aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorfanquake <fanquake@gmail.com>2023-04-05 12:13:29 +0100
committerfanquake <fanquake@gmail.com>2023-04-05 12:29:32 +0100
commit75d807ac9af0a6ce9aa9279930f4ff7348517bdb (patch)
treee31a4bb731558db77c2c124ea1cea06753aa0499
parent9ec30db8886599207a66db1fa827f19df5a3bc63 (diff)
parent436df1e826cae036caed3e983715a4ed4e441321 (diff)
Merge bitcoin/bitcoin#27406: depends: add `NO_HARDEN=` option
436df1e826cae036caed3e983715a4ed4e441321 depends: add NO_HARDEN option (fanquake) Pull request description: Add an option that when passed, will disable hardening options, and pass `--disable-hardening` through to configure. Due to the way we link `libssp` for Windows builds, they now fail (after #27118), if building with depends, and configuring with `--disable-hardening` (Windows is the odd build out here). See: https://github.com/bitcoin/bitcoin/pull/27118#issuecomment-1492606272. This change would add a depends option such that, if someone wants to build with depends, for Windows, without hardening, they can do so. This may also be useful when building for debugging. ACKs for top commit: hebasto: re-ACK 436df1e826cae036caed3e983715a4ed4e441321 Tree-SHA512: 5a3ef5ec87b10a5ad0a284201988ce94789451735c7c7e20d337f7232955b0b9a0addab1c3b5725755f00d8ce6741aa9c8cb5e3d48d926515b7dde46acdbcaa0
Diffstat
-rw-r--r--depends/Makefile6
-rw-r--r--depends/README.md1
-rw-r--r--depends/config.site.in4
-rwxr-xr-xdepends/gen_id6
-rw-r--r--depends/packages/libevent.mk5
5 files changed, 18 insertions, 4 deletions
diff --git a/depends/Makefile b/depends/Makefile
index 27bf804c6b..3169117633 100644
--- a/depends/Makefile
+++ b/depends/Makefile
@@ -45,6 +45,7 @@ NO_USDT ?=
NO_NATPMP ?=
MULTIPROCESS ?=
LTO ?=
+NO_HARDEN ?=
FALLBACK_DOWNLOAD_PATH ?= https://bitcoincore.org/depends-sources
C_STANDARD ?= c11
@@ -146,8 +147,8 @@ include packages/packages.mk
# 2. Before including packages/*.mk (excluding packages/packages.mk), since
# they rely on the build_id variables
#
-build_id:=$(shell env CC='$(build_CC)' C_STANDARD='$(C_STANDARD)' CXX='$(build_CXX)' CXX_STANDARD='$(CXX_STANDARD)' AR='$(build_AR)' RANLIB='$(build_RANLIB)' STRIP='$(build_STRIP)' SHA256SUM='$(build_SHA256SUM)' DEBUG='$(DEBUG)' LTO='$(LTO)' ./gen_id '$(BUILD_ID_SALT)' 'GUIX_ENVIRONMENT=$(realpath $(GUIX_ENVIRONMENT))')
-$(host_arch)_$(host_os)_id:=$(shell env CC='$(host_CC)' C_STANDARD='$(C_STANDARD)' CXX='$(host_CXX)' CXX_STANDARD='$(CXX_STANDARD)' AR='$(host_AR)' RANLIB='$(host_RANLIB)' STRIP='$(host_STRIP)' SHA256SUM='$(build_SHA256SUM)' DEBUG='$(DEBUG)' LTO='$(LTO)' ./gen_id '$(HOST_ID_SALT)' 'GUIX_ENVIRONMENT=$(realpath $(GUIX_ENVIRONMENT))')
+build_id:=$(shell env CC='$(build_CC)' C_STANDARD='$(C_STANDARD)' CXX='$(build_CXX)' CXX_STANDARD='$(CXX_STANDARD)' AR='$(build_AR)' RANLIB='$(build_RANLIB)' STRIP='$(build_STRIP)' SHA256SUM='$(build_SHA256SUM)' DEBUG='$(DEBUG)' LTO='$(LTO)' NO_HARDEN='$(NO_HARDEN)' ./gen_id '$(BUILD_ID_SALT)' 'GUIX_ENVIRONMENT=$(realpath $(GUIX_ENVIRONMENT))')
