diff options
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/devtools/README.md | 6 | ||||
| -rwxr-xr-x | contrib/devtools/optimize-pngs.py | 76 | ||||
| -rwxr-xr-x | contrib/devtools/previous_release.sh | 2 | ||||
| -rwxr-xr-x | contrib/devtools/security-check.py | 124 | ||||
| -rwxr-xr-x | contrib/devtools/test-security-check.py | 7 | ||||
| -rwxr-xr-x | contrib/gitian-descriptors/assign_DISTNAME | 12 | ||||
| -rw-r--r-- | contrib/gitian-descriptors/gitian-linux.yml | 12 | ||||
| -rw-r--r-- | contrib/gitian-descriptors/gitian-osx.yml | 12 | ||||
| -rw-r--r-- | contrib/gitian-descriptors/gitian-win.yml | 15 | ||||
| -rwxr-xr-x | contrib/gitian-descriptors/make_git_archive | 20 | ||||
| -rw-r--r-- | contrib/guix/README.md | 6 | ||||
| -rwxr-xr-x | contrib/guix/guix-build.sh | 1 | ||||
| -rw-r--r-- | contrib/guix/libexec/build.sh | 45 | ||||
| -rw-r--r-- | contrib/guix/manifest.scm | 3 | ||||
| -rw-r--r-- | contrib/valgrind.supp | 25 |
15 files changed, 128 insertions, 238 deletions
diff --git a/contrib/devtools/README.md b/contrib/devtools/README.md index f5533719c0..bdff7a84b0 100644 --- a/contrib/devtools/README.md +++ b/contrib/devtools/README.md @@ -89,12 +89,6 @@ example: BUILDDIR=$PWD/build contrib/devtools/gen-manpages.sh ``` -optimize-pngs.py -================ - -A script to optimize png files in the bitcoin -repository (requires pngcrush). - security-check.py and test-security-check.py ============================================ diff --git a/contrib/devtools/optimize-pngs.py b/contrib/devtools/optimize-pngs.py deleted file mode 100755 index e9481dbbcf..0000000000 --- a/contrib/devtools/optimize-pngs.py +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/env python3 -# Copyright (c) 2014-2018 The Bitcoin Core developers -# Distributed under the MIT software license, see the accompanying -# file COPYING or http://www.opensource.org/licenses/mit-license.php. -''' -Run this script every time you change one of the png files. Using pngcrush, it will optimize the png files, remove various color profiles, remove ancillary chunks (alla) and text chunks (text). -#pngcrush -brute -ow -rem gAMA -rem cHRM -rem iCCP -rem sRGB -rem alla -rem text -''' -import os -import sys -import subprocess -import hashlib -from PIL import Image # pip3 install Pillow - -def file_hash(filename): - '''Return hash of raw file contents''' - with open(filename, 'rb') as f: - return hashlib.sha256(f.read()).hexdigest() - -def content_hash(filename): - '''Return hash of RGBA contents of image''' - i = Image.open(filename) - i = i.convert('RGBA') - data = i.tobytes() - return hashlib.sha256(data).hexdigest() - -pngcrush = 'pngcrush' -git = 'git' -folders = ["src/qt/res/movies", "src/qt/res/icons", "share/pixmaps"] -basePath = subprocess.check_output([git, 'rev-parse', '--show-toplevel'], universal_newlines=True, encoding='utf8').rstrip('\n') -totalSaveBytes = 0 -noHashChange = True - -outputArray = [] -for folder in folders: - absFolder=os.path.join(basePath, folder) - for file in os.listdir(absFolder): - extension = os.path.splitext(file)[1] - if extension.lower() == '.png': - print("optimizing {}...".format(file), end =' ') - file_path = os.path.join(absFolder, file) - fileMetaMap = {'file' : file, 'osize': os.path.getsize(file_path), 'sha256Old' : file_hash(file_path)} - fileMetaMap['contentHashPre'] = content_hash(file_path) - - try: - subprocess.call([pngcrush, "-brute", "-ow", "-rem", "gAMA", "-rem", "cHRM", "-rem", "iCCP", "-rem", "sRGB", "-rem", "alla", "-rem", "text", file_path], - stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) - except: - print("pngcrush is not installed, aborting...") - sys.exit(0) - - #verify - if "Not a PNG file" in