now that our Guix builds are performed on glibc 2.24 and 2.27 (RISCV),
we no-longer need to pass the --enable-glibc-back-compat option.
Replace it with --disable-threadlocal, to prevent the usage of symbols
from glibc 2.18.
None of the binaries produced required symbols later than 2.17, and 2.27
(RISCV).
* guix: add additional documentation to patches
* Avoid GCC 7.1 ABI change warning in guix build
* guix: Patch binutils to add security-related disable flags
We use these flags in our test-security-check make target, but they are
only available because debian patches them in.
We can patch them in for our Guix builds so that we can check the sanity
of our security/symbol checking suite before running them.
* guix: Test security-check sanity before performing them
* guix: Check for a sane services database
On bare systems, it is possible to be lacking a services database. Check
for basic entries before attempting a build.
See the error message in the diff for more context.
* guix: Update various check_tools lists
* guix: Pin kernel header version
- Use 4.19 for riscv64 (earliest LTS release w/ riscv64 support)
- Use 4.9 for all others (second-oldest LTS release, released in
combination with glibc glibc 2.24 in Debian stretch)
* guix: Bump to version-1.3.0 from upstream
The chosen commit is the HEAD of Guix's version-1.3.0 branch as of July
15th, 2021.
Also fix visual indenting.
* guix: Overhaul README
- Added detailed Guix bootstrap/installation instructions
* guix-attest: Produce and sign normalized documents
That way we can easily combine the document and detached signature to
produce cleartext signature files for upload during the release process.
See subsequent commits which modify doc/release-process.md for more
details.
* guix/INSTALL: Add coreutils/inotify-dir-recreate troubleshooting
* guix/INSTALL: Guix installs init scripts in libdir
* guix: Silence getent(1) invocation
* guix/INSTALL: Misc fixups
* guix/build: Remove vestigial SKIPATTEST.TAG
* guix: Make all.SHA256SUMS rather than codesigned.SHA256SUMS
* guix: Allow changing the base manifest in guix-verify
When verifying guix attestations, it is useful to set a particular
signer's manifest as the base to compare against.
* Updated Readme, Corrected the codesign typo
* script, doc: guix touchups
* guix: Remove extra \r from all.SHA256SUMS line ending
guix-attest mistakenly added an extra \r to the line endings in
all.SHA256SUMS, causing guix-verify to erroneously fail.
Co-Authored-By: Carl Dong <contact@carldong.me>
* guix: Ensure EPOCH_SOURCE_DATE does not include GPG information
If the user has set log.showSignature=true in their git config, then the
git log will always output GPG signature information. Since git log is
used to set EPOCH_SOURCE_DATE, this will mistakenly have GPG signature
information in it which causes issues for the build. To avoid this
issue, we override the config and force log.showSignature=false.
* release: Release with separate SHA256SUMS and sig files
This allows us to remove the rfc4880 EOL hacks and release with a
SHA256SUMS.asc file that's a combination of all signer signatures.
* guix-verify: Non-zero exit code when anything fails
Previously, if verification fails, the correct message will be printed,
but the exit code would still be 0.
* guix: Don't include directory name in SHA256SUMS
The SHA256SUMS file can be used in a sha256sum -c command to verify
downloaded binaries. However users are likely to download just a single
file and not place this file in the correct directory relative to the
SHA256SUMS file for the simple verification command to work. By not
including the directory name in the SHA256SUMS file, it will be easier
for users to verify downloaded binaries.
Co-authored-by: Carl Dong <contact@carldong.me>
* guix/prelude: Override VERSION with FORCE_VERSION
Previously, if the builder exported $VERSION in their environment (as
past Gitian-building docs told them to), but their HEAD does not
actually point to v$VERSION, their build outputs will differ from those
of other builders.
This is because the contrib/guix/guix-* scripts only ever act on the
current git worktree, and does not try to check out $VERSION if $VERSION
is set in the environment.
Setting $VERSION only makes the scripts pretend like the current
worktree is $VERSION.
This problem was seen in jonatack's attestation for all.SHA256SUMS,
where only his bitcoin-22.0rc3-osx-signed.dmg differed from everyone
else's.
Here is my deduced sequence of events:
1. Aug 27th: He guix-builds 22.0rc3 and uploads his attestations up to
guix.sigs
2. Aug 30th, sometime after POSIX time 1630310848: he pulls the latest
changes from master in the same worktree where he guix-built 22.0rc3
and ends up at 7be143a960e2
3. Aug 30th, sometime before POSIX time 1630315907: With his worktree
still on 7be143a960e2, he guix-codesigns. Normally, this would result
in outputs going in guix-build-7be143a960e2, but he had
VERSION=22.0rc3 in his environment, so the guix-* scripts pretended
like he was building 22.0rc3, and used 22.0rc3's guix-build directory
to locate un-codesigned outputs and dump codesigned ones.
However, our SOURCE_DATE_EPOCH defaults to the POSIX time of HEAD
(7be143a960e2), which made all timestamps in the resulting codesigned
DMG 1630310848, 7be143a960e2's POSIX timestamp. This differs from the
POSIX timestamp of 22.0rc3, which is 1630348517. Note that the
windows codesigning procedure does not consider SOURCE_DATE_EPOCH.
