aboutsummaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
Diffstat (limited to 'contrib')
-rw-r--r--contrib/devtools/pixie.py2
-rwxr-xr-xcontrib/devtools/symbol-check.py64
-rwxr-xr-xcontrib/devtools/test-security-check.py31
-rwxr-xr-xcontrib/devtools/test-symbol-check.py78
-rwxr-xr-xcontrib/devtools/utils.py22
-rw-r--r--contrib/gitian-descriptors/gitian-linux.yml3
-rw-r--r--contrib/gitian-descriptors/gitian-osx-signer.yml2
-rw-r--r--contrib/gitian-descriptors/gitian-osx.yml3
-rw-r--r--contrib/gitian-descriptors/gitian-win.yml3
-rwxr-xr-xcontrib/guix/guix-attest169
-rwxr-xr-xcontrib/guix/guix-build22
-rwxr-xr-xcontrib/guix/guix-verify109
-rwxr-xr-xcontrib/guix/libexec/build.sh46
-rwxr-xr-xcontrib/guix/libexec/codesign.sh20
-rw-r--r--contrib/guix/manifest.scm61
-rw-r--r--contrib/guix/patches/binutils-mingw-w64-disable-flags.patch171
-rw-r--r--contrib/guix/patches/gcc-8-sort-libtool-find-output.patch8
-rw-r--r--contrib/guix/patches/glibc-2.24-elfm-loadaddr-dynamic-rewrite.patch62
-rw-r--r--contrib/guix/patches/glibc-2.24-no-build-time-cxx-header-run.patch100
-rw-r--r--contrib/guix/patches/glibc-2.27-riscv64-Use-__has_include__-to-include-asm-syscalls.h.patch72
-rw-r--r--contrib/guix/patches/glibc-ldd-x86_64.patch10
-rw-r--r--contrib/guix/patches/glibc-versioned-locpath.patch240
-rw-r--r--contrib/guix/patches/nsis-SConstruct-sde-support.patch3
-rwxr-xr-xcontrib/seeds/generate-seeds.py17
-rw-r--r--contrib/seeds/nodes_main.txt528
-rw-r--r--contrib/signet/README.md33
-rwxr-xr-xcontrib/signet/miner36
27 files changed, 1150 insertions, 765 deletions
diff --git a/contrib/devtools/pixie.py b/contrib/devtools/pixie.py
index 8cf06a799a..64660968ad 100644
--- a/contrib/devtools/pixie.py
+++ b/contrib/devtools/pixie.py
@@ -217,7 +217,7 @@ def _parse_verneed(section: Section, strings: bytes, eh: ELFHeader) -> Dict[int,
result = {}
while True:
verneed = Verneed(data, ofs, eh)
- aofs = verneed.vn_aux
+ aofs = ofs + verneed.vn_aux
while True:
vernaux = Vernaux(data, aofs, eh, strings)
result[vernaux.vna_other] = vernaux.name
diff --git a/contrib/devtools/symbol-check.py b/contrib/devtools/symbol-check.py
index d740a94560..61f727fa63 100755
--- a/contrib/devtools/symbol-check.py
+++ b/contrib/devtools/symbol-check.py
@@ -3,21 +3,22 @@
# Distributed under the MIT software license, see the accompanying
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
'''
-A script to check that the executables produced by gitian only contain
-certain symbols and are only linked against allowed libraries.
+A script to check that release executables only contain certain symbols
+and are only linked against allowed libraries.
Example usage:
- find ../gitian-builder/build -type f -executable | xargs python3 contrib/devtools/symbol-check.py
+ find ../path/to/binaries -type f -executable | xargs python3 contrib/devtools/symbol-check.py
'''
import subprocess
import sys
-import os
from typing import List, Optional
import lief
import pixie
+from utils import determine_wellknown_cmd
+
# Debian 8 (Jessie) EOL: 2020. https://wiki.debian.org/DebianReleases#Production_Releases
#
# - g++ version 4.9.2 (https://packages.debian.org/search?suite=jessie&arch=any&searchon=names&keywords=g%2B%2B)
@@ -41,8 +42,16 @@ import pixie
#
MAX_VERSIONS = {
'GCC': (4,8,0),
-'GLIBC': (2,17),
-'LIBATOMIC': (1,0)
+'GLIBC': {
+ pixie.EM_386: (2,17),
+ pixie.EM_X86_64: (2,17),
+ pixie.EM_ARM: (2,17),
+ pixie.EM_AARCH64:(2,17),
+ pixie.EM_PPC64: (2,17),
+ pixie.EM_RISCV: (2,27),
+},
+'LIBATOMIC': (1,0),
+'V': (0,5,0), # xkb (bitcoin-qt only)
}
# See here for a description of _IO_stdin_used:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109
@@ -52,7 +61,6 @@ IGNORE_EXPORTS = {
'_edata', '_end', '__end__', '_init', '__bss_start', '__bss_start__', '_bss_end__', '__bss_end__', '_fini', '_IO_stdin_used', 'stdin', 'stdout', 'stderr',
'environ', '_environ', '__environ',
}
-CPPFILT_CMD = os.getenv('CPPFILT', '/usr/bin/c++filt')
# Allowed NEEDED libraries
ELF_ALLOWED_LIBRARIES = {
@@ -78,14 +86,6 @@ ELF_ALLOWED_LIBRARIES = {
'libfreetype.so.6', # font parsing
'libdl.so.2' # programming interface to dynamic linker
}
-ARCH_MIN_GLIBC_VER = {
-pixie.EM_386: (2,1),
-pixie.EM_X86_64: (2,2,5),
-pixie.EM_ARM: (2,4),
-pixie.EM_AARCH64:(2,17),
-pixie.EM_PPC64: (2,17),
-pixie.EM_RISCV: (2,27)
-}
MACHO_ALLOWED_LIBRARIES = {
# bitcoind and bitcoin-qt
@@ -140,7 +140,7 @@ class CPPFilt(object):
Use a pipe to the 'c++filt' command.
'''
def __init__(self):
- self.proc = subprocess.Popen(CPPFILT_CMD, stdin=subprocess.PIPE, stdout=subprocess.PIPE, universal_newlines=True)
+ self.proc = subprocess.Popen(determine_wellknown_cmd('CPPFILT', 'c++filt'), stdin=subprocess.PIPE, stdout=subprocess.PIPE, universal_newlines=True)
def __call__(self, mangled):
self.proc.stdin.write(mangled + '\n')
@@ -161,7 +161,10 @@ def check_version(max_versions, version, arch) -> bool:
ver = tuple([int(x) for x in ver.split('.')])
if not lib in max_versions:
return False
- return ver <= max_versions[lib] or lib == 'GLIBC' and ver <= ARCH_MIN_GLIBC_VER[arch]
+ if isinstance(max_versions[lib], tuple):
+ return ver <= max_versions[lib]
+ else:
+ return ver <= max_versions[lib][arch]
def check_imported_symbols(filename) -> bool:
elf = pixie.load(filename)
@@ -212,6 +215,18 @@ def check_MACHO_libraries(filename) -> bool:
ok = False
return ok
+def check_MACHO_min_os(filename) -> bool:
+ binary = lief.parse(filename)
+ if binary.build_version.minos == [10,14,0]:
+ return True
+ return False
+
+def check_MACHO_sdk(filename) -> bool:
+ binary = lief.parse(filename)
+ if binary.build_version.sdk == [10, 15, 6]:
+ return True
+ return False
+
def check_PE_libraries(filename) -> bool:
ok: bool = True
binary = lief.parse(filename)
@@ -221,6 +236,14 @@ def check_PE_libraries(filename) -> bool:
ok = False
return ok
+def check_PE_subsystem_version(filename) -> bool:
+ binary = lief.parse(filename)
+ major: int = binary.optional_header.major_subsystem_version
+ minor: int = binary.optional_header.minor_subsystem_version
+ if major == 6 and minor == 1:
+ return True
+ return False
+
CHECKS = {
'ELF': [
('IMPORTED_SYMBOLS', check_imported_symbols),
@@ -228,10 +251,13 @@ CHECKS = {
('LIBRARY_DEPENDENCIES', check_ELF_libraries)
],
'MACHO': [
- ('DYNAMIC_LIBRARIES', check_MACHO_libraries)
+ ('DYNAMIC_LIBRARIES', check_MACHO_libraries),
+ ('MIN_OS', check_MACHO_min_os),
+ ('SDK', check_MACHO_sdk),
],
'PE' : [
- ('DYNAMIC_LIBRARIES', check_PE_libraries)
+ ('DYNAMIC_LIBRARIES', check_PE_libraries),
+ ('SUBSYSTEM_VERSION', check_PE_subsystem_version),
]
}
diff --git a/contrib/devtools/test-security-check.py b/contrib/devtools/test-security-check.py
index c079fe5b4d..14058e2cc8 100755
--- a/contrib/devtools/test-security-check.py
+++ b/contrib/devtools/test-security-check.py
@@ -9,6 +9,8 @@ import os
import subprocess
import unittest
+from utils import determine_wellknown_cmd
+
def write_testcode(filename):
with open(filename, 'w', encoding="utf8") as f:
f.write('''
@@ -25,7 +27,7 @@ def clean_files(source, executable):
os.remove(executable)
def call_security_check(cc, source, executable, options):
- subprocess.run([cc,source,'-o',executable] + options, check=True)
+ subprocess.run([*cc,source,'-o',executable] + options, check=True)
p = subprocess.run(['./contrib/devtools/security-check.py',executable], stdout=subprocess.PIPE, universal_newlines=True)
return (p.returncode, p.stdout.rstrip())
@@ -33,7 +35,7 @@ class TestSecurityChecks(unittest.TestCase):
def test_ELF(self):
source = 'test1.c'
executable = 'test1'
- cc = 'gcc'
+ cc = determine_wellknown_cmd('CC', 'gcc')
write_testcode(source)
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-fno-stack-protector','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']),
@@ -54,18 +56,20 @@ class TestSecurityChecks(unittest.TestCase):
def test_PE(self):
source = 'test1.c'
executable = 'test1.exe'
- cc = 'x86_64-w64-mingw32-gcc'
+ cc = determine_wellknown_cmd('CC', 'x86_64-w64-mingw32-gcc')
write_testcode(source)
- self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--no-nxcompat','-Wl,--no-dynamicbase','-Wl,--no-high-entropy-va','-no-pie','-fno-PIE']),