subprocess.check_output([pngcrush, "-n", "-v", file_path], stderr=subprocess.STDOUT, universal_newlines=True, encoding='utf8'): - print("PNG file "+file+" is corrupted after crushing, check out pngcursh version") - sys.exit(1) - - fileMetaMap['sha256New'] = file_hash(file_path) - fileMetaMap['contentHashPost'] = content_hash(file_path) - - if fileMetaMap['contentHashPre'] != fileMetaMap['contentHashPost']: - print("Image contents of PNG file {} before and after crushing don't match".format(file)) - sys.exit(1) - - fileMetaMap['psize'] = os.path.getsize(file_path) - outputArray.append(fileMetaMap) - print("done") - -print("summary:\n+++++++++++++++++") -for fileDict in outputArray: - oldHash = fileDict['sha256Old'] - newHash = fileDict['sha256New'] - totalSaveBytes += fileDict['osize'] - fileDict['psize'] - noHashChange = noHashChange and (oldHash == newHash) - print(fileDict['file']+"\n size diff from: "+str(fileDict['osize'])+" to: "+str(fileDict['psize'])+"\n old sha256: "+oldHash+"\n new sha256: "+newHash+"\n") - -print("completed. Checksum stable: "+str(noHashChange)+". Total reduction: "+str(totalSaveBytes)+" bytes") diff --git a/contrib/devtools/previous_release.sh b/contrib/devtools/previous_release.sh index b2ecc274fb..d375291f47 100755 --- a/contrib/devtools/previous_release.sh +++ b/contrib/devtools/previous_release.sh @@ -137,7 +137,7 @@ pushd "$TARGET" || exit 1 else BIN_PATH="bin/bitcoin-core-${tag:1}" fi - URL="https://bitcoin.org/$BIN_PATH/bitcoin-${tag:1}-$PLATFORM.tar.gz" + URL="https://bitcoincore.org/$BIN_PATH/bitcoin-${tag:1}-$PLATFORM.tar.gz" echo "Fetching: $URL" if ! curl -O -f $URL; then echo "Download failed." diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index 9444271bdc..ca587ca9e5 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -12,33 +12,33 @@ import subprocess import sys import os +from typing import List, Optional + READELF_CMD = os.getenv('READELF', '/usr/bin/readelf') OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump') OTOOL_CMD = os.getenv('OTOOL', '/usr/bin/otool') -NONFATAL = {} # checks which are non-fatal for now but only generate a warning -def check_ELF_PIE(executable): +def run_command(command) -> str: + p = subprocess.run(command, stdout=subprocess.PIPE, check=True, universal_newlines=True) + return p.stdout + +def check_ELF_PIE(executable) -> bool: ''' Check for position independent executable (PIE), allowing for address space randomization. ''' - p = subprocess.Popen([READELF_CMD, '-h', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - if p.returncode: - raise IOError('Error opening file') + stdout = run_command([READELF_CMD, '-h', '-W', executable]) ok = False for line in stdout.splitlines(): - line = line.split() - if len(line)>=2 and line[0] == 'Type:' and line[1] == 'DYN': + tokens = line.split() + if len(line)>=2 and tokens[0] == 'Type:' and tokens[1] == 'DYN': ok = True return ok def get_ELF_program_headers(executable): '''Return type and flags for ELF program headers''' - p = subprocess.Popen([READELF_CMD, '-l', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - if p.returncode: - raise IOError('Error opening file') + stdout = run_command([READELF_CMD, '-l', '-W', executable]) + in_headers = False count = 0 headers = [] @@ -62,7 +62,7 @@ def get_ELF_program_headers(executable): count += 1 return headers -def check_ELF_NX(executable): +def check_ELF_NX(executable) -> bool: ''' Check that no sections are writable and executable (including the stack) ''' @@ -75,7 +75,7 @@ def check_ELF_NX(executable): have_wx = True return have_gnu_stack and not have_wx -def check_ELF_RELRO(executable): +def check_ELF_RELRO(executable) -> bool: ''' Check for read-only relocations. GNU_RELRO program header must exist @@ -84,7 +84,8 @@ def