diff options
| -rw-r--r-- | contrib/guix/manifest.scm | 20 | ||||
| -rw-r--r-- | src/leveldb/util/env_posix.cc | 2 | ||||
| -rw-r--r-- | src/script/script.h | 2 |
3 files changed, 19 insertions, 5 deletions
diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index 7471f08a2b..f93d6e26e8 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -132,12 +132,19 @@ chain for " target " development.")) (define base-gcc gcc-10) (define base-linux-kernel-headers linux-libre-headers-5.15) +;; https://gcc.gnu.org/install/configure.html +(define (hardened-gcc gcc) + (package-with-extra-configure-variable ( + package-with-extra-configure-variable gcc + "--enable-default-ssp" "yes") + "--enable-default-pie" "yes")) + (define* (make-bitcoin-cross-toolchain target #:key (base-gcc-for-libc base-gcc) (base-kernel-headers base-linux-kernel-headers) - (base-libc (make-glibc-without-werror glibc-2.24)) - (base-gcc (make-gcc-rpath-link base-gcc))) + (base-libc (make-glibc-with-bind-now (make-glibc-without-werror glibc-2.24))) + (base-gcc (make-gcc-rpath-link (hardened-gcc base-gcc)))) "Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values desirable for building Bitcoin Core release binaries." (make-cross-toolchain target @@ -520,6 +527,12 @@ inspecting signatures in Mach-O binaries.") (define (make-glibc-without-werror glibc) (package-with-extra-configure-variable glibc "enable_werror" "no")) +(define (make-glibc-with-stack-protector glibc) + (package-with-extra-configure-variable glibc "--enable-stack-protector" "all")) + +(define (make-glibc-with-bind-now glibc) + (package-with-extra-configure-variable glibc "--enable-bind-now" "yes")) + (define-public glibc-2.24 (package (inherit glibc-2.31) @@ -607,7 +620,8 @@ inspecting signatures in Mach-O binaries.") ((string-contains target "-linux-") (list (cond ((string-contains target "riscv64-") (make-bitcoin-cross-toolchain target - #:base-libc (make-glibc-without-werror glibc-2.27/bitcoin-patched))) + #:base-libc (make-glibc-with-stack-protector + (make-glibc-with-bind-now (make-glibc-without-werror glibc-2.27/bitcoin-patched))))) (else (make-bitcoin-cross-toolchain target))))) ((string-contains target "darwin") diff --git a/src/leveldb/util/env_posix.cc b/src/leveldb/util/env_posix.cc index 18626b327c..fac41be6ce 100644 --- a/src/leveldb/util/env_posix.cc +++ b/src/leveldb/util/env_posix.cc @@ -49,7 +49,7 @@ constexpr const int kDefaultMmapLimit = (sizeof(void*) >= 8) ? 4096 : 0; int g_mmap_limit = kDefaultMmapLimit; // Common flags defined for all posix open operations -#if defined(HAVE_O_CLOEXEC) +#if HAVE_O_CLOEXEC constexpr const int kOpenBaseFlags = O_CLOEXEC; #else constexpr const int kOpenBaseFlags = 0; diff --git a/src/script/script.h b/src/script/script.h index 3b799ad637..1e5f694d52 100644 --- a/src/script/script.h +++ b/src/script/script.h @@ -588,7 +588,6 @@ CScript BuildScript(Ts&&... inputs) int cnt{0}; ([&ret, &cnt] (Ts&& input) { - cnt++; if constexpr (std::is_same_v<std::remove_cv_t<std::remove_reference_t<Ts>>, CScript>) { // If it is a CScript, extend ret with it. Move or copy the first element instead. if (cnt == 0) { @@ -600,6 +599,7 @@ CScript BuildScript(Ts&&... inputs) // Otherwise invoke CScript::operator<<. ret << input; } + cnt++; } (std::forward<Ts>(inputs)), ...); return ret; |