- (1, executable+': failed DYNAMIC_BASE HIGH_ENTROPY_VA NX RELOC_SECTION'))
- self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--no-dynamicbase','-Wl,--no-high-entropy-va','-no-pie','-fno-PIE']),
- (1, executable+': failed DYNAMIC_BASE HIGH_ENTROPY_VA RELOC_SECTION'))
- self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase','-Wl,--no-high-entropy-va','-no-pie','-fno-PIE']),
- (1, executable+': failed HIGH_ENTROPY_VA RELOC_SECTION'))
- self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase','-Wl,--high-entropy-va','-no-pie','-fno-PIE']),
- (1, executable+': failed RELOC_SECTION'))
- self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE']),
+ self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--no-nxcompat','-Wl,--disable-reloc-section','-Wl,--no-dynamicbase','-Wl,--no-high-entropy-va','-no-pie','-fno-PIE']),
+ (1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA NX RELOC_SECTION'))
+ self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--disable-reloc-section','-Wl,--no-dynamicbase','-Wl,--no-high-entropy-va','-no-pie','-fno-PIE']),
+ (1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA RELOC_SECTION'))
+ self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--no-dynamicbase','-Wl,--no-high-entropy-va','-no-pie','-fno-PIE']),
+ (1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA'))
+ self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--no-dynamicbase','-Wl,--no-high-entropy-va','-pie','-fPIE']),
+ (1, executable+': failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA')) # -pie -fPIE does nothing unless --dynamicbase is also supplied
+ self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--no-high-entropy-va','-pie','-fPIE']),
+ (1, executable+': failed HIGH_ENTROPY_VA'))
+ self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE']),
(0, ''))
clean_files(source, executable)
@@ -73,7 +77,7 @@ class TestSecurityChecks(unittest.TestCase):
def test_MACHO(self):
source = 'test1.c'
executable = 'test1'
- cc = 'clang'
+ cc = determine_wellknown_cmd('CC', 'clang')
write_testcode(source)
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fno-stack-protector']),
@@ -95,4 +99,3 @@ class TestSecurityChecks(unittest.TestCase):
if __name__ == '__main__':
unittest.main()
-
diff --git a/contrib/devtools/test-symbol-check.py b/contrib/devtools/test-symbol-check.py
index 106dfd2c5a..7d83c5f751 100755
--- a/contrib/devtools/test-symbol-check.py
+++ b/contrib/devtools/test-symbol-check.py
@@ -7,41 +7,51 @@ Test script for symbol-check.py
'''
import os
import subprocess
+from typing import List
import unittest
-def call_symbol_check(cc, source, executable, options):
- subprocess.run([cc,source,'-o',executable] + options, check=True)
+from utils import determine_wellknown_cmd
+
+def call_symbol_check(cc: List[str], source, executable, options):
+ subprocess.run([*cc,source,'-o',executable] + options, check=True)
p = subprocess.run(['./contrib/devtools/symbol-check.py',executable], stdout=subprocess.PIPE, universal_newlines=True)
os.remove(source)
os.remove(executable)
return (p.returncode, p.stdout.rstrip())
+def get_machine(cc: List[str]):
+ p = subprocess.run([*cc,'-dumpmachine'], stdout=subprocess.PIPE, universal_newlines=True)
+ return p.stdout.rstrip()
+
class TestSymbolChecks(unittest.TestCase):
def test_ELF(self):
source = 'test1.c'
executable = 'test1'
- cc = 'gcc'
+ cc = determine_wellknown_cmd('CC', 'gcc')
- # renameat2 was introduced in GLIBC 2.28, so is newer than the upper limit
- # of glibc for all platforms
+ # there's no way to do this test for RISC-V at the moment; we build for
+ # RISC-V in a glibc 2.27 envinonment and we allow all symbols from 2.27.
+ if 'riscv' in get_machine(cc):
+ self.skipTest("test not available for RISC-V")
+
+ # nextup was introduced in GLIBC 2.24, so is newer than our supported
+ # glibc (2.17), and available in our release build environment (2.24).
with open(source, 'w', encoding="utf8") as f:
f.write('''
#define _GNU_SOURCE
- #include <stdio.h>
- #include <linux/fs.h>
+ #include <math.h>
- int renameat2(int olddirfd, const char *oldpath,
- int newdirfd, const char *newpath, unsigned int flags);
+ double nextup(double x);
int main()
{
- renameat2(0, "test", 0, "test_", RENAME_EXCHANGE);
+ nextup(3.14);
return 0;
}
''')
- self.assertEqual(call_symbol_check(cc, source, executable, []),
- (1, executable + ': symbol renameat2 from unsupported version GLIBC_2.28\n' +
+ self.assertEqual(call_symbol_check(cc, source, executable, ['-lm']),
+ (1, executable + ': symbol nextup from unsupported version GLIBC_2.24\n' +
executable + ': failed IMPORTED_SYMBOLS'))
# -lutil is part of the libc6 package so a safe bet that it's installed
@@ -82,7 +92,7 @@ class TestSymbolChecks(unittest.TestCase):
def test_MACHO(self):
source = 'test1.c'
executable = 'test1'
- cc = 'clang'
+ cc = determine_wellknown_cmd('CC', 'clang')
with open(source, 'w', encoding="utf8") as f:
f.write('''
@@ -96,9 +106,9 @@ class TestSymbolChecks(unittest.TestCase):
''')
- self.assertEqual(call_symbol_check(cc, source, executable, ['-lexpat']),
+ self.assertEqual(call_symbol_check(cc, source, executable, ['-lexpat', '-Wl,-platform_version','-Wl,macos', '-Wl,11.4', '-Wl,11.4']),
(1, 'libexpat.1.dylib is not in ALLOWED_LIBRARIES!\n' +
- executable + ': failed DYNAMIC_LIBRARIES'))
+ f'{executable}: failed DYNAMIC_LIBRARIES MIN_OS SDK'))
source = 'test2.c'
executable = 'test2'
@@ -113,13 +123,26 @@ class TestSymbolChecks(unittest.TestCase):
}
''')
- self.assertEqual(call_symbol_check(cc, source, executable, ['-framework', 'CoreGraphics']),
- (0, ''))
+ self.assertEqual(call_symbol_check(cc, source, executable, ['-framework', 'CoreGraphics', '-Wl,-platform_version','-Wl,macos', '-Wl,11.4', '-Wl,11.4']),
+ (1, f'{executable}: failed MIN_OS SDK'))
+
+ source = 'test3.c'
+ executable = 'test3'
+ with open(source, 'w', encoding="utf8") as f:
+ f.write('''
+ int main()
+ {
+ return 0;
+ }
+ ''')
+
+ self.assertEqual(call_symbol_check(cc, source, executable, ['-Wl,-platform_version','-Wl,macos', '-Wl,10.14', '-Wl,11.4']),
+ (1, f'{executable}: failed SDK'))
def test_PE(self):
source = 'test1.c'
executable = 'test1.exe'
- cc = 'x86_64-w64-mingw32-gcc'
+ cc = determine_wellknown_cmd('CC', 'x86_64-w64-mingw32-gcc')
with open(source, 'w', encoding="utf8") as f:
f.write('''
@@ -132,12 +155,26 @@ class TestSymbolChecks(unittest.TestCase):
}
''')
- self.assertEqual(call_symbol_check(cc, source, executable, ['-lpdh']),
+ self.assertEqual(call_symbol_check(cc, source, executable, ['-lpdh', '-Wl,--major-subsystem-version', '-Wl,6', '-Wl,--minor-subsystem-version', '-Wl,1']),
(1, 'pdh.dll is not in ALLOWED_LIBRARIES!\n' +
executable + ': failed DYNAMIC_LIBRARIES'))
source = 'test2.c'
executable = 'test2.exe'
+
+ with open(source, 'w', encoding="utf8") as f:
+ f.write('''
+ int main()
+ {
+ return 0;
+ }
+ ''')
+
+ self.assertEqual(call_symbol_check(cc, source, executable, ['-Wl,--major-subsystem-version', '-Wl,9', '-Wl,--minor-subsystem-version', '-Wl,9']),
+ (1, executable + ': failed SUBSYSTEM_VERSION'))
+
+ source = 'test3.c'
+ executable = 'test3.exe'
with open(source, 'w', encoding="utf8") as f:
f.write('''
#include <windows.h>
@@ -149,10 +186,9 @@ class TestSymbolChecks(unittest.TestCase):
}
''')
- self.assertEqual(call_symbol_check(cc, source, executable, ['-lole32']),
+ self.assertEqual(call_symbol_check(cc, source, executable, ['-lole32', '-Wl,--major-subsystem-version', '-Wl,6', '-Wl,--minor-subsystem-version', '-Wl,1']),
(0, ''))
if __name__ == '__main__':
unittest.main()
-
diff --git a/contrib/devtools/utils.py b/contrib/devtools/utils.py
new file mode 100755
index 0000000000..68ad1c3aba
--- /dev/null
+++ b/contrib/devtools/utils.py
@@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+# Copyright (c) 2021 The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+'''
+Common utility functions
+'''
+import shutil
+import sys
+import os
+from typing import List
+
+
+def determine_wellknown_cmd(envvar, progname) -> List[str]:
+ maybe_env = os.getenv(envvar)
+ maybe_which = shutil.which(progname)
+ if maybe_env:
+ return maybe_env.split(' ') # Well-known vars are often meant to be word-split
+ elif maybe_which:
+ return [ maybe_which ]
+ else:
+ sys.exit(f"{progname} not found")
diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml
index 103e249e33..e6dce7a8c6 100644
--- a/contrib/gitian-descriptors/gitian-linux.yml
+++ b/contrib/gitian-descriptors/gitian-linux.yml
@@ -56,7 +56,6 @@ script: |
HOST_CXXFLAGS="-O2 -g"
HOST_LDFLAGS_BASE="-static-libstdc++ -Wl,-O2"
- export QT_RCC_SOURCE_DATE_OVERRIDE=1
export TZ="UTC"
export BUILD_DIR="$PWD"
mkdir -p ${WRAP_DIR}
@@ -100,7 +99,7 @@ script: |
done
}
- pip3 install lief==0.11.4
+ pip3 install lief==0.11.5
# Faketime for depends so intermediate results are comparable
export PATH_orig=${PATH}
diff --git a/contrib/gitian-descriptors/gitian-osx-signer.yml b/contrib/gitian-descriptors/gitian-osx-signer.yml
index 3f0c0c3332..addad0a5d2 100644
--- a/contrib/gitian-descriptors/gitian-osx-signer.yml
+++ b/contrib/gitian-descriptors/gitian-osx-signer.yml
@@ -14,7 +14,7 @@ remotes:
"dir": "signature"
- "url": "https://github.com/achow101/signapple.git"
"dir": "signapple"
- "commit": "c7e73aa27a7615ac9506559173f787e2906b25eb"
+ "commit": "b084cbbf44d5330448ffce0c7d118f75781b64bd"
files:
- "bitcoin-osx-unsigned.tar.gz"
script: |
diff --git a/contrib/gitian-descriptors/gitian-osx.yml b/contrib/gitian-descriptors/gitian-osx.yml
index d6c41b2c43..a39618adb7 100644
--- a/contrib/gitian-descriptors/gitian-osx.yml
+++ b/contrib/gitian-descriptors/gitian-osx.yml
@@ -42,7 +42,6 @@ script: |
FAKETIME_HOST_PROGS=""
FAKETIME_PROGS="ar ranlib date dmg xorrisofs"
- export QT_RCC_SOURCE_DATE_OVERRIDE=1
export TZ="UTC"
export BUILD_DIR="$PWD"
mkdir -p ${WRAP_DIR}
@@ -79,7 +78,7 @@ script: |
done
}
- pip3 install lief==0.11.4
+ pip3 install lief==0.11.5
# Faketime for depends so intermediate results are comparable
export PATH_orig=${PATH}
diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml
index eabcdaa79d..ffe228a032 100644
--- a/contrib/gitian-descriptors/gitian-win.yml
+++ b/contrib/gitian-descriptors/gitian-win.yml
@@ -38,7 +38,6 @@ script: |
HOST_CFLAGS="-O2 -g -fno-ident"
HOST_CXXFLAGS="-O2 -g -fno-ident"
- export QT_RCC_SOURCE_DATE_OVERRIDE=1
export TZ="UTC"
export BUILD_DIR="$PWD"
mkdir -p ${WRAP_DIR}
@@ -87,7 +86,7 @@ script: |
done
}
- pip3 install lief==0.11.4
+ pip3 install lief==0.11.5
# Faketime for depends so intermediate results are comparable
export PATH_orig=${PATH}
diff --git a/contrib/guix/guix-attest b/contrib/guix/guix-attest
index 081d1c0465..c8cf73d400 100755
--- a/contrib/guix/guix-attest
+++ b/contrib/guix/guix-attest
@@ -99,24 +99,34 @@ fi
# We should be able to find at least one output
################
-echo "Looking for build output directories in ${OUTDIR_BASE}"
+echo "Looking for build output SHA256SUMS fragments in ${OUTDIR_BASE}"
shopt -s nullglob
-OUTDIRS=( "${OUTDIR_BASE}"/* ) # This expands to an array of directories...
+sha256sum_fragments=( "$OUTDIR_BASE"/*/SHA256SUMS.part ) # This expands to an array of directories...
shopt -u nullglob
-if (( ${#OUTDIRS[@]} )); then
- echo "Found build output directories:"
- for outdir in "${OUTDIRS[@]}"; do
+noncodesigned_fragments=()
+codesigned_fragments=()
+
+if (( ${#sha256sum_fragments[@]} )); then
+ echo "Found build output SHA256SUMS fragments:"
+ for outdir in "${sha256sum_fragments[@]}"; do
echo " '$outdir'"
+ case "$outdir" in
+ "$OUTDIR_BASE"/*-codesigned/SHA256SUMS.part)
+ codesigned_fragments+=("$outdir")
+ ;;
+ *)
+ noncodesigned_fragments+=("$outdir")
+ ;;
+ esac
done
echo
else
- echo "ERR: Could not find any build output directories in ${OUTDIR_BASE}"
+ echo "ERR: Could not find any build output SHA256SUMS fragments in ${OUTDIR_BASE}"
exit 1
fi
-
##############
## Attest ##
##############
@@ -126,82 +136,105 @@ fi
# HOST: The output directory being attested
#
out_name() {
- basename "$1"
+ basename "$(dirname "$1")"
}
-# Usage: out_sig_dir $outdir
-#
-# outdir: The output directory being attested
-#
-out_sig_dir() {
- echo "$GUIX_SIGS_REPO/$VERSION/$(out_name "$1")/$signer_name"
-}
+shasum_already_exists() {
+cat <<EOF
+--
-# Accumulate a list of signature directories that already exist...
-outdirs_already_attested_to=()
+ERR: An ${1} file already exists for '${VERSION}' and attests
+ differently. You likely previously attested to a partial build (e.g. one
+ where you specified the HOST environment variable).
-echo "Attesting to build outputs for version: '${VERSION}'"
-echo ""
+ See the diff above for more context.
-# MAIN LOGIC: Loop through each output for VERSION and attest to output in
-# GUIX_SIGS_REPO as SIGNER, if attestation does not exist
-for outdir in "${OUTDIRS[@]}"; do
- if [ -e "${outdir}/SKIPATTEST.TAG" ]; then
- echo "${outname}: SKIPPING: Output directory marked with SKIPATTEST.TAG file"
- continue
- fi
- outname="$(out_name "$outdir")"
- outsigdir="$(out_sig_dir "$outdir")"
- if [ -e "$outsigdir" ]; then
- echo "${outname}: SKIPPING: Signature directory already exists in the specified guix.sigs repository"
- outdirs_already_attested_to+=("$outdir")
- else
- # Clean up incomplete sigdir if something fails (likely gpg)
- trap 'rm -rf "$outsigdir"' ERR
+Hint: You may wish to remove the existing attestations and their signatures by
+ invoking:
- mkdir -p "$outsigdir"
+ rm '${PWD}/${1}'{,.asc}
- (
- cd "$outdir"
+ Then try running this script again.
- if [ -e inputs.SHA256SUMS ]; then
- echo "${outname}: Including existent input SHA256SUMS"
- cat inputs.SHA256SUMS >> "$outsigdir"/SHA256SUMS
- fi
+EOF
+}
- echo "${outname}: Hashing build outputs to produce SHA256SUMS"
- files="$(find -L . -type f ! -iname '*.SHA256SUMS')"
- if [ -n "$files" ]; then
- cut -c3- <<< "$files" | env LC_ALL=C sort | xargs sha256sum >> "$outsigdir"/SHA256SUMS
+echo "Attesting to build outputs for version: '${VERSION}'"
+echo ""
+
+outsigdir="$GUIX_SIGS_REPO/$VERSION/$signer_name"
+mkdir -p "$outsigdir"
+(
+ cd "$outsigdir"
+
+ temp_noncodesigned="$(mktemp)"
+ trap 'rm -rf -- "$temp_noncodesigned"' EXIT
+
+ if (( ${#noncodesigned_fragments[@]} )); then
+ cat "${noncodesigned_fragments[@]}" \
+ | sort -u \
+ | sort -k2 \
+ > "$temp_noncodesigned"
+ if [ -e noncodesigned.SHA256SUMS ]; then
+ # The SHA256SUMS already exists, make sure it's exactly what we
+ # expect, error out if not
+ if diff -u noncodesigned.SHA256SUMS "$temp_noncodesigned"; then
+ echo "A noncodesigned.SHA256SUMS file already exists for '${VERSION}' and is up-to-date."
else
- echo "ERR: ${outname}: No outputs found in '${outdir}'"
+ shasum_already_exists noncodesigned.SHA256SUMS
exit 1
fi
- )
- if [ -z "$NO_SIGN" ]; then
- echo "${outname}: Signing SHA256SUMS to produce SHA256SUMS.asc"
- gpg --detach-sign --local-user "$gpg_key_name" --armor --output "$outsigdir"/SHA256SUMS.asc "$outsigdir"/SHA256SUMS
else
- echo "${outname}: Not signing SHA256SUMS as \$NO_SIGN is not empty"
+ mv "$temp_noncodesigned" noncodesigned.SHA256SUMS
fi
- echo ""
-
- trap - ERR # Reset ERR trap
+ else
+ echo "ERR: No noncodesigned outputs found for '${VERSION}', exiting..."
+ exit 1
fi
-done
-
-if (( ${#outdirs_already_attested_to[@]} )); then
-# ...so that we can print them out nicely in a warning message
-cat << EOF
-WARN: Signature directories from '$signer_name' already exist in the specified
- guix.sigs repository for the following output directories and were
- skipped:
+ temp_codesigned="$(mktemp)"
+ trap 'rm -rf -- "$temp_codesigned"' EXIT
+
+ if (( ${#codesigned_fragments[@]} )); then
+ # Note: all.SHA256SUMS attests to all of $sha256sum_fragments, but is
+ # not needed if there are no $codesigned_fragments
+ cat "${sha256sum_fragments[@]}" \
+ | sort -u \
+ | sort -k2 \
+ > "$temp_codesigned"
+ if [ -e codesigned.SHA256SUMS ]; then
+ # The SHA256SUMS already exists, make sure it's exactly what we
+ # expect, error out if not
+ if diff -u all.SHA256SUMS "$temp_codesigned"; then
+ echo "An all.SHA256SUMS file already exists for '${VERSION}' and is up-to-date."