check_ELF_RELRO(executable): have_gnu_relro = False for (typ, flags) in get_ELF_program_headers(executable): # Note: not checking flags == 'R': here as linkers set the permission differently - # This does not affect security: the permission flags of the GNU_RELRO program header are ignored, the PT_LOAD header determines the effective permissions. + # This does not affect security: the permission flags of the GNU_RELRO program + # header are ignored, the PT_LOAD header determines the effective permissions. # However, the dynamic linker need to write to this area so these are RW. # Glibc itself takes care of mprotecting this area R after relocations are finished. # See also https://marc.info/?l=binutils&m=1498883354122353 @@ -92,93 +93,69 @@ def check_ELF_RELRO(executable): have_gnu_relro = True have_bindnow = False - p = subprocess.Popen([READELF_CMD, '-d', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - if p.returncode: - raise IOError('Error opening file') + stdout = run_command([READELF_CMD, '-d', '-W', executable]) + for line in stdout.splitlines(): tokens = line.split() if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2:]): have_bindnow = True return have_gnu_relro and have_bindnow -def check_ELF_Canary(executable): +def check_ELF_Canary(executable) -> bool: ''' Check for use of stack canary ''' - p = subprocess.Popen([READELF_CMD, '--dyn-syms', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - if p.returncode: - raise IOError('Error opening file') + stdout = run_command([READELF_CMD, '--dyn-syms', '-W', executable]) + ok = False for line in stdout.splitlines(): if '__stack_chk_fail' in line: ok = True return ok -def get_PE_dll_characteristics(executable): - ''' - Get PE DllCharacteristics bits. - Returns a tuple (arch,bits) where arch is 'i386:x86-64' or 'i386' - and bits is the DllCharacteristics value. - ''' - p = subprocess.Popen([OBJDUMP_CMD, '-x', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - if p.returncode: - raise IOError('Error opening file') - arch = '' +def get_PE_dll_characteristics(executable) -> int: + '''Get PE DllCharacteristics bits''' + stdout = run_command([OBJDUMP_CMD, '-x', executable]) + bits = 0 for line in stdout.splitlines(): tokens = line.split() - if len(tokens)>=2 and tokens[0] == 'architecture:': - arch = tokens[1].rstrip(',') if len(tokens)>=2 and tokens[0] == 'DllCharacteristics': bits = int(tokens[1],16) - return (arch,bits) + return bits IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020 IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040 IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100 -def check_PE_DYNAMIC_BASE(executable): +def check_PE_DYNAMIC_BASE(executable) -> bool: '''PIE: DllCharacteristics bit 0x40 signifies dynamicbase (ASLR)''' - (arch,bits) = get_PE_dll_characteristics(executable) - reqbits = IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE - return (bits & reqbits) == reqbits + bits = get_PE_dll_characteristics(executable) + return (bits & IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE) == IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE -# On 64 bit, must support high-entropy 64-bit address space layout randomization in addition to DYNAMIC_BASE -# to have secure ASLR. -def check_PE_HIGH_ENTROPY_VA(executable): +# Must support high-entropy 64-bit address space layout randomization +# in addition to DYNAMIC_BASE to have secure ASLR. +def check_PE_HIGH_ENTROPY_VA(executable) -> bool: '''PIE: DllCharacteristics bit 0x20 signifies high-entropy ASLR''' - (arch,bits) = get_PE_dll_characteristics(executable) - if arch == 'i386:x86-64': - reqbits = IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA - else: # Unnecessary on 32-bit - assert(arch == 'i386') - reqbits = 0 - return (bits & reqbits) == reqbits + bits = get_PE_dll_characteristics(executable) + return (bits & IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA) == IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA def check_PE_RELOC_SECTION(executable) -> bool: '''Check for a reloc section. This is required for functional ASLR.''' - p = subprocess.Popen([OBJDUMP_CMD, '-h', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - if p.returncode: - raise IOError('Error opening file') + stdout = run_command([OBJDUMP_CMD, '-h', executable]) + for line in stdout.splitlines(): if '.reloc' in line: return True return False -def check_PE_NX(executable): +def check_PE_NX(executable) -> bool: '''NX: DllCharacteristics bit 0x100 signifies nxcompat (DEP)''' - (arch,bits) = get_PE_dll_characteristics(executable) + bits = get_PE_dll_characteristics(executable) return (bits & IMAGE_DLL_CHARACTERISTICS_NX_COMPAT) == IMAGE_DLL_CHARACTERISTICS_NX_COMPAT -def get_MACHO_executable_flags(executable): - p = subprocess.Popen([OTOOL_CMD, '-vh', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - if p.returncode: - raise IOError('Error opening file') +def get_MACHO_executable_flags(executable) -> List[str]: + stdout = run_command([OTOOL_CMD, '-vh', executable]) flags = [] for line in stdout.splitlines(): @@ -222,10 +199,7 @@ def check_MACHO_LAZY_BINDINGS(executable) -> bool: Check for no lazy bindings. We don't use or check for MH_BINDATLOAD. See #18295. ''' - p = subprocess.Popen([OTOOL_CMD, '-l', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - if p.returncode: - raise IOError('Error opening file') + stdout = run_command([OTOOL_CMD, '-l', executable]) for line in stdout.splitlines(): tokens = line.split() @@ -238,10 +212,8 @@ def check_MACHO_Canary(executable) -> bool: ''' Check for use of stack canary ''' - p = subprocess.Popen([OTOOL_CMD, '-Iv', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - if p.returncode: - raise IOError('Error opening file') + stdout = run_command([OTOOL_CMD, '-Iv', executable]) + ok = False for line in stdout.splitlines(): if '___stack_chk_fail' in line: @@ -270,7 +242,7 @@ CHECKS = { ] } -def identify_executable(executable): +def identify_executable(executable) -> Optional[str]: with open(filename, 'rb') as f: magic = f.read(4) if magic.startswith(b'MZ'): @@ -292,18 +264,12 @@ if __name__ == '__main__': continue failed = [] - warning = [] for (name, func) in CHECKS[etype]: if not func(filename): - if name in NONFATAL: - warning.append(name) - else: - failed.append(name) + failed.append(name) if failed: print('%s: failed %s' % (filename, ' '.join(failed))) retval = 1 - if warning: - print('%s: warning %s' % (filename, ' '.join(warning))) except IOError: print('%s: cannot open' % filename) retval = 1 diff --git a/contrib/devtools/test-security-check.py b/contrib/devtools/test-security-check.py index ea70b27941..629eba4f28 100755 --- a/contrib/devtools/test-security-check.py +++ b/contrib/devtools/test-security-check.py @@ -20,10 +20,9 @@ def write_testcode(filename): ''') def call_security_check(cc, source, executable, options): - subprocess.check_call([cc,source,'-o',executable] + options) - p = subprocess.Popen(['./security-check.py',executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) - (stdout, stderr) = p.communicate() - return (p.returncode, stdout.rstrip()) + subprocess.run([cc,source,'-o',executable] + options, check=True) + p = subprocess.run(['./contrib/devtools/security-check.py',executable], stdout=subprocess.PIPE, universal_newlines=True) + return (p.returncode, p.stdout.rstrip()) class TestSecurityChecks(unittest.TestCase): def test_ELF(self): diff --git a/contrib/gitian-descriptors/assign_DISTNAME b/contrib/gitian-descriptors/assign_DISTNAME new file mode 