We resolve this by only allowing VERSION overrides via the FORCE_VERSION
environment variable.
* build: set OSX_MIN_VERSION to 10.15
This is required to use std::filesystem on macOS as support for it only
landed in the libc++ dylib shipped with 10.15.
See also: https://developer.apple.com/documentation/xcode-release-notes/xcode-11-release-notes
Clang now supports the C++17 <filesystem> library for iOS 13, macOS 10.15, watchOS 6, and tvOS 13.
* Enable TLS in links in documentation
* Integrate univalue into our buildsystem
This addresses issues like the one in #12467, where some of our compiler flags
end up being dropped during the subconfigure of Univalue. Specifically, we're
still using the compiler-default c++ version rather than forcing c++17.
We can drop the need subconfigure completely in favor of a tighter build
integration, where the sources are listed separately from the build recipes,
so that they may be included directly by upstream projects. This is
similar to the way leveldb build integration works in Core.
Core benefits of this approach include:
- Better caching (for ex. ccache and autoconf)
- No need for a slow subconfigure
- Faster autoconf
- No more missing compile flags
- Compile only the objects needed
There are no benefits to Univalue itself that I can think of. These changes
should be a no-op there, and to downstreams as well until they take advantage
of the new sources.mk.
This also removes the option to use an external univalue to avoid similar ABI
issues with mystery binaries.
Co-authored-by: fanquake <fanquake@gmail.com>
* guix: Fix powerpc64(le) dynamic linker name
I used Guix's values for the powerpc64(le) dynamic linkers, and the
/lib-prefix seems to be a Guix-ism rather than standard. The standard
path for the linker-loaders start with /lib64.
I've taken the new loader values from SYSDEP_KNOWN_INTERPRETER_NAMES in
glibc's sysdeps/unix/sysv/linux/powerpc/ldconfig.h file.
For future reference, loader path values can also be found on glibc's
website: https://sourceware.org/glibc/wiki/ABIList?action=recall&rev=16
* build: require glibc 2.18+ for release builds
From what I can see the only platform this drops support for is CentOS
7. CentOS 7 reached the end of it's "full update" support at the end of
2020. It does receive maintenance updates until 2024, however I don't
think supporting glibc 2.17 until 2024 is realistic. Note that anyone
wanting to self-compile and target a glibc 2.17 runtime could build with
--disable-threadlocal.
glibc 2.18 was released in August 2013.
https://sourceware.org/legacy-ml/libc-alpha/2013-08/msg00160.html
* scripted-diff: Drop Darwin version for better maintainability
-BEGIN VERIFY SCRIPT-
sed -i 's/darwin19/darwin/g' $(git grep --files-with-matches 'darwin19')
-END VERIFY SCRIPT-
* test: Make more shell scripts verifiable by the `shellcheck` tool
* test: Bump shellcheck version to 0.8.0
* scripted-diff: Insert missed copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py insert contrib/guix/libexec/build.sh
./contrib/devtools/copyright_header.py insert contrib/guix/libexec/codesign.sh
./contrib/devtools/copyright_header.py insert contrib/tracing/log_raw_p2p_msgs.py
./contrib/devtools/copyright_header.py insert contrib/tracing/log_utxocache_flush.py
./contrib/devtools/copyright_header.py insert contrib/tracing/p2p_monitor.py
./contrib/devtools/copyright_header.py insert test/lint/lint-files.sh
-END VERIFY SCRIPT-
* build: use a static .tiff for macOS .dmg over generating
Co-authored-by: Pavol Rusnak <pavol@rusnak.io>
* guix: use GCC 10 (over GCC 8) to build releases
This currently points to the version-1.4.0 branch.
* guix: use uptream nsis-x86_64
Our patch is now used upstream.
* build: use python-asn1crypto from upstream
It is the exact same package definition.
* guix: use upstream python-requests (2.26.0)
Upstream python requests is now modern enough to be used as a dependency for
signapple. Which requires requests>=2.25.1.
* build: Point Guix to the current top of the "version-1.4.0" branch
* build: point to latest commit on the master branch
The version-1.4.0 branch no-longer exists, and will be branched off
master again shortly.
* guix: ignore additioanl failing certvalidator test
======================================================================
ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft
validate_path(context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path
return _validate_path(validation_context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path
raise PathValidationError(pretty_message(
certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-01-14 12:00:00Z
* build: Fix xargs warnings for Guix builds
* build: use macOS 11 SDK (Xcode 12.2)
This should be sufficient to support building for Apple ARM when
cross-compiling.
* guix: use autoconf 2.71
This allows for building with newer targets, like arm64-apple-darwin, due to
having a newer bundled config.guess and config.sub.
* guix: add arm64-apple-darwin triplet
* build: Fix gcc-cross-x86_64-w64-mingw32-10.3.0 in Guix
* build: Point Guix to recent commit on the master branch
* Replace "can not" with "cannot" in docs, user messages, and tests
* guix: use same commit for codesigning time-machine
The time machines should be updated in lockstep.
* build: Move guix time machine to prelude
This deduplicates some code, and enforces consistency of the time
machine configuration between scripts.