+ else
+ shasum_already_exists all.SHA256SUMS
+ exit 1
+ fi
+ else
+ mv "$temp_codesigned" codesigned.SHA256SUMS
+ fi
+ else
+ # It is fine to have the codesigned outputs be missing (perhaps the
+ # detached codesigs have not been published yet), just print a log
+ # message instead of erroring out
+ echo "INFO: No codesigned outputs found for '${VERSION}', skipping..."
+ fi
-EOF
-for outdir in "${outdirs_already_attested_to[@]}"; do
- echo " '${outdir}'"
- echo " Corresponds to: '$(out_sig_dir "$outdir")'"
+ if [ -z "$NO_SIGN" ]; then
+ echo "Signing SHA256SUMS to produce SHA256SUMS.asc"
+ for i in *.SHA256SUMS; do
+ if [ ! -e "$i".asc ]; then
+ gpg --detach-sign \
+ --local-user "$gpg_key_name" \
+ --armor \
+ --output "$i".asc "$i"
+ else
+ echo "Signature already there"
+ fi
+ done
+ else
+ echo "Not signing SHA256SUMS as \$NO_SIGN is not empty"
+ fi
echo ""
-done
-fi
+)
diff --git a/contrib/guix/guix-build b/contrib/guix/guix-build
index 69c244a6fa..29d6701b25 100755
--- a/contrib/guix/guix-build
+++ b/contrib/guix/guix-build
@@ -139,6 +139,28 @@ for host in $HOSTS; do
done
################
+# VERSION_BASE should have enough space
+################
+
+avail_KiB="$(df -Pk "$VERSION_BASE" | sed 1d | tr -s ' ' | cut -d' ' -f4)"
+total_required_KiB=0
+for host in $HOSTS; do
+ case "$host" in
+ *darwin*) required_KiB=440000 ;;
+ *mingw*) required_KiB=7600000 ;;
+ *) required_KiB=6400000 ;;
+ esac
+ total_required_KiB=$((total_required_KiB+required_KiB))
+done
+
+if (( total_required_KiB > avail_KiB )); then
+ total_required_GiB=$((total_required_KiB / 1048576))
+ avail_GiB=$((avail_KiB / 1048576))
+ echo "Performing a Bitcoin Core Guix build for the selected HOSTS requires ${total_required_GiB} GiB, however, only ${avail_GiB} GiB is available. Please free up some disk space before performing the build."
+ exit 1
+fi
+
+################
# Check that we can connect to the guix-daemon
################
diff --git a/contrib/guix/guix-verify b/contrib/guix/guix-verify
index 629050956c..a6e2c4065e 100755
--- a/contrib/guix/guix-verify
+++ b/contrib/guix/guix-verify
@@ -56,58 +56,87 @@ cmd_usage
exit 1
fi
-################
-# We should be able to find at least one output
-################
+##############
+## Verify ##
+##############
OUTSIGDIR_BASE="${GUIX_SIGS_REPO}/${VERSION}"
-echo "Looking for output signature directories in '${OUTSIGDIR_BASE}'"
+echo "Looking for signature directories in '${OUTSIGDIR_BASE}'"
+echo ""
+
+# Usage: verify compare_manifest current_manifest
+verify() {
+ local compare_manifest="$1"
+ local current_manifest="$2"
+ if ! gpg --quiet --batch --verify "$current_manifest".asc "$current_manifest" 1>&2; then
+ echo "ERR: Failed to verify GPG signature in '${current_manifest}'"
+ echo ""
+ echo "Hint: Either the signature is invalid or the public key is missing"
+ echo ""
+ elif ! diff --report-identical "$compare_manifest" "$current_manifest" 1>&2; then
+ echo "ERR: The SHA256SUMS attestation in these two directories differ:"
+ echo " '${compare_manifest}'"
+ echo " '${current_manifest}'"
+ echo ""
+ else
+ echo "Verified: '${current_manifest}'"
+ echo ""
+ fi
+}
shopt -s nullglob
-OUTSIGDIRS=( "$OUTSIGDIR_BASE"/* ) # This expands to an array of directories...
+all_noncodesigned=( "$OUTSIGDIR_BASE"/*/noncodesigned.SHA256SUMS )
shopt -u nullglob
-if (( ${#OUTSIGDIRS[@]} )); then
- echo "Found output signature directories:"
- for outsigdir in "${OUTSIGDIRS[@]}"; do
- echo " '$outsigdir'"
+echo "--------------------"
+echo ""
+if (( ${#all_noncodesigned[@]} )); then
+ compare_noncodesigned="${all_noncodesigned[0]}"
+
+ for current_manifest in "${all_noncodesigned[@]}"; do
+ verify "$compare_noncodesigned" "$current_manifest"
done
- echo
+
+ echo "DONE: Checking output signatures for noncodesigned.SHA256SUMS"
+ echo ""
else
- echo "ERR: Could not find any output signature directories in ${OUTSIGDIR_BASE}"
- exit 1
+ echo "WARN: No signature directories with noncodesigned.SHA256SUMS found"
+ echo ""
fi
+shopt -s nullglob
+all_all=( "$OUTSIGDIR_BASE"/*/all.SHA256SUMS )
+shopt -u nullglob
-##############
-## Verify ##
-##############
+echo "--------------------"
+echo ""
+if (( ${#all_all[@]} )); then
+ compare_all="${all_all[0]}"
-# MAIN LOGIC: Loop through each output for VERSION and check that the SHA256SUMS
-# and SHA256SUMS.asc file match between signers, using the first
-# available signer as the arbitrary comparison base.
-for outsigdir in "${OUTSIGDIRS[@]}"; do
- echo "BEGIN: Checking output signatures for $(basename "$outsigdir")"
- echo ""
- signer_dirs=( "$outsigdir"/* ) # This expands to an array of directories...
- compare_signer_dir="${signer_dirs[0]}" # ...we just want the first one
- for current_signer_dir in "${signer_dirs[@]}"; do
- if ! gpg --quiet --batch --verify "$current_signer_dir"/SHA256SUMS.asc "$current_signer_dir"/SHA256SUMS; then
- echo "ERR: Failed to verify GPG signature in '${current_signer_dir}/SHA256SUMS.asc'"
- echo ""
- echo "Hint: Either the signature is invalid or the public key is missing"
- echo ""
- elif ! diff --report-identical "$compare_signer_dir"/SHA256SUMS "$current_signer_dir"/SHA256SUMS; then
- echo "ERR: The SHA256SUMS attestation in these two directories differ:"
- echo " '${compare_signer_dir}'"
- echo " '${current_signer_dir}'"
- echo ""
- else
- echo "Verified: '${current_signer_dir}'"
- echo ""
- fi
+ for current_manifest in "${all_all[@]}"; do
+ verify "$compare_all" "$current_manifest"
done
- echo "DONE: Checking output signatures for $(basename "$outsigdir")"
+
+ # Sanity check: there should be no entries that exist in
+ # noncodesigned.SHA256SUMS that doesn't exist in all.SHA256SUMS
+ if [[ "$(comm -23 <(sort "$compare_noncodesigned") <(sort "$compare_all") | wc -c)" -ne 0 ]]; then
+ echo "ERR: There are unique lines in noncodesigned.SHA256SUMS which"
+ echo " do not exist in all.SHA256SUMS, something went very wrong."
+ exit 1
+ fi
+
+ echo "DONE: Checking output signatures for all.SHA256SUMS"
echo ""
+else
+ echo "WARN: No signature directories with all.SHA256SUMS found"
+ echo ""
+fi
+
+echo "===================="
+echo ""
+if (( ${#all_noncodesigned[@]} + ${#all_all[@]} == 0 )); then
+ echo "ERR: Unable to perform any verifications as no signature directories"
+ echo " were found"
echo ""
-done
+ exit 1
+fi
diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh
index 00cb494963..0b96949a6b 100755
--- a/contrib/guix/libexec/build.sh
+++ b/contrib/guix/libexec/build.sh
@@ -178,7 +178,6 @@ case "$HOST" in
esac
# Environment variables for determinism
-export QT_RCC_SOURCE_DATE_OVERRIDE=1
export TAR_OPTIONS="--owner=0 --group=0 --numeric-owner --mtime='@${SOURCE_DATE_EPOCH}' --sort=name"
export TZ="UTC"
case "$HOST" in
@@ -215,6 +214,7 @@ make -C depends --jobs="$JOBS" HOST="$HOST" \
x86_64_linux_NM=x86_64-linux-gnu-nm \
x86_64_linux_STRIP=x86_64-linux-gnu-strip \
qt_config_opts_i686_linux='-platform linux-g++ -xplatform bitcoin-linux-g++' \
+ qt_config_opts_x86_64_linux='-platform linux-g++ -xplatform bitcoin-linux-g++' \
FORCE_USE_SYSTEM_CLANG=1
@@ -231,20 +231,7 @@ if [ ! -e "$GIT_ARCHIVE" ]; then
git archive --prefix="${DISTNAME}/" --output="$GIT_ARCHIVE" HEAD
fi
-# tmpdir="$(mktemp -d)"
-# (
-# cd "$tmpdir"
-# mkdir -p inputs
-# ln -sf --target-directory=inputs "$GIT_ARCHIVE"
-
-# mkdir -p "$OUTDIR"
-# find -L inputs -type f -print0 | xargs -0 sha256sum > "${OUTDIR}/inputs.SHA256SUMS"
-# )
-
mkdir -p "$OUTDIR"
-cat << EOF > "$OUTDIR"/inputs.SHA256SUMS
-$(sha256sum "$GIT_ARCHIVE" | cut -d' ' -f1) inputs/$(basename "$GIT_ARCHIVE")
-EOF
###########################
# Binary Tarball Building #
@@ -253,7 +240,7 @@ EOF
# CONFIGFLAGS
CONFIGFLAGS="--enable-reduce-exports --disable-bench --disable-gui-tests --disable-fuzz-binary"
case "$HOST" in
- *linux*) CONFIGFLAGS+=" --enable-glibc-back-compat" ;;
+ *linux*) CONFIGFLAGS+=" --disable-threadlocal" ;;
esac
# CFLAGS
@@ -273,6 +260,13 @@ case "$HOST" in
*mingw*) HOST_LDFLAGS="-Wl,--no-insert-timestamp" ;;
esac
+# Using --no-tls-get-addr-optimize retains compatibility with glibc 2.17, by
+# avoiding a PowerPC64 optimisation available in glibc 2.22 and later.