100755 index 0000000000..a2ca768aaa --- /dev/null +++ b/contrib/gitian-descriptors/assign_DISTNAME @@ -0,0 +1,12 @@ +# Copyright (c) 2020 The Bitcoin Core developers +# Distributed under the MIT software license, see the accompanying +# file COPYING or http://www.opensource.org/licenses/mit-license.php. +# +# A helper script to be sourced into the gitian descriptors + +if RECENT_TAG="$(git describe --exact-match HEAD)"; then + VERSION="${RECENT_TAG#v}" +else + VERSION="$(git rev-parse --short=12 HEAD)" +fi +DISTNAME="bitcoin-${VERSION}" diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index f421372e10..0ed1e16f7e 100644 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -140,9 +140,15 @@ script: | create_per-host_faketime_wrappers "${REFERENCE_DATETIME}" export PATH=${WRAP_DIR}:${PATH} - # Create the git archive, and define DISTNAME and GIT_ARCHIVE variables. - # shellcheck source=contrib/gitian-descriptors/make_git_archive - source contrib/gitian-descriptors/make_git_archive + # Define DISTNAME variable. + # shellcheck source=contrib/gitian-descriptors/assign_DISTNAME + source contrib/gitian-descriptors/assign_DISTNAME + + GIT_ARCHIVE="${OUTDIR}/src/${DISTNAME}.tar.gz" + + # Create the source tarball + mkdir -p "$(dirname "$GIT_ARCHIVE")" + git archive --output="$GIT_ARCHIVE" HEAD ORIGPATH="$PATH" # Extract the git archive into a dir for each host and build diff --git a/contrib/gitian-descriptors/gitian-osx.yml b/contrib/gitian-descriptors/gitian-osx.yml index 82f8f194fc..bbae7201e5 100644 --- a/contrib/gitian-descriptors/gitian-osx.yml +++ b/contrib/gitian-descriptors/gitian-osx.yml @@ -103,9 +103,15 @@ script: | create_per-host_faketime_wrappers "${REFERENCE_DATETIME}" export PATH=${WRAP_DIR}:${PATH} - # Create the git archive, and define DISTNAME and GIT_ARCHIVE variables. - # shellcheck source=contrib/gitian-descriptors/make_git_archive - source contrib/gitian-descriptors/make_git_archive + # Define DISTNAME variable. + # shellcheck source=contrib/gitian-descriptors/assign_DISTNAME + source contrib/gitian-descriptors/assign_DISTNAME + + GIT_ARCHIVE="${OUTDIR}/src/${DISTNAME}.tar.gz" + + # Create the source tarball + mkdir -p "$(dirname "$GIT_ARCHIVE")" + git archive --output="$GIT_ARCHIVE" HEAD ORIGPATH="$PATH" # Extract the git archive into a dir for each host and build diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index 54ad68a2a3..d05b6d426d 100644 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -108,9 +108,15 @@ script: | create_per-host_compiler_wrapper "${REFERENCE_DATETIME}" export PATH=${WRAP_DIR}:${PATH} - # Create the git archive, and define DISTNAME and GIT_ARCHIVE variables. - # shellcheck source=contrib/gitian-descriptors/make_git_archive - source contrib/gitian-descriptors/make_git_archive + # Define DISTNAME variable. + # shellcheck source=contrib/gitian-descriptors/assign_DISTNAME + source contrib/gitian-descriptors/assign_DISTNAME + + GIT_ARCHIVE="${OUTDIR}/src/${DISTNAME}.tar.gz" + + # Create the source tarball + mkdir -p "$(dirname "$GIT_ARCHIVE")" + git archive --output="$GIT_ARCHIVE" HEAD ORIGPATH="$PATH" # Extract the git archive into a dir for each host and build @@ -127,9 +133,8 @@ script: | make ${MAKEOPTS} make ${MAKEOPTS} -C src check-security make ${MAKEOPTS} -C src check-symbols - make deploy + make deploy BITCOIN_WIN_INSTALLER="${OUTDIR}/${DISTNAME}-win64-setup-unsigned.exe" make install DESTDIR=${INSTALLPATH} - cp -f ./bitcoin-*-win64-setup-unsigned.exe ${OUTDIR}/${DISTNAME}-win64-setup-unsigned.exe cd installed mv ${DISTNAME}/bin/*.dll ${DISTNAME}/lib/ find . -name "lib*.la" -delete diff --git a/contrib/gitian-descriptors/make_git_archive b/contrib/gitian-descriptors/make_git_archive deleted file mode 100755 index