* guix: only use native GCC 7 toolchain for Linux builds
The macOS and Windows builds do not require a GCC 7 toolchain, and this
is actually causing build issues, i.e #24211. So switch to using a GCC
10 native toolchain for both.
* guix: use latest upstream python-certvalidator
This should also allow re-enabling previously failing tests.
* guix: use latest upstream signapple
This should improve support for signing for M1 binaries.
* guix: Drop unneeded openssl dependency for signapple
* guix: use latest signapple
* guix: only check for the macOS SDK once
If we are building for both macOS HOSTS, there's no need to check and
print that the SDK exists two times.
* guix: Use $HOST instead of generic osx{64} for macOS artifacts
* guix: make it possible to override gpg binary
For example on Qubes OS one might want to use qubes-gpg-client-wrapper instead
* guix: Drop "-signed" suffix for signed macOS .dmg files
This change makes naming of the signed artifacts consistent across
different OSes, including Windows.
* guix: Use "win64" for Windows artifacts consistently
* Update signapple for platform identifier fix
* doc, guix: Include arm64-apple-darwin into codesigned archs
* guix: point to latest upstream commit
* Revert "build: Fix gcc-cross-x86_64-w64-mingw32-10.3.0 in Guix"
This reverts commit 7f2f35fe20c7706d547fa22a62521fe926f9c12b.
* macdeploy: remove unused detached-sig-apply
Signature application is now done with signapple.
* guix: Drop code for the unsupported `i686-linux-gnu` host
Now GUIX build for the `i686-linux-gnu` host is broken, and there are no
plans to re-add it.
* contrib: use LIEF 0.12.0 for symbol and security checks
* build: Fix "ERR: Unsigned tarballs do not exist"
* guix: fix vmov alignment issues with gcc 10.3.0 & mingw-w64
This introduces a patch to our GCC (10.3.0) mingw-w64 compiler, in Guix, to make
it avoid using aligned vmov instructions. This works around a longstanding issue
in GCC, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54412, which was recently
discovered to be causing issues, see #24726.
Note that distros like Debian are also patching around this issue, and that is
where this patch comes from. This would also explain why we haven't run into this
problem earlier, in development builds. See:
https://salsa.debian.org/mingw-w64-team/gcc-mingw-w64/-/blob/master/debian/patches/vmov-alignment.patch.
Fixes #24726.
Alternative to #24727.
See also:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939559
* build: don't compress macOS DMG
* guix: fix GCC 10.3.0 + mingw-w64 setjmp/longjmp issues
This commit backports a patch to the GCC 10.3.0 we build for Windows
cross-compilation in Guix. The commit has been backported to the GCC
releases/gcc-10 branch, but hasn't yet made it into a release.
The patch corrects a regression from an earlier GCC commit, see:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=357c4350680bf29f0c7a115424e3da11c53b5582
and
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=074226d5aa86cd3de517014acfe34c7f69a2ccc7,
related to the way newer versions of mingw-w64 implement setjmp/longjmp.
Ultimately this was causing a crash for us when Windows users were
viewing the network traffic tab inside the GUI. After some period, long
enough that a buffer would need reallocating, a call into FreeTypes
gray_record_cell() would result in a call to ft_longjmp (longjmp), which
would then trigger a crash.
Fixes: https://github.com/bitcoin-core/gui/issues/582.
See also:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e8d1ca7d2c344a411779892616c423e157f4aea8.
https://bugreports.qt.io/browse/QTBUG-93476.
* guix: Improve error message about missed macOS SDK
* guix: consolidate kernel headers to 5.15
Given no reason to use an older version of the kernel headers for the
non-RISCV linux builds, consolidate all Linux builds to 5.15.x.
Note that using older kernel headers isn't some sort of compatibility
"hack", and glibc explicitly recommends against doing so. See:
https://sourceware.org/glibc/wiki/FAQ#What_version_of_the_Linux_kernel_headers_should_be_used.3F.
* build: include bitcoin.conf in build outputs
copy over bitcoin.conf during the build process.
this means `contrib/devtools/gen-bitcoin-conf.sh` will need
to be run and the generated file committed during the release process.
this is the same process used for generating man pages for each release.
* guix: bump time-machine to 998eda3067c7d21e0d9bb3310d2f5a14b8f1c681
There are two reasons to perform this bump:
* Fixes #25082 by bumping to a commit that includes a fix for time-dependent unit
tests in libgit2 (f5fe0082abe4547f3fb9f29d8351473cfb3a387b).
* Gives us access to clang-toolchain-14 (14.0.3, 998eda3067c7d21e0d9bb3310d2f5a14b8f1c681),
which is useful for the Guix portion of #21778.
Note that with this bump:
Linux kernels headers update from 5.15.28 to 5.15.37.