+# https://sourceware.org/binutils/docs-2.35/ld/PowerPC64-ELF64.html
+case "$HOST" in
+ *powerpc64*) HOST_LDFLAGS="${HOST_LDFLAGS} -Wl,--no-tls-get-addr-optimize" ;;
+esac
+
case "$HOST" in
powerpc64-linux-*|riscv64-linux-*) HOST_LDFLAGS="${HOST_LDFLAGS} -Wl,-z,noexecstack" ;;
esac
@@ -305,10 +299,11 @@ mkdir -p "$DISTSRC"
# Build Bitcoin Core
make --jobs="$JOBS" ${V:+V=1}
- # Perform basic ELF security checks on a series of executables.
+ # Check that symbol/security checks tools are sane.
+ make test-security-check ${V:+V=1}
+ # Perform basic security checks on a series of executables.
make -C src --jobs=1 check-security ${V:+V=1}
- # Check that executables only contain allowed gcc, glibc and libstdc++
- # version symbols for Linux distro back-compatibility.
+ # Check that executables only contain allowed version symbols.
make -C src --jobs=1 check-symbols ${V:+V=1}
mkdir -p "$OUTDIR"
@@ -448,4 +443,17 @@ mkdir -p "$DISTSRC"
esac
) # $DISTSRC
-mv --no-target-directory "$OUTDIR" "$ACTUAL_OUTDIR"
+rm -rf "$ACTUAL_OUTDIR"
+mv --no-target-directory "$OUTDIR" "$ACTUAL_OUTDIR" \
+ || ( rm -rf "$ACTUAL_OUTDIR" && exit 1 )
+
+(
+ cd /outdir-base
+ {
+ echo "$GIT_ARCHIVE"
+ find "$ACTUAL_OUTDIR" -type f
+ } | xargs realpath --relative-base="$PWD" \
+ | xargs sha256sum \
+ | sort -k2 \
+ | sponge "$ACTUAL_OUTDIR"/SHA256SUMS.part
+)
diff --git a/contrib/guix/libexec/codesign.sh b/contrib/guix/libexec/codesign.sh
index 46b42a5712..f484ac5774 100755
--- a/contrib/guix/libexec/codesign.sh
+++ b/contrib/guix/libexec/codesign.sh
@@ -55,10 +55,6 @@ if [ ! -e "$CODESIGNATURE_GIT_ARCHIVE" ]; then
fi
mkdir -p "$OUTDIR"
-cat << EOF > "$OUTDIR"/inputs.SHA256SUMS
-$(sha256sum "$UNSIGNED_TARBALL" | cut -d' ' -f1) inputs/$(basename "$UNSIGNED_TARBALL")
-$(sha256sum "$CODESIGNATURE_GIT_ARCHIVE" | cut -d' ' -f1) inputs/$(basename "$CODESIGNATURE_GIT_ARCHIVE")
-EOF
mkdir -p "$DISTSRC"
(
@@ -100,4 +96,18 @@ mkdir -p "$DISTSRC"
esac
) # $DISTSRC
-mv --no-target-directory "$OUTDIR" "$ACTUAL_OUTDIR"
+rm -rf "$ACTUAL_OUTDIR"
+mv --no-target-directory "$OUTDIR" "$ACTUAL_OUTDIR" \
+ || ( rm -rf "$ACTUAL_OUTDIR" && exit 1 )
+
+(
+ cd /outdir-base
+ {
+ echo "$UNSIGNED_TARBALL"
+ echo "$CODESIGNATURE_GIT_ARCHIVE"
+ find "$ACTUAL_OUTDIR" -type f
+ } | xargs realpath --relative-base="$PWD" \
+ | xargs sha256sum \
+ | sort -k2 \
+ | sponge "$ACTUAL_OUTDIR"/SHA256SUMS.part
+)
diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm
index d2bc789b60..e71cf52533 100644
--- a/contrib/guix/manifest.scm
+++ b/contrib/guix/manifest.scm
@@ -22,6 +22,7 @@
(gnu packages linux)
(gnu packages llvm)
(gnu packages mingw)
+ (gnu packages moreutils)
(gnu packages perl)
(gnu packages pkg-config)
(gnu packages python)
@@ -79,6 +80,10 @@ http://www.linuxfromscratch.org/hlfs/view/development/chapter05/gcc-pass1.html"
(("-rpath=") "-rpath-link="))
#t))))))))
+(define (make-binutils-with-mingw-w64-disable-flags xbinutils)
+ (package-with-extra-patches xbinutils
+ (search-our-patches "binutils-mingw-w64-disable-flags.patch")))
+
(define (make-cross-toolchain target
base-gcc-for-libc
base-kernel-headers
@@ -134,11 +139,25 @@ chain for " target " development."))
(package-with-extra-patches gcc-8
(search-our-patches "gcc-8-sort-libtool-find-output.patch")))
+;; Building glibc with stack smashing protector first landed in glibc 2.25, use
+;; this function to disable for older glibcs
+;;
+;; From glibc 2.25 changelog:
+;;
+;; * Most of glibc can now be built with the stack smashing protector enabled.
+;; It is recommended to build glibc with --enable-stack-protector=strong.
+;; Implemented by Nick Alcock (Oracle).
+(define (make-glibc-without-ssp xglibc)
+ (package-with-extra-configure-variable
+ (package-with-extra-configure-variable
+ xglibc "libc_cv_ssp" "no")
+ "libc_cv_ssp_strong" "no"))
+
(define* (make-bitcoin-cross-toolchain target
#:key
(base-gcc-for-libc gcc-7)
(base-kernel-headers linux-libre-headers-5.4)
- (base-libc glibc) ; glibc 2.31
+ (base-libc (make-glibc-without-ssp glibc-2.24))
(base-gcc (make-gcc-rpath-link base-gcc)))
"Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values
desirable for building Bitcoin Core release binaries."
@@ -153,7 +172,7 @@ desirable for building Bitcoin Core release binaries."
(define (make-mingw-pthreads-cross-toolchain target)
"Create a cross-compilation toolchain package for TARGET"
- (let* ((xbinutils (cross-binutils target))
+ (let* ((xbinutils (make-binutils-with-mingw-w64-disable-flags (cross-binutils target)))
(pthreads-xlibc mingw-w64-x86_64-winpthreads)
(pthreads-xgcc (make-gcc-with-pthreads
(cross-gcc target
@@ -205,7 +224,7 @@ chain for " target " development."))
(define-public lief
(package
(name "python-lief")
- (version "0.11.4")
+ (version "0.11.5")
(source
(origin
(method git-fetch)
@@ -215,7 +234,7 @@ chain for " target " development."))
(file-name (git-file-name name version))
(sha256
(base32
- "0h4kcwr9z478almjqhmils8imfpflzk0r7d05g4xbkdyknn162qf"))))
+ "0qahjfg1n0x76ps2mbyljvws1l3qhkqvmxqbahps4qgywl2hbdkj"))))
(build-system python-build-system)
(native-inputs
`(("cmake" ,cmake)))
@@ -524,7 +543,7 @@ and endian independent.")
(license license:expat)))
(define-public python-signapple
- (let ((commit "4ff1c1754e37042c002a3f6375c47fd931f2030b"))
+ (let ((commit "b084cbbf44d5330448ffce0c7d118f75781b64bd"))
(package
(name "python-signapple")
(version (git-version "0.1" "1" commit))
@@ -532,12 +551,12 @@ and endian independent.")
(origin
(method git-fetch)
(uri (git-reference
- (url "https://github.com/dongcarl/signapple")
+ (url "https://github.com/achow101/signapple")
(commit commit)))
(file-name (git-file-name name commit))
(sha256
(base32
- "043czyzfm04rcx5xsp59vsppla3vm5g45dbp1npy2hww4066rlnh"))))
+ "0k7inccl2mzac3wq4asbr0kl8s4cghm8982z54kfascqg45shv01"))))
(build-system python-build-system)
(propagated-inputs
`(("python-asn1crypto" ,python-asn1crypto)
@@ -556,6 +575,28 @@ and endian independent.")
inspecting signatures in Mach-O binaries.")
(license license:expat))))
+(define-public glibc-2.24
+ (package
+ (inherit glibc)
+ (version "2.24")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://sourceware.org/git/glibc.git")
+ (commit "0d7f1ed30969886c8dde62fbf7d2c79967d4bace")))
+ (file-name (git-file-name "glibc" "0d7f1ed30969886c8dde62fbf7d2c79967d4bace"))
+ (sha256
+ (base32
+ "0g5hryia5v1k0qx97qffgwzrz4lr4jw3s5kj04yllhswsxyjbic3"))
+ (patches (search-our-patches "glibc-ldd-x86_64.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-2.24-elfm-loadaddr-dynamic-rewrite.patch"
+ "glibc-2.24-no-build-time-cxx-header-run.patch"))))))
+
+(define glibc-2.27/bitcoin-patched
+ (package-with-extra-patches glibc-2.27
+ (search-our-patches "glibc-2.27-riscv64-Use-__has_include__-to-include-asm-syscalls.h.patch")))
+
(packages->manifest
(append
(list ;; The Basics
@@ -572,6 +613,7 @@ inspecting signatures in Mach-O binaries.")
patch
gawk
sed
+ moreutils
;; Compression and archiving
tar
bzip2
@@ -604,7 +646,10 @@ inspecting signatures in Mach-O binaries.")