+$(host_arch)_$(host_os)_id:=$(shell env CC='$(host_CC)' C_STANDARD='$(C_STANDARD)' CXX='$(host_CXX)' CXX_STANDARD='$(CXX_STANDARD)' AR='$(host_AR)' RANLIB='$(host_RANLIB)' STRIP='$(host_STRIP)' SHA256SUM='$(build_SHA256SUM)' DEBUG='$(DEBUG)' LTO='$(LTO)' NO_HARDEN='$(NO_HARDEN)' ./gen_id '$(HOST_ID_SALT)' 'GUIX_ENVIRONMENT=$(realpath $(GUIX_ENVIRONMENT))')
boost_packages_$(NO_BOOST) = $(boost_packages)
@@ -253,6 +254,7 @@ $(host_prefix)/share/config.site : config.site.in $(host_prefix)/.stamp_$(final_
-e 's|@no_natpmp@|$(NO_NATPMP)|' \
-e 's|@multiprocess@|$(MULTIPROCESS)|' \
-e 's|@lto@|$(LTO)|' \
+ -e 's|@no_harden@|$(NO_HARDEN)|' \
-e 's|@debug@|$(DEBUG)|' \
$< > $@
touch $@
diff --git a/depends/README.md b/depends/README.md
index 82ea4e1de7..1064b7d18a 100644
--- a/depends/README.md
+++ b/depends/README.md
@@ -123,6 +123,7 @@ The following can be set when running make: `make FOO=bar`
resides in the `depends` directory, and the log file is printed out automatically in case
of build error. After successful build log files are moved along with package archives
- `LTO`: Use LTO when building packages.
+- `NO_HARDEN=1`: Don't use hardening options when building packages
If some packages are not built, for example `make NO_WALLET=1`, the appropriate
options will be passed to bitcoin's configure. In this case, `--disable-wallet`.
diff --git a/depends/config.site.in b/depends/config.site.in
index 8f6849214d..05c2ccbac1 100644
--- a/depends/config.site.in
+++ b/depends/config.site.in
@@ -82,6 +82,10 @@ if test -z "$enable_lto" && test -n "@lto@"; then
enable_lto=yes
fi
+if test -z "$enable_hardening" && test -n "@no_harden@"; then
+ enable_hardening=no
+fi
+
PKG_CONFIG="$(which pkg-config) --static"
PKG_CONFIG_PATH="${depends_prefix}/share/pkgconfig:${depends_prefix}/lib/pkgconfig"
diff --git a/depends/gen_id b/depends/gen_id
index 7caf8d764d..3341310e46 100755
--- a/depends/gen_id
+++ b/depends/gen_id
@@ -2,7 +2,7 @@
# Usage: env [ CC=... ] [ C_STANDARD=...] [ CXX=... ] [CXX_STANDARD=...] \
# [ AR=... ] [ RANLIB=... ] [ STRIP=... ] [ DEBUG=... ] \
-# [ LTO=... ] ./build-id [ID_SALT]...
+# [ LTO=... ] [ NO_HARDEN=... ] ./build-id [ID_SALT]...
#
# Prints to stdout a SHA256 hash representing the current toolset, used by
# depends/Makefile as a build id for caching purposes (detecting when the
@@ -70,6 +70,10 @@
echo "LTO=${LTO}"
echo "END LTO"
+ echo "BEGIN NO_HARDEN"
+ echo "NO_HARDEN=${NO_HARDEN}"
+ echo "END NO_HARDEN"
+
echo "END ALL"
) | if [ -n "$DEBUG" ] && command -v tee > /dev/null 2>&1; then
# When debugging and `tee` is available, output the preimage to stderr
diff --git a/depends/packages/libevent.mk b/depends/packages/libevent.mk
index 8374f2a103..9650f77db9 100644
--- a/depends/packages/libevent.mk
+++ b/depends/packages/libevent.mk
@@ -16,8 +16,11 @@ define $(package)_set_vars
$(package)_config_opts_netbsd=--with-pic
$(package)_config_opts_openbsd=--with-pic
$(package)_config_opts_android=--with-pic
- $(package)_cppflags+=-D_FORTIFY_SOURCE=3
$(package)_cppflags_mingw32=-D_WIN32_WINNT=0x0601
+
+ ifeq ($(NO_HARDEN),)
+ $(package)_cppflags+=-D_FORTIFY_SOURCE=3
+ endif
endef
define $(package)_preprocess_cmds
generated by cgit v1.2.3 (git 2.26.2) at 2025-03-15 07:17:22 +0000