* guix: compile glibc without -werror
Compiling glibc 2.24 and 2.27 with the new GCC 10 results in a number of new warnings,
i.e:
```bash
libc-tls.c: In function ‘__libc_setup_tls’:
libc-tls.c:208:30: error: array subscript 1 is outside the bounds of an interior zero-length array ‘struct dtv_slotinfo[0]’ [-Werror=zero-length-bounds]
208 | static_slotinfo.si.slotinfo[1].map = main_map;
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~
In file included from ../sysdeps/x86_64/ldsodefs.h:54,
from ../sysdeps/gnu/ldsodefs.h:46,
from ../sysdeps/unix/sysv/linux/ldsodefs.h:25,
from libc-tls.c:20:
../sysdeps/generic/ldsodefs.h:398:7: note: while referencing ‘slotinfo’
398 | } slotinfo[0];
| ^~~~~~~~
```
While we could try and backport all the patches required to fix these up, it would
currently seem easier to disable -Werror, which Guix uses by default when building
glibc.
* guix: adjust RISC-V __has_include() patch to work with GCC 10
The actual macro is __has_include(), not __has_include__(), using the
later would result in build failures when using GCC 10. i.e:
```bash
../sysdeps/unix/sysv/linux/riscv/flush-icache.c:24:5: warning: "__has_include__" is not defined, evaluates to 0 [-Wundef]
24 | #if __has_include__ (<asm/syscalls.h>)
```
Looks like at least someone else has run into the same thing, see:
http://lists.busybox.net/pipermail/buildroot/2020-July/590376.html.
See also:
https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005finclude.html
https://clang.llvm.org/docs/LanguageExtensions.html#has-include
* guix: fix glibc 2.27 multiple definition warnings with GCC 10
* guix: use -fcommon when building glibc 2.24
GCC 10 started using -fno-common by default, which causes issues with
the powerpc builds using gibc 2.24. A patch was commited to glibc to fix
the issue, 18363b4f010da9ba459b13310b113ac0647c2fcc but is non-trvial
to backport, and was broken in at least one way, see the followup in
commit 7650321ce037302bfc2f026aa19e0213b8d02fe6.
For now, retain the legacy GCC behaviour by passing -fcommon when
building glibc 2.24.
https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html.
https://sourceware.org/git/?p=glibc.git;a=commit;h=18363b4f010da9ba459b13310b113ac0647c2fcc
https://sourceware.org/git/?p=glibc.git;a=commit;h=7650321ce037302bfc2f026aa19e0213b8d02fe6
* guix: native GCC 10 toolchain for Linux builds
* guix: re-revert riscv execstack workaround
Now that we use GCC 10 for release builds, we no-longer need to
pass-Wl,-z,noexecstack to get a non-executable stack in RISC-V binaries.
This was originally removed in #21036, but then re-added in #21799, when
we reverted to using GCC 8.
* guix: use libtool 2.4.7
As of version 2.4.7, libtool now respects ARFLAGS, which we use, and has
changed the default ARFLAGS from cru to cr (which we also do, see
configure).
This eliminates spammy `ar` output such as:
```bash
CXXLD libunivalue.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
AR libbitcoin_zmq.a
AR libbitcoin_consensus.a
CXXLD crypto/libbitcoin_crypto_base.la
CXXLD crypto/libbitcoin_crypto_sse41.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
CXXLD crypto/libbitcoin_crypto_avx2.la
CXXLD crypto/libbitcoin_crypto_x86_shani.la
CXXLD leveldb/libleveldb.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
CXXLD crc32c/libcrc32c.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
CXXLD leveldb/libmemenv.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
AR libbitcoin_cli.a
```
Libtool 2.4.7 release notes:
https://lists.gnu.org/archive/html/autotools-announce/2022-03/msg00000.html
* guix: remove explicit glibc stack protector disabling
While glibc 2.25 and newer *can* be built with stack-smashing-protection
enabled, it isn't used by default, and still isn't, as of glibc 2.35,
so I can't see a reason to explicitly disable it.
I'd also like to move in the direction of enabling, by default,
hardening options for the toolchains we build, so removing the explicit
disabling is a step in that direction.
Will be following up with some changes based on this PR.
* guix: parallelize LIEF build
* guix: remove usage of -Wl,-z,noexecstack for PPC64 HOST
The PPC64 ABI has a non-executable stack by default, and does not need a
GNU_STACK program header.
See also:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/powerpc/include/asm/page_64.h#n92
* guix: use LIEF 0.12.1
* guix: patch LIEF to fix PPC64 NX default
This patches our LIEF build using the change merged upstream:
https://github.com/lief-project/LIEF/pull/718.
This can be dropped the next time we update LIEF.
* guix: Map all guix store prefixes to /usr
Without ffile-prefix-map, the debug symbols will contain paths for the
guix store which will include the hashes of each package. However, the
hash for the same package will differ when on different architectures.
In order to be reproducible regardless of the architecture used to build
the package, map all guix store prefixes to something fixed, e.g. /usr.
* guix: Remove guix store paths from glibc
Without ffile-prefix-map, the debug symbols will contain paths for the
guix store which will include the hashes of each package. However, the
hash for the same package will differ when on different architectures.
In order to be reproducible regardless of the architecture used to build
the package, map all guix store prefixes to something fixed, e.g. /usr.
We might be able to drop this in favour of using --with-nonshared-cflags
when we being using newer versions of glibc.