(make-nsis-with-sde-support nsis-x86_64)
osslsigncode))
((string-contains target "-linux-")
- (list (make-bitcoin-cross-toolchain target)))
+ (list (cond ((string-contains target "riscv64-")
+ (make-bitcoin-cross-toolchain target #:base-libc glibc-2.27/bitcoin-patched))
+ (else
+ (make-bitcoin-cross-toolchain target)))))
((string-contains target "darwin")
(list clang-toolchain-10 binutils imagemagick libtiff librsvg font-tuffy cmake xorriso python-signapple))
(else '())))))
diff --git a/contrib/guix/patches/binutils-mingw-w64-disable-flags.patch b/contrib/guix/patches/binutils-mingw-w64-disable-flags.patch
new file mode 100644
index 0000000000..8f88eb9dfd
--- /dev/null
+++ b/contrib/guix/patches/binutils-mingw-w64-disable-flags.patch
@@ -0,0 +1,171 @@
+Description: Add disable opposites to the security-related flags
+Author: Stephen Kitt <skitt@debian.org>
+
+This patch adds "no-" variants to disable the various security flags:
+"no-dynamicbase", "no-nxcompat", "no-high-entropy-va", "disable-reloc-section".
+
+--- a/ld/emultempl/pe.em
++++ b/ld/emultempl/pe.em
+@@ -259,9 +261,11 @@
+ (OPTION_ENABLE_LONG_SECTION_NAMES + 1)
+ /* DLLCharacteristics flags. */
+ #define OPTION_DYNAMIC_BASE (OPTION_DISABLE_LONG_SECTION_NAMES + 1)
+-#define OPTION_FORCE_INTEGRITY (OPTION_DYNAMIC_BASE + 1)
++#define OPTION_NO_DYNAMIC_BASE (OPTION_DYNAMIC_BASE + 1)
++#define OPTION_FORCE_INTEGRITY (OPTION_NO_DYNAMIC_BASE + 1)
+ #define OPTION_NX_COMPAT (OPTION_FORCE_INTEGRITY + 1)
+-#define OPTION_NO_ISOLATION (OPTION_NX_COMPAT + 1)
++#define OPTION_NO_NX_COMPAT (OPTION_NX_COMPAT + 1)
++#define OPTION_NO_ISOLATION (OPTION_NO_NX_COMPAT + 1)
+ #define OPTION_NO_SEH (OPTION_NO_ISOLATION + 1)
+ #define OPTION_NO_BIND (OPTION_NO_SEH + 1)
+ #define OPTION_WDM_DRIVER (OPTION_NO_BIND + 1)
+@@ -271,6 +275,7 @@
+ #define OPTION_NO_INSERT_TIMESTAMP (OPTION_INSERT_TIMESTAMP + 1)
+ #define OPTION_BUILD_ID (OPTION_NO_INSERT_TIMESTAMP + 1)
+ #define OPTION_ENABLE_RELOC_SECTION (OPTION_BUILD_ID + 1)
++#define OPTION_DISABLE_RELOC_SECTION (OPTION_ENABLE_RELOC_SECTION + 1)
+
+ static void
+ gld${EMULATION_NAME}_add_options
+@@ -342,8 +347,10 @@
+ {"enable-long-section-names", no_argument, NULL, OPTION_ENABLE_LONG_SECTION_NAMES},
+ {"disable-long-section-names", no_argument, NULL, OPTION_DISABLE_LONG_SECTION_NAMES},
+ {"dynamicbase",no_argument, NULL, OPTION_DYNAMIC_BASE},
++ {"no-dynamicbase", no_argument, NULL, OPTION_NO_DYNAMIC_BASE},
+ {"forceinteg", no_argument, NULL, OPTION_FORCE_INTEGRITY},
+ {"nxcompat", no_argument, NULL, OPTION_NX_COMPAT},
++ {"no-nxcompat", no_argument, NULL, OPTION_NO_NX_COMPAT},
+ {"no-isolation", no_argument, NULL, OPTION_NO_ISOLATION},
+ {"no-seh", no_argument, NULL, OPTION_NO_SEH},
+ {"no-bind", no_argument, NULL, OPTION_NO_BIND},
+@@ -351,6 +358,7 @@
+ {"tsaware", no_argument, NULL, OPTION_TERMINAL_SERVER_AWARE},
+ {"build-id", optional_argument, NULL, OPTION_BUILD_ID},
+ {"enable-reloc-section", no_argument, NULL, OPTION_ENABLE_RELOC_SECTION},
++ {"disable-reloc-section", no_argument, NULL, OPTION_DISABLE_RELOC_SECTION},
+ {NULL, no_argument, NULL, 0}
+ };
+
+@@ -485,9 +494,12 @@
+ in object files\n"));
+ fprintf (file, _(" --dynamicbase Image base address may be relocated using\n\
+ address space layout randomization (ASLR)\n"));
++ fprintf (file, _(" --no-dynamicbase Image base address may not be relocated\n"));
+ fprintf (file, _(" --enable-reloc-section Create the base relocation table\n"));
++ fprintf (file, _(" --disable-reloc-section Disable the base relocation table\n"));
+ fprintf (file, _(" --forceinteg Code integrity checks are enforced\n"));
+ fprintf (file, _(" --nxcompat Image is compatible with data execution prevention\n"));
++ fprintf (file, _(" --no-nxcompat Image is not compatible with data execution prevention\n"));
+ fprintf (file, _(" --no-isolation Image understands isolation but do not isolate the image\n"));
+ fprintf (file, _(" --no-seh Image does not use SEH. No SE handler may\n\
+ be called in this image\n"));
+@@ -862,12 +874,21 @@
+ case OPTION_ENABLE_RELOC_SECTION:
+ pe_dll_enable_reloc_section = 1;
+ break;
++ case OPTION_DISABLE_RELOC_SECTION:
++ pe_dll_enable_reloc_section = 0;
++ /* fall through */
++ case OPTION_NO_DYNAMIC_BASE:
++ pe_dll_characteristics &= ~IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE;
++ break;
+ case OPTION_FORCE_INTEGRITY:
+ pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY;
+ break;
+ case OPTION_NX_COMPAT:
+ pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_NX_COMPAT;
+ break;
++ case OPTION_NO_NX_COMPAT:
++ pe_dll_characteristics &= ~IMAGE_DLL_CHARACTERISTICS_NX_COMPAT;
++ break;
+ case OPTION_NO_ISOLATION:
+ pe_dll_characteristics |= IMAGE_DLLCHARACTERISTICS_NO_ISOLATION;
+ break;
+--- a/ld/emultempl/pep.em
++++ b/ld/emultempl/pep.em
+@@ -237,9 +240,12 @@
+ OPTION_ENABLE_LONG_SECTION_NAMES,
+ OPTION_DISABLE_LONG_SECTION_NAMES,
+ OPTION_HIGH_ENTROPY_VA,
++ OPTION_NO_HIGH_ENTROPY_VA,
+ OPTION_DYNAMIC_BASE,
++ OPTION_NO_DYNAMIC_BASE,
+ OPTION_FORCE_INTEGRITY,
+ OPTION_NX_COMPAT,
++ OPTION_NO_NX_COMPAT,
+ OPTION_NO_ISOLATION,
+ OPTION_NO_SEH,
+ OPTION_NO_BIND,
+@@ -248,7 +254,8 @@
+ OPTION_NO_INSERT_TIMESTAMP,
+ OPTION_TERMINAL_SERVER_AWARE,
+ OPTION_BUILD_ID,
+- OPTION_ENABLE_RELOC_SECTION
++ OPTION_ENABLE_RELOC_SECTION,
++ OPTION_DISABLE_RELOC_SECTION
+ };
+
+ static void
+@@ -315,9 +322,12 @@
+ {"enable-long-section-names", no_argument, NULL, OPTION_ENABLE_LONG_SECTION_NAMES},
+ {"disable-long-section-names", no_argument, NULL, OPTION_DISABLE_LONG_SECTION_NAMES},
+ {"high-entropy-va", no_argument, NULL, OPTION_HIGH_ENTROPY_VA},
++ {"no-high-entropy-va", no_argument, NULL, OPTION_NO_HIGH_ENTROPY_VA},
+ {"dynamicbase",no_argument, NULL, OPTION_DYNAMIC_BASE},
++ {"no-dynamicbase", no_argument, NULL, OPTION_NO_DYNAMIC_BASE},
+ {"forceinteg", no_argument, NULL, OPTION_FORCE_INTEGRITY},
+ {"nxcompat", no_argument, NULL, OPTION_NX_COMPAT},
++ {"no-nxcompat", no_argument, NULL, OPTION_NO_NX_COMPAT},
+ {"no-isolation", no_argument, NULL, OPTION_NO_ISOLATION},
+ {"no-seh", no_argument, NULL, OPTION_NO_SEH},
+ {"no-bind", no_argument, NULL, OPTION_NO_BIND},
+@@ -327,6 +337,7 @@
+ {"no-insert-timestamp", no_argument, NULL, OPTION_NO_INSERT_TIMESTAMP},
+ {"build-id", optional_argument, NULL, OPTION_BUILD_ID},
+ {"enable-reloc-section", no_argument, NULL, OPTION_ENABLE_RELOC_SECTION},
++ {"disable-reloc-section", no_argument, NULL, OPTION_DISABLE_RELOC_SECTION},
+ {NULL, no_argument, NULL, 0}
+ };
+
+@@ -448,11 +461,15 @@
+ in object files\n"));
+ fprintf (file, _(" --high-entropy-va Image is compatible with 64-bit address space\n\
+ layout randomization (ASLR)\n"));
++ fprintf (file, _(" --no-high-entropy-va Image is not compatible with 64-bit ASLR\n"));
+ fprintf (file, _(" --dynamicbase Image base address may be relocated using\n\
+ address space layout randomization (ASLR)\n"));
++ fprintf (file, _(" --no-dynamicbase Image base address may not be relocated\n"));
+ fprintf (file, _(" --enable-reloc-section Create the base relocation table\n"));
++ fprintf (file, _(" --disable-reloc-section Disable the base relocation table\n"));
+ fprintf (file, _(" --forceinteg Code integrity checks are enforced\n"));
+ fprintf (file, _(" --nxcompat Image is compatible with data execution prevention\n"));
++ fprintf (file, _(" --no-nxcompat Image is not compatible with data execution prevention\n"));
+ fprintf (file, _(" --no-isolation Image understands isolation but do not isolate the image\n"));
+ fprintf (file, _(" --no-seh Image does not use SEH; no SE handler may\n\
+ be called in this image\n"));
+@@ -809,12 +826,24 @@
+ case OPTION_ENABLE_RELOC_SECTION:
+ pep_dll_enable_reloc_section = 1;
+ break;
++ case OPTION_DISABLE_RELOC_SECTION:
++ pep_dll_enable_reloc_section = 0;
++ /* fall through */
++ case OPTION_NO_DYNAMIC_BASE:
++ pe_dll_characteristics &= ~IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE;
++ /* fall through */
++ case OPTION_NO_HIGH_ENTROPY_VA:
++ pe_dll_characteristics &= ~IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA;
++ break;
+ case OPTION_FORCE_INTEGRITY:
+ pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY;
+ break;
+ case OPTION_NX_COMPAT:
+ pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_NX_COMPAT;
+ break;
++ case OPTION_NO_NX_COMPAT:
++ pe_dll_characteristics &= ~IMAGE_DLL_CHARACTERISTICS_NX_COMPAT;
++ break;
+ case OPTION_NO_ISOLATION:
+ pe_dll_characteristics |= IMAGE_DLLCHARACTERISTICS_NO_ISOLATION;
+ break;
diff --git a/contrib/guix/patches/gcc-8-sort-libtool-find-output.patch b/contrib/guix/patches/gcc-8-sort-libtool-find-output.patch
index 1dfe3ba132..f327c464f3 100644
--- a/contrib/guix/patches/gcc-8-sort-libtool-find-output.patch
+++ b/contrib/guix/patches/gcc-8-sort-libtool-find-output.patch
@@ -1,3 +1,11 @@
+guix: repro: Sort find output in libtool for gcc-8
+
+Otherwise the resulting .a static libraries (e.g. libstdc++.a) will not
+be reproducible and end up making the Bitcoin binaries non-reproducible
+as well.