d922c94c60..0000000000 --- a/contrib/gitian-descriptors/make_git_archive +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (c) 2020 The Bitcoin Core developers -# Distributed under the MIT software license, see the accompanying -# file COPYING or http://www.opensource.org/licenses/mit-license.php. -# -# A helper script to be sourced into the gitian descriptors - -mkdir -p ${OUTDIR}/src -RECENT_TAG=$(git describe --abbrev=0 HEAD) -if [ $RECENT_TAG = $(git describe HEAD) ]; then - if [[ $RECENT_TAG == v* ]]; then - VERSION=${RECENT_TAG:1} - else - VERSION=$RECENT_TAG - fi -else - VERSION=$(git rev-parse --short HEAD) -fi -DISTNAME=bitcoin-${VERSION} -GIT_ARCHIVE="${OUTDIR}/src/${DISTNAME}.tar.gz" -git archive --output=$GIT_ARCHIVE HEAD diff --git a/contrib/guix/README.md b/contrib/guix/README.md index 9f99b36f88..dffcf99607 100644 --- a/contrib/guix/README.md +++ b/contrib/guix/README.md @@ -13,7 +13,6 @@ We achieve bootstrappability by using Guix as a functional package manager. Conservatively, a x86_64 machine with: -- 2 or more logical cores - 4GB of free disk space on the partition that /gnu/store will reside in - 24GB of free disk space on the partition that the Bitcoin Core git repository resides in @@ -143,6 +142,11 @@ find output/ -type f -print0 | sort -z | xargs -r0 sha256sum If non-empty, will pass `V=1` to all `make` invocations, making `make` output verbose. + Note that any given value is ignored. The variable is only checked for + emptiness. More concretely, this means that `V=` (setting `V` to the empty + string) is interpreted the same way as not setting `V` at all, and that `V=0` + has the same effect as `V=1`. + * _**ADDITIONAL_GUIX_ENVIRONMENT_FLAGS**_ Additional flags to be passed to `guix environment`. For a fully-bootstrapped diff --git a/contrib/guix/guix-build.sh b/contrib/guix/guix-build.sh index e20b2a048d..11d2c8b867 100755 --- a/contrib/guix/guix-build.sh +++ b/contrib/guix/guix-build.sh @@ -105,6 +105,7 @@ for host in ${HOSTS=x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu riscv --pure \ --no-cwd \ --share="$PWD"=/bitcoin \ + --expose="$(git rev-parse --git-common-dir)" \ ${SOURCES_PATH:+--share="$SOURCES_PATH"} \ ${ADDITIONAL_GUIX_ENVIRONMENT_FLAGS} \ -- env HOST="$host" \ diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh index 550b1b8f40..5be3baeefa 100644 --- a/contrib/guix/libexec/build.sh +++ b/contrib/guix/libexec/build.sh @@ -3,6 +3,14 @@ export LC_ALL=C set -e -o pipefail export TZ=UTC +if [ -n "$V" ]; then + # Print both unexpanded (-v) and expanded (-x) forms of commands as they are + # read from this file. + set -vx + # Set VERBOSE for CMake-based builds + export VERBOSE="$V" +fi + # Check that environment variables assumed to be set by the environment are set echo "Building for platform triple ${HOST:?not set} with reference timestamp ${SOURCE_DATE_EPOCH:?not set}..." echo "At most ${MAX_JOBS:?not set} jobs will run at once..." @@ -141,19 +149,17 @@ make -C depends --jobs="$MAX_JOBS" HOST="$HOST" \ # Source Tarball Building # ########################### -# Create the source tarball and move it to "${OUTDIR}/src" if not already there -if [ -z "$(find "${OUTDIR}/src" -name 'bitcoin-*.tar.gz')" ]; then - ./autogen.sh - env CONFIG_SITE="${BASEPREFIX}/${HOST}/share/config.site" ./configure --prefix=/ - make dist GZIP_ENV='-9n' ${V:+V=1} - mkdir -p "${OUTDIR}/src" - mv "$(find "${PWD}" -name 'bitcoin-*.tar.gz')" "${OUTDIR}/src/" -fi +# Define DISTNAME variable. +# shellcheck source=contrib/gitian-descriptors/assign_DISTNAME +source contrib/gitian-descriptors/assign_DISTNAME + +GIT_ARCHIVE="${OUTDIR}/src/${DISTNAME}.tar.gz" -# Determine the full path to our source tarball -SOURCEDIST="$(find "${OUTDIR}/src" -name 