* guix: use elfesteem 2eb1e5384ff7a220fd1afacd4a0170acff54fe56
Our patch has been merged upstream, see
https://github.com/LRGH/elfesteem/pull/3
* guix: patch gcc 10 with pthreads to remap guix store paths
* guix: Drop repetition of option's default value
* guix: enable SSP for RISC-V glibc (2.27)
Pass `--enable-stack-protector=all` when building the glibc used for the
RISC-V toolchain, to enable stack smashing protection on all functions,
in the glibc code.
* guix: pass enable-bind-now to glibc
Both glibcs we build support `--enable-bind-now`:
Disable lazy binding for installed shared objects and programs.
This provides additional security hardening because it enables full RELRO
and a read-only global offset table (GOT), at the cost of slightly
increased program load times.
See:
https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
* guix: enable hardening options in GCC Build
Pass `--enable-default-pie` and `--enable-default-ssp` when configuring
our GCCs. This achieves the following:
--enable-default-pie
Turn on -fPIE and -pie by default.
--enable-default-ssp
Turn on -fstack-protector-strong by default.
Note that this isn't a replacement for passing hardneing flags
ourselves, but introduces some redundency, and there isn't really a
reason to not build a more "hardenings enabled" toolchain by default.
See also:
https://gcc.gnu.org/install/configure.html
* guix: ignore additional failing certvalidator test
Similar to 85885919656a3f606f3d7f208378aabe95f3f62d.
```bash
ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft
validate_path(context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path
return _validate_path(validation_context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path
raise PathValidationError(pretty_message(
certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-07-27 12:00:00Z
```
* guix: patch NSIS to remove .reloc sections from install stubs
With the release of binutils/ld 2.36, ld swapped to much improved
default settings when producing windows binaries with mingw-w64. One of
these changes was to stop stripping the .reloc section from binaries,
which is required for working ASLR.
.reloc section stripping is something we've accounted for previously,
see #18702. The related upstream discussion is in this thread:
https://sourceware.org/bugzilla/show_bug.cgi?id=19011.
When we switched to using a newer Guix time-machine in #23778, we begun
using binutils 2.37 to produce releases. Since then, our windows
installer (produced with makensis) has not functioned correctly when run on
a Windows system with the "Force randomization for images (Mandatory ASLR)"
option enabled. Note that all of our other release binaries, which all
contain .reloc sections, function fine under the same option, so it
cannot be just the presence of a .reloc section that is the issue.
For now, restore makensis to it's pre-binutils-2.36 behaviour, which
fixes the produced installer. The underlying issue can be further
investigated in future.
* doc: minor updates to guix README
* build: include share/rpcauth in tarball & installer
Fixes #19081.
* guix: use --build={arch}-guix-linux-gnu in cross toolchain
Technically we are always cross-compiling, so make that explicit.
Fixes: #22458.
* guix: consistently use -ffile-prefix-map
Aside from being the newer, more comprehensive option, it's what we
claim to use in the patch docs, and everywhere else in guix.
* guix: use git-minimal over git
From the git-minimal package definition:
> The size of the closure of 'git-minimal' is two thirds that of 'git'.
> Its test suite runs slightly faster and most importantly it doesn't
> depend on packages that are expensive to build such as Subversion.
We don't need any fancy / additional git functionality above the basics,
so switch to git-minimal and save some CPU, while also pruning the
greater dependency graph.
```diff
-name: git
+name: git-minimal
version: 2.37.3
outputs:
-+ send-email: see Appendix H
-+ svn: see Appendix H
-+ credential-netrc: see Appendix H
-+ credential-libsecret: see Appendix H
-+ subtree: see Appendix H
-+ gui: see Appendix H
+ out: everything else
-systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux i686-linux armhf-linux powerpc-linux
-dependencies: asciidoc@9.1.0 bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 docbook-xsl@1.79.2 expat@2.4.1 gettext-minimal@0.21 glib@2.70.2 libsecret@0.20.4 openssl@1.1.1l pcre2@10.37 perl-authen-sasl@2.16 perl-cgi@4.52
-+ perl-io-socket-ssl@2.068 perl-net-smtp-ssl@1.04 perl-term-readkey@2.38 perl@5.34.0 pkg-config@0.29.2 python@3.9.9 subversion@1.14.1 tcl@8.6.11 tk@8.6.11.1 xmlto@0.0.28 zlib@1.2.11
-location: gnu/packages/version-control.scm:222:2
+systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux riscv64-linux i686-linux armhf-linux powerpc-linux
+dependencies: bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 expat@2.4.1 gettext-minimal@0.21 openssl@1.1.1l perl@5.34.0 zlib@1.2.11
+location: gnu/packages/version-control.scm:608:2
homepage: https://git-scm.com/
license: GPL 2
synopsis: Distributed version control system
```
* guix: Drop perl package
* Revert "guix: Build depends/qt with our platform definition"
This reverts commit dc4137a60c99979b89f75d2bddba96d043f387b8.
* MS: restclient start
* MS: bumped c++ version from 14 to 17
* only gitian build for linux x86_64 for now. We can add back aarch64 later when needed.