+
+See: https://reproducible-builds.org/docs/archives/#gnu-libtool
+
diff --git a/gcc/configure b/gcc/configure
index 97ba7d7d69c..e37a96f0c0c 100755
--- a/gcc/configure
diff --git a/contrib/guix/patches/glibc-2.24-elfm-loadaddr-dynamic-rewrite.patch b/contrib/guix/patches/glibc-2.24-elfm-loadaddr-dynamic-rewrite.patch
new file mode 100644
index 0000000000..5c4d0c6ebe
--- /dev/null
+++ b/contrib/guix/patches/glibc-2.24-elfm-loadaddr-dynamic-rewrite.patch
@@ -0,0 +1,62 @@
+https://sourceware.org/git/?p=glibc.git;a=commit;h=a68ba2f3cd3cbe32c1f31e13c20ed13487727b32
+
+commit 6b02af31e9a721bb15a11380cd22d53b621711f8
+Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
+Date: Wed Oct 18 17:26:23 2017 +0100
+
+ [AARCH64] Rewrite elf_machine_load_address using _DYNAMIC symbol
+
+ This patch rewrites aarch64 elf_machine_load_address to use special _DYNAMIC
+ symbol instead of _dl_start.
+
+ The static address of _DYNAMIC symbol is stored in the first GOT entry.
+ Here is the change which makes this solution work (part of binutils 2.24):
+ https://sourceware.org/ml/binutils/2013-06/msg00248.html
+
+ i386, x86_64 targets use the same method to do this as well.
+
+ The original implementation relies on a trick that R_AARCH64_ABS32 relocation
+ being resolved at link time and the static address fits in the 32bits.
+ However, in LP64, normally, the address is defined to be 64 bit.
+
+ Here is the C version one which should be portable in all cases.
+
+ * sysdeps/aarch64/dl-machine.h (elf_machine_load_address): Use
+ _DYNAMIC symbol to calculate load address.
+
+diff --git a/sysdeps/aarch64/dl-machine.h b/sysdeps/aarch64/dl-machine.h
+index e86d8b5b63..5a5b8a5de5 100644
+--- a/sysdeps/aarch64/dl-machine.h
++++ b/sysdeps/aarch64/dl-machine.h
+@@ -49,26 +49,11 @@ elf_machine_load_address (void)
+ /* To figure out the load address we use the definition that for any symbol:
+ dynamic_addr(symbol) = static_addr(symbol) + load_addr
+
+- The choice of symbol is arbitrary. The static address we obtain
+- by constructing a non GOT reference to the symbol, the dynamic
+- address of the symbol we compute using adrp/add to compute the
+- symbol's address relative to the PC.
+- This depends on 32bit relocations being resolved at link time
+- and that the static address fits in the 32bits. */
+-
+- ElfW(Addr) static_addr;
+- ElfW(Addr) dynamic_addr;
+-
+- asm (" \n"
+-" adrp %1, _dl_start; \n"
+-" add %1, %1, #:lo12:_dl_start \n"
+-" ldr %w0, 1f \n"
+-" b 2f \n"
+-"1: \n"
+-" .word _dl_start \n"
+-"2: \n"
+- : "=r" (static_addr), "=r" (dynamic_addr));
+- return dynamic_addr - static_addr;
++ _DYNAMIC sysmbol is used here as its link-time address stored in
++ the special unrelocated first GOT entry. */
++
++ extern ElfW(Dyn) _DYNAMIC[] attribute_hidden;
++ return (ElfW(Addr)) &_DYNAMIC - elf_machine_dynamic ();
+ }
+
+ /* Set up the loaded object described by L so its unrelocated PLT
diff --git a/contrib/guix/patches/glibc-2.24-no-build-time-cxx-header-run.patch b/contrib/guix/patches/glibc-2.24-no-build-time-cxx-header-run.patch
new file mode 100644
index 0000000000..11fe7fdc99
--- /dev/null
+++ b/contrib/guix/patches/glibc-2.24-no-build-time-cxx-header-run.patch
@@ -0,0 +1,100 @@
+https://sourceware.org/git/?p=glibc.git;a=commit;h=fc3e1337be1c6935ab58bd13520f97a535cf70cc
+
+commit dc23a45db566095e83ff0b7a57afc87fb5ca89a1
+Author: Florian Weimer <fweimer@redhat.com>
+Date: Wed Sep 21 10:45:32 2016 +0200
+
+ Avoid running $(CXX) during build to obtain header file paths
+
+ This reduces the build time somewhat and is particularly noticeable
+ during rebuilds with few code changes.
+
+diff --git a/Makerules b/Makerules
+index 7e4077ee50..c338850de5 100644
+--- a/Makerules
++++ b/Makerules
+@@ -121,14 +121,10 @@ ifneq (,$(CXX))
+ # will be used instead of /usr/include/stdlib.h and /usr/include/math.h.
+ before-compile := $(common-objpfx)cstdlib $(common-objpfx)cmath \
+ $(before-compile)
+-cstdlib=$(shell echo "\#include <cstdlib>" | $(CXX) -M -MP -x c++ - \
+- | sed -n "/cstdlib:/{s/:$$//;p}")
+-$(common-objpfx)cstdlib: $(cstdlib)
++$(common-objpfx)cstdlib: $(c++-cstdlib-header)
+ $(INSTALL_DATA) $< $@T
+ $(move-if-change) $@T $@
+-cmath=$(shell echo "\#include <cmath>" | $(CXX) -M -MP -x c++ - \
+- | sed -n "/cmath:/{s/:$$//;p}")
+-$(common-objpfx)cmath: $(cmath)
++$(common-objpfx)cmath: $(c++-cmath-header)
+ $(INSTALL_DATA) $< $@T
+ $(move-if-change) $@T $@
+ endif
+diff --git a/config.make.in b/config.make.in
+index 95c6f36876..04a8b3ed7f 100644
+--- a/config.make.in
++++ b/config.make.in
+@@ -45,6 +45,8 @@ defines = @DEFINES@
+ sysheaders = @sysheaders@
+ sysincludes = @SYSINCLUDES@
+ c++-sysincludes = @CXX_SYSINCLUDES@
++c++-cstdlib-header = @CXX_CSTDLIB_HEADER@
++c++-cmath-header = @CXX_CMATH_HEADER@
+ all-warnings = @all_warnings@
+ enable-werror = @enable_werror@
+
+diff --git a/configure b/configure
+index 17625e1041..6ff252744b 100755
+--- a/configure
++++ b/configure
+@@ -635,6 +635,8 @@ BISON
+ INSTALL_INFO
+ PERL
+ BASH_SHELL
++CXX_CMATH_HEADER
++CXX_CSTDLIB_HEADER
+ CXX_SYSINCLUDES
+ SYSINCLUDES
+ AUTOCONF
+@@ -5054,6 +5056,18 @@ fi
+
+
+
++# Obtain some C++ header file paths. This is used to make a local
++# copy of those headers in Makerules.
++if test -n "$CXX"; then
++ find_cxx_header () {
++ echo "#include <$1>" | $CXX -M -MP -x c++ - | sed -n "/$1:/{s/:\$//;p}"
++ }
++ CXX_CSTDLIB_HEADER="$(find_cxx_header cstdlib)"
++ CXX_CMATH_HEADER="$(find_cxx_header cmath)"
++fi
++
++
++
+ # Test if LD_LIBRARY_PATH contains the notation for the current directory
+ # since this would lead to problems installing/building glibc.
+ # LD_LIBRARY_PATH contains the current directory if one of the following
+diff --git a/configure.ac b/configure.ac
+index 33bcd62180..9938ab0dc2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1039,6 +1039,18 @@ fi
+ AC_SUBST(SYSINCLUDES)
+ AC_SUBST(CXX_SYSINCLUDES)
+
++# Obtain some C++ header file paths. This is used to make a local
++# copy of those headers in Makerules.
++if test -n "$CXX"; then
++ find_cxx_header () {
++ echo "#include <$1>" | $CXX -M -MP -x c++ - | sed -n "/$1:/{s/:\$//;p}"
++ }
++ CXX_CSTDLIB_HEADER="$(find_cxx_header cstdlib)"
++ CXX_CMATH_HEADER="$(find_cxx_header cmath)"
++fi
++AC_SUBST(CXX_CSTDLIB_HEADER)
++AC_SUBST(CXX_CMATH_HEADER)
++
+ # Test if LD_LIBRARY_PATH contains the notation for the current directory
+ # since this would lead to problems installing/building glibc.
+ # LD_LIBRARY_PATH contains the current directory if one of the following
diff --git a/contrib/guix/patches/glibc-2.27-riscv64-Use-__has_include__-to-include-asm-syscalls.h.patch b/contrib/guix/patches/glibc-2.27-riscv64-Use-__has_include__-to-include-asm-syscalls.h.patch
new file mode 100644
index 0000000000..d6217157ee
--- /dev/null
+++ b/contrib/guix/patches/glibc-2.27-riscv64-Use-__has_include__-to-include-asm-syscalls.h.patch
@@ -0,0 +1,72 @@
+https://sourceware.org/git/?p=glibc.git;a=commit;h=0b9c84906f653978fb8768c7ebd0ee14a47e662e
+
+From 562c52cc81a4e456a62e6455feb32732049e9070 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Mon, 31 Dec 2018 09:26:42 -0800
+Subject: [PATCH] riscv: Use __has_include__ to include <asm/syscalls.h> [BZ
+ #24022]
+
+<asm/syscalls.h> has been removed by
+
+commit 27f8899d6002e11a6e2d995e29b8deab5aa9cc25
+Author: David Abdurachmanov <david.abdurachmanov@gmail.com>
+Date: Thu Nov 8 20:02:39 2018 +0100
+
+ riscv: add asm/unistd.h UAPI header
+
+ Marcin Juszkiewicz reported issues while generating syscall table for riscv
+ using 4.20-rc1. The patch refactors our unistd.h files to match some other
+ architectures.
+
+ - Add asm/unistd.h UAPI header, which has __ARCH_WANT_NEW_STAT only for 64-bit
+ - Remove asm/syscalls.h UAPI header and merge to asm/unistd.h
+ - Adjust kernel asm/unistd.h
+
+ So now asm/unistd.h UAPI header should show all syscalls for riscv.
+
+<asm/syscalls.h> may be restored by
+
+Subject: [PATCH] riscv: restore asm/syscalls.h UAPI header
+Date: Tue, 11 Dec 2018 09:09:35 +0100
+
+UAPI header asm/syscalls.h was merged into UAPI asm/unistd.h header,
+which did resolve issue with missing syscalls macros resulting in
+glibc (2.28) build failure. It also broke glibc in a different way:
+asm/syscalls.h is being used by glibc. I noticed this while doing
+Fedora 30/Rawhide mass rebuild.
+
+The patch returns asm/syscalls.h header and incl. it into asm/unistd.h.
+I plan to send a patch to glibc to use asm/unistd.h instead of
+asm/syscalls.h
+
+In the meantime, we use __has_include__, which was added to GCC 5, to
+check if <asm/syscalls.h> exists before including it. Tested with
+build-many-glibcs.py for riscv against kernel 4.19.12 and 4.20-rc7.
+
+ [BZ #24022]
+ * sysdeps/unix/sysv/linux/riscv/flush-icache.c: Check if
+ <asm/syscalls.h> exists with __has_include__ before including it.
+---
+ sysdeps/unix/sysv/linux/riscv/flush-icache.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/sysdeps/unix/sysv/linux/riscv/flush-icache.c b/sysdeps/unix/sysv/linux/riscv/flush-icache.c
+index d612ef4c6c..0b2042620b 100644
+--- a/sysdeps/unix/sysv/linux/riscv/flush-icache.c
++++ b/sysdeps/unix/sysv/linux/riscv/flush-icache.c
+@@ -21,7 +21,11 @@
+ #include <stdlib.h>
+ #include <atomic.h>
+ #include <sys/cachectl.h>
+-#include <asm/syscalls.h>
++#if __has_include__ (<asm/syscalls.h>)
++# include <asm/syscalls.h>
++#else
++# include <asm/unistd.h>
++#endif
+
+ typedef int (*func_type) (void *, void *, unsigned long int);
+
+--
+2.31.1
+
diff --git a/contrib/guix/patches/glibc-ldd-x86_64.patch b/contrib/guix/patches/glibc-ldd-x86_64.patch
new file mode 100644
index 0000000000..b1b6d5a548
--- /dev/null
+++ b/contrib/guix/patches/glibc-ldd-x86_64.patch
@@ -0,0 +1,10 @@
+By default, 'RTDLLIST' in 'ldd' refers to 'lib64/ld-linux-x86-64.so', whereas
+it's in 'lib/' for us. This patch fixes that.
+
+--- glibc-2.17/sysdeps/unix/sysv/linux/x86_64/ldd-rewrite.sed 2012-12-25 04:02:13.000000000 +0100
++++ glibc-2.17/sysdeps/unix/sysv/linux/x86_64/ldd-rewrite.sed 2013-09-15 23:08:03.000000000 +0200
+@@ -1,3 +1,3 @@
+ /LD_TRACE_LOADED_OBJECTS=1/a\
+ add_env="$add_env LD_LIBRARY_VERSION=\\$verify_out"
+-s_^\(RTLDLIST=\)\(.*lib\)\(\|64\|x32\)\(/[^/]*\)\(-x86-64\|-x32\)\(\.so\.[0-9.]*\)[ ]*$_\1"\2\4\6 \264\4-x86-64\6 \2x32\4-x32\6"_
++s_^\(RTLDLIST=\)\(.*lib\)\(\|64\|x32\)\(/[^/]*\)\(-x86-64\|-x32\)\(\.so\.[0-9.]*\)[ ]*$_\1"\2\4\6 \2\4-x86-64\6 \2x32\4-x32\6"_
diff --git a/contrib/guix/patches/glibc-versioned-locpath.patch b/contrib/guix/patches/glibc-versioned-locpath.patch
new file mode 100644
index 0000000000..bc7652127f
--- /dev/null
+++ b/contrib/guix/patches/glibc-versioned-locpath.patch
@@ -0,0 +1,240 @@
+The format of locale data can be incompatible between libc versions, and
+loading incompatible data can lead to 'setlocale' returning EINVAL at best
+or triggering an assertion failure at worst. See
+https://lists.gnu.org/archive/html/guix-devel/2015-09/msg00717.html
+for background information.
+
+To address that, this patch changes libc to honor a new 'GUIX_LOCPATH'
+variable, and to look for locale data in version-specific sub-directories of
+that variable. So, if GUIX_LOCPATH=/foo:/bar, locale data is searched for in
+/foo/X.Y and /bar/X.Y, where X.Y is the libc version number.
+
+That way, a single 'GUIX_LOCPATH' setting can work even if different libc
+versions coexist on the system.
+
+--- a/locale/newlocale.c
++++ b/locale/newlocale.c
+@@ -30,6 +30,7 @@
+ /* Lock for protecting global data. */
+ __libc_rwlock_define (extern , __libc_setlocale_lock attribute_hidden)
+
++extern error_t compute_locale_search_path (char **, size_t *);
+
+ /* Use this when we come along an error. */
+ #define ERROR_RETURN \
+@@ -48,7 +49,6 @@ __newlocale (int category_mask, const char *locale, __locale_t base)
+ __locale_t result_ptr;
+ char *locale_path;
+ size_t locale_path_len;
+- const char *locpath_var;
+ int cnt;
+ size_t names_len;
+
+@@ -102,17 +102,8 @@ __newlocale (int category_mask, const char *locale, __locale_t base)
+ locale_path = NULL;
+ locale_path_len = 0;
+
+- locpath_var = getenv ("LOCPATH");
+- if (locpath_var != NULL && locpath_var[0] != '\0')
+- {
+- if (__argz_create_sep (locpath_var, ':',
+- &locale_path, &locale_path_len) != 0)
+- return NULL;
+-
+- if (__argz_add_sep (&locale_path, &locale_path_len,
+- _nl_default_locale_path, ':') != 0)
+- return NULL;
+- }
++ if (compute_locale_search_path (&locale_path, &locale_path_len) != 0)
++ return NULL;
+
+ /* Get the names for the locales we are interested in. We either
+ allow a composite name or a single name. */
+diff --git a/locale/setlocale.c b/locale/setlocale.c
+index ead030d..0c0e314 100644
+--- a/locale/setlocale.c
++++ b/locale/setlocale.c
+@@ -215,12 +215,65 @@ setdata (int category, struct __locale_data *data)
+ }
+ }
+
++/* Return in *LOCALE_PATH and *LOCALE_PATH_LEN the locale data search path as
++ a colon-separated list. Return ENOMEN on error, zero otherwise. */
++error_t
++compute_locale_search_path (char **locale_path, size_t *locale_path_len)
++{
++ char* guix_locpath_var = getenv ("GUIX_LOCPATH");
++ char *locpath_var = getenv ("LOCPATH");
++
++ if (guix_locpath_var != NULL && guix_locpath_var[0] != '\0')
++ {
++ /* Entries in 'GUIX_LOCPATH' take precedence over 'LOCPATH'. These
++ entries are systematically prefixed with "/X.Y" where "X.Y" is the
++ libc version. */
++ if (__argz_create_sep (guix_locpath_var, ':',
++ locale_path, locale_path_len) != 0
++ || __argz_suffix_entries (locale_path