'bitcoin-*.tar.gz')" -# Determine our distribution name (e.g. bitcoin-0.18.0) -DISTNAME="$(basename "$SOURCEDIST" '.tar.gz')" +# Create the source tarball if not already there +if [ ! -e "$GIT_ARCHIVE" ]; then + mkdir -p "$(dirname "$GIT_ARCHIVE")" + git archive --output="$GIT_ARCHIVE" HEAD +fi ########################### # Binary Tarball Building # @@ -187,7 +193,9 @@ export PATH="${BASEPREFIX}/${HOST}/native/bin:${PATH}" cd "$DISTSRC" # Extract the source tarball - tar --strip-components=1 -xf "${SOURCEDIST}" + tar -xf "${GIT_ARCHIVE}" + + ./autogen.sh # Configure this DISTSRC for $HOST # shellcheck disable=SC2086 @@ -220,7 +228,7 @@ export PATH="${BASEPREFIX}/${HOST}/native/bin:${PATH}" # Make the os-specific installers case "$HOST" in *mingw*) - make deploy ${V:+V=1} + make deploy ${V:+V=1} BITCOIN_WIN_INSTALLER="${OUTDIR}/${DISTNAME}-win64-setup-unsigned.exe" ;; esac @@ -232,11 +240,6 @@ export PATH="${BASEPREFIX}/${HOST}/native/bin:${PATH}" # Install built Bitcoin Core to $INSTALLPATH make install DESTDIR="${INSTALLPATH}" ${V:+V=1} - case "$HOST" in - *mingw*) - cp -f --target-directory="$OUTDIR" ./*-setup-unsigned.exe - ;; - esac ( cd installed @@ -264,7 +267,7 @@ export PATH="${BASEPREFIX}/${HOST}/native/bin:${PATH}" cp "${DISTSRC}/doc/README_windows.txt" "${DISTNAME}/readme.txt" ;; *linux*) - cp "${DISTSRC}/doc/README.md" "${DISTNAME}/" + cp "${DISTSRC}/README.md" "${DISTNAME}/" ;; esac @@ -307,7 +310,7 @@ case "$HOST" in ( cd ./windeploy mkdir unsigned - cp --target-directory=unsigned/ "$OUTDIR"/bitcoin-*-setup-unsigned.exe + cp --target-directory=unsigned/ "${OUTDIR}/${DISTNAME}-win64-setup-unsigned.exe" find . -print0 \ | sort --zero-terminated \ | tar --create --no-recursion --mode='u+rw,go+r-w,a+X' --null --files-from=- \ diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index 86c1a8d27f..5e011ea184 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -17,6 +17,7 @@ (gnu packages pkg-config) (gnu packages python) (gnu packages shells) + (gnu packages version-control) (guix build-system gnu) (guix build-system trivial) (guix gexp) @@ -181,6 +182,8 @@ chain for " target " development.")) ;; Scripting perl python-3.7 + ;; Git + git ;; Native gcc 9 toolchain targeting glibc 2.27 (make-gcc-toolchain gcc-9 glibc-2.27)) (let ((target (getenv "HOST"))) diff --git a/contrib/valgrind.supp b/contrib/valgrind.supp index 744b8ee70f..d2652119b4 100644 --- a/contrib/valgrind.supp +++ b/contrib/valgrind.supp @@ -1,7 +1,5 @@ -# Valgrind suppressions file for Bitcoin. -# -# Includes known Valgrind warnings in our dependencies that cannot be fixed -# in-tree. +# This valgrind suppressions file includes known Valgrind warnings in our +# dependencies that cannot be fixed in-tree. # # Example use: # $ valgrind --suppressions=contrib/valgrind.supp src/test/test_bitcoin @@ -14,6 +12,9 @@ # --error-limit=no src/test/test_bitcoin # # Note that suppressions may depend on OS and/or library versions. +# Tested on: +# * aarch64 (Ubuntu 20.04 system libs, without gui) +# * x86_64 (Ubuntu 18.04 system libs, without gui) { Suppress libstdc++ warning - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65434 Memcheck:Leak @@ -47,8 +48,7 @@ Suppress libdb warning Memcheck:Param pwrite64(buf) - fun:pwrite - fun:__os_io + ... obj:*/libdb_cxx-*.so } { @@ -184,16 +184,3 @@ ... fun:_ZN5BCLog6Logger12StartLoggingEv } -{ - Suppress BCLog::Logger::StartLogging() still reachable memory warning - Memcheck:Leak - match-leak-kinds: reachable - fun:malloc - ... - fun:_ZN5BCLog6Logger12StartLoggingEv -} -{ - Suppress rest_blockhash_by_height Conditional jump or move depends on uninitialised value(s) - Memcheck:Cond - fun:_ZL24rest_blockhash_by_heightP11HTTPRequestRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE -} |