* Testing whether OSX SDK needs to updated for gitian building for c++17
* test if bitcoins last gitian-build method works with unigrid
* yaml format error
* updated darwin host file for py build gitian
* Update depends make to work with latest build
* update darwin builder for new gitian
* DOWNLOAD_RETRIES:=3 readded for curl
* linux host update gitian
* check in default depends
* upgrade dawrwin to 19
* use focal
* remove i686 windows gitian
* testing whether jammy has same compile error for osx cctools
* switch back to focal
* place guix in proper directory
* guix util file
* guix util file
* lief is failing on guix build. try a newer version
* change hash for lief
* try and downgrade lief
* lief hash
* update darwin to never xcode version and osx 10.15 minimum
* added missing native_clang depends
* test jammy build focal cannot find repos
* missing some jammy in build.py
* build with kinetic
* focal appears to be the only docker container that builds correctly
* test building with g++9 linux
* test if reverting to c++14 builds work
* upgrade build.sh to use focal base VM. Remove some uneeded dependencies for linux builds.
* use jammy for builds and test building with c++17 or 20 if available
* force c++17
* don't check clock_gettime by default
* docker still cannot find ubuntu jammy revert to focal
* fdelt is required
* aarch64 required to compile
* disable arm build
* test disable glib backward support
* darwin builds were missing libtapi. native_cdrkit replaced with xorriso.
* change order of native_libtapi
* libtapi and clang are split out of cctools
* darwin unable to find glibtoolize
* upgrading boost and remove references to specific darwin versions
* split boost into build/host
* boost fail build on linux
* define minimum required boost
* adding missing required boost libraries after updating boost version
* errors building with boost 1.73.0 revert back to 1.71.0
* wrong xcode version in darwin build
* up boost version to 1.73.0
* test building with boost 1.80.0
* remove unused dependency and set min boost version
* upgrading boost requires more refactoring
* test if building osx works with c++11
* c++11 build fails on the rest client test to see if c++17 resolves this error
* accidental edit of robin-hood submodule
* use 12.2 osx sdk
* use 12.2 osx sdk for gitian-builder
* proper cheksum of Xcode
* checksum was not correct
* remove downloaded sdk
* attempted build with boost 1.80
* revert to c++14 and downgrade boost
* configure.ac set c++14
* Ms restclient (#5)
* MS: Updated univalue lib to latest version. Fixed parsing of json from restclient
* ms: added -hport as an argument in for unigridd.
* ms: added mint class to handel values from hedgehog. did some cleanup.
* ms: fixed compilation error
* ms: rewrote the rest client so its now working and getting json data from hedgehog
* ms: removed auto keyword
* ms: changed return type to bool to check if data got tranferd as expected from hedgehog
* ms: reverted c++ version to 14 from 17
Co-authored-by: Fim-84 <marcus.stenberg@gmail.com>
* set depends to build with c++11
* compile cc++ test update
* revert to old method of building boost that worked on OSX
* remove native_b2 ref
* remove native_cdrkit
* build ref for native_libtapi
* misisng endif
* try bitcoin boost build method
* errors compiling openssl with xcode 12.2 revert to 12.1
* test if old gitian build works with rest client update
* revert boost to old build
* reverting native cc tools build
* revert depends make to master
* missing cdrkit added
* cdrkit in wrong directory
* revert darwin host
* remove updated gitian build script from this branch. If we decide to stick with gitian this can be pulled from the EG_uposx_12_1 branch.
Co-authored-by: Carl Dong <contact@carldong.me>
Co-authored-by: fanquake <fanquake@gmail.com>
Co-authored-by: W. J. van der Laan <laanwj@protonmail.com>
Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
Co-authored-by: Andrew Chow <achow101-github@achow101.com>
Co-authored-by: Pieter Wuille <pieter@wuille.net>
Co-authored-by: h <harshit_goyal333@outlook.com>
Co-authored-by: jonatack <jon@atack.com>
Co-authored-by: Jeremy Rand <jeremyrand@airmail.cc>
Co-authored-by: Cory Fields <cory-nospam-@coryfields.com>
Co-authored-by: Pavol Rusnak <pavol@rusnak.io>
Co-authored-by: laanwj <126646+laanwj@users.noreply.github.com>
Co-authored-by: josibake <josibake@protonmail.com>
Co-authored-by: Stacie <staciewaleyko@gmail.com>
Co-authored-by: Fim-84 <marcus.stenberg@gmail.com>
* refactor of masternode to gridnode. Init will check for masternode.conf and rename the file to gridnode.conf on startup.
* having issues with the ubuntu bionic installs. try with ubuntu jammy
* remove uneeded break as we are not looping through strings anymore
* increase GLIBC version for newer OS building
* A complete refactor of the repo, to update Unigrid's naming convention of gridnodes instead of masternodes.
* refactor additions for gridnodes vs masternodes
* spelling error Gridnodeconfig
* SPORK_20_UNDONKEY_MNREWARDS refactored :D
* set build environment to bionic for gitian
Co-authored-by: Carl Dong <contact@carldong.me>
Co-authored-by: fanquake <fanquake@gmail.com>
Co-authored-by: W. J. van der Laan <laanwj@protonmail.com>
Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
Co-authored-by: Andrew Chow <achow101-github@achow101.com>
Co-authored-by: Pieter Wuille <pieter@wuille.net>
Co-authored-by: h <harshit_goyal333@outlook.com>
Co-authored-by: jonatack <jon@atack.com>
Co-authored-by: Jeremy Rand <jeremyrand@airmail.cc>
Co-authored-by: Cory Fields <cory-nospam-@coryfields.com>
Co-authored-by: Pavol Rusnak <pavol@rusnak.io>
Co-authored-by: laanwj <126646+laanwj@users.noreply.github.com>
Co-authored-by: josibake <josibake@protonmail.com>
Co-authored-by: Stacie <staciewaleyko@gmail.com>
Co-authored-by: Fim-84 <marcus.stenberg@gmail.com>
* build environment should be bionic
* fix compiler error for unsupported c++
* target is needed here
* move CheckIfLockPeriodIsActive where bools are declared
* remove {} from return
* ms: last check for minted amount added.
* remove broken code
* ms: changed colleteral amount to 2000.
* ms: started working out a way to start a new chain to test
* set start time for zerocoin in the future so testnet does not look for it at the start
* pass chain height to get best block
* remove duplicate regtest
* height is a method
* missing )
* add echo
* log chain height
* height is -1 at the start
* pass height to assert
* assert only if not on genesis
* or on assert check
* asset if -1 is true
* print blockhash
* accidental overwrite in last commit
* output GetBestBlock
* convert best block to string
* print cacheCoins
* print cacheCoins
* tray creating coins view with blockhash -1
* misc
* ignore assert for flush if block height -1
* move initialize calls before InitBlockIndex
* undo last commit
* getting test net working
* ms: uncommented stuff
* refactor the test file to unigrid
* hard code in a testnet seed node
* vSeeds needs to clear for testnet
* adding two hard coded seed nodes for testnet
* refactor all Gridnode names in rpc to gridnode
* set testnet to mine up to block 2000 and lower gridnode collateral to 10
* update chainparams with devPubKey and set max coins the same value as mainnnet
* set gn amount to 100
* use Params().GridnodeCollateral() for gn collateral
* change max money out back to testnet defaults
* set max money out at 25000000000 there appears to be a pre-mine on first gridnode reward
* set testnet node collateral to the same as mainnnet. Also the max money out.
* removing code referencing bitcoin blocks
* set mainnet back to current collateral
* fix bootstrap download
* update download bootstrap check
* added a line break as removing the addnodes placed unigridstake on the same line as the rpcpassword
* last pow testnet 20 and comment out block rewards for testnet
* set downloadBootstrap to false if passed in as the value is never set
* switch check flag for download
* add some outputs on what is happening with the bootstrap download
* reverse download check
* set flag for download only true
* log nobootstrap arg
* only check for bootstrap if not testnet
* lower block maturity and increase mining to 30 blocks
* ms: got testnet staking
* set last POW to 50 as modern cpus will mine the last block too fast
* ms: fixed overflow error in amount in mint.
* test whether staking still works with gridnodeSync
* change addnode to connect. We don't want this test network connecting to the main networks.
* script was tring to remove swipp items instead of unigrid
* force return of GRIDNODE_SYNC_FINISHED for testnet so we can start staking
* skipping this check stakes although it never returns staking is active. It also likely breaks gn payments for testnet.
* set nGridnodeCountDrift to 0 on testnet
* Keep exact input amount for GN for now. There is another place the daemon checks which breaks them if its the wrong input.
* find all other locations collateral is checked
* test if this ignores gnsync on testnet
* place the gnsync check in the actaul call so all checks determine whether we are testnet or not
* test coin control with create transaction
* add reference to coinControl
* add coincontrol.h to rpc wallet
* remove log for return key
* print wtx.strFromAccount
* comment out destChange
* added a call to get local addresses in a map. SOme notes on how to handle locking minted tokens in wallet.cpp
* ms: changed how we add the mint to transaction index
* checking loadBlockIndex was removed for some reason in an earlier commit
* comment out isTimeToMint to test if this is causing a full reindex
* add back old assert assert(hashPrevBlock == view.GetBestBlock())
* remove log spam of block info
* set hashBlock back to -1
* skip check block to see if the issue is here
* broken log
* CheckBlock is not the issue
* ms: changes in create transactions to lock transactions from minted addresses
* disable setting genesis to test mainnet
* log loading block from disk
* update log
* move setbest block to the end
* only check GetHash for testnet as mainnet does not need this
* added coin control if we are sending to a local address that is locked
* ms: added checks to stop transactions from minted addresses
* the numbers here cannot change for mainnet as they are required to confirm old blocks
* ms: removed log prints that spamed the log. change a if statment to specificly only allow transfers to the minted address from a minted address
* two different asserts for main and testnets
* test whether syncing works mainnet
* set genesis to view if there is a match
* add a line break on exception here
* ms: fixed shutdown when not finding hedgehog.
* ms: small changes to handel when hedgehog dosent have any mint data yet
* disable shutdown for test
* return true for checktx on lock to test
* test getbestblock
* only check prev block for testnet as this is interfering with mainnet sync
* revert MAIN to old method of checking previous block
* redo order in init loading block index
* regorg init block index
* test InitBlockIndex after pcoin
* block index was checking twice
* disable shutdown to see if mainnet actually syncs
* disable log for waiting to mint
* disable spam from calling cli
* only output true for time to mint
* test if the order here was what causes testnet to not start
* remove commented code. if used it breaks testnet starting properly.
* MS: changed how no connecting hedgehog workes. it will wait for one minut for connection and if its not getting a connection it will shutdown. if connection is estableched it will processed as it should.
* MS: small change to CheckIsLockPeriodIsActive
* MS: Done some change to make the daemon play ball with hedgehog
* Create a new protocol version for this next release. Check with hedgehog over the rest client whether any new sporks have been created. If yes then we need to force all old protocols off the network.
* need to add the restclient object
* modify the hasMintingSpork call to use the same method as getdatafromrestserver
* try printing the size of the response
* adding some debuig logs
* test this rest call to hedgehog
* skip calling the rest client to see if the error is there
* wrap check in a try catch to see if we get an error
* MS: removed log prints that fills up the log
* MS: changed the mint spork check to handel an emtpty return list.
* search for the correct OSX SDK being used
* correct osx sdk
* min osx version bump
* bump boost 1.73
* remove boost test
* update from master
* remove cclang packages
* minimal boost install
* clang
* have to build boost
* place test at end of boost built
* min boost ver
* attempt to compile using what worked in master
* test if this gitian build that works can compile boost 1.73
* fix for boost 1.73
* remove throw error stopping the daemon from shutting down
* remove the catch causing a boost error to be thrown
* add some debug logs to find where boost is failing
* place the log before the trys
* see if boost requires this
* check if boost 1.73 is the issue
* boost 1.73 and dont start a shutdown
* skip checking for sporks
* re-enable checking for minting sporks as this did not solve the syncing issue
* check if the protocol version is causing sync issues
* test if check lock period even works
* skip checking lock period
* check whether commenting out get best block works here
* revert
* found the sync problem I believe
* fix syncing issue that happened from a bad commit at bf89a5f
* fixing openssl errors caused by an old version while boost asio is requiring a newer version.
* skip checking for sporks as it always returns 3 so will not connect to node. Set correct flag for checking tx for mints.
* this one also needs to only return if true
* remove debug logs
* MS: changed some logic. uncommented checkspork for test. changed test.sh to use the correct port
* Working on fix for memory leak
* MS: fixed a memory leak in CDataStreams that became apperent when running testnet.
* osx gitian failing on boost... again
* attempt to build with bjam and toolset
* check if the dash build method works any differently
* ignore boost tests
* darwin toolset
* boost 1.71
* boost 1.71 is the same issue
* one diff between working and not
---------
Co-authored-by: Fim-84 <marcus.stenberg@gmail.com>
Co-authored-by: Carl Dong <contact@carldong.me>
Co-authored-by: fanquake <fanquake@gmail.com>
Co-authored-by: W. J. van der Laan <laanwj@protonmail.com>
Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
Co-authored-by: Andrew Chow <achow101-github@achow101.com>
Co-authored-by: Pieter Wuille <pieter@wuille.net>
Co-authored-by: h <harshit_goyal333@outlook.com>
Co-authored-by: jonatack <jon@atack.com>
Co-authored-by: Jeremy Rand <jeremyrand@airmail.cc>
Co-authored-by: Cory Fields <cory-nospam-@coryfields.com>
Co-authored-by: Pavol Rusnak <pavol@rusnak.io>
Co-authored-by: laanwj <126646+laanwj@users.noreply.github.com>
Co-authored-by: josibake <josibake@protonmail.com>
Co-authored-by: Stacie <staciewaleyko@gmail.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR changes the gitian descriptors to use Ubuntu Focal (20.04), over Bionic (18.04), moving from GCC 7.5 to GCC 8.4 for native Linux builds, mingw-w64 GCC 7.3 to mingw-w64 GCC 9.3 for Windows builds, while continuing to use GCC 8.4 for all cross builds and Clang 8.0.0 for macOS builds.
It also drops the
-Wl,-z,noexecstackworkaround we've been using for the riscv64 and powerpc64le hosts, as it's no-longer needed. One new package is installed in the osx build,libtinfo5, as libtinfo5.so is required by our downloaded Clang 8.A bump to Focal will at least be required if we want to update to a newer Qt (5.15, #19716) for 22.0, as we need a newer version of
g++-mingw-w64and themingw-w64headers. This can still be done while continuing to use GCC 8.4 for Linux builds (see below), however the newerg++-mingw-w64will be based off of GCC 9.3.Some considerations
GCC 9 is affected by #20005 "memcmp with constants that contain zero bytes are broken in GCC", and the newer
g++-mingw-w64will be based off of GCC 9.3.The
--no-*variants of the Windows linker flags (i.e--no-dynamicbase) we use to test oursecurity-check.pyscript are not patched into the mingw binutils in Focal (they have been re-added in Groovy (20.10)). This isn't currently an issue, however, we might add a call totest-security-checkfor Guix (#20980), and if we wanted to do the same for gitian, it would not work. Note how it's quite "easy" for us to apply the--no-*variant patch to our Guix build; it would be quite a bit harder to do in Gitian.Gitian Builds @ 2ecaf21
Linux
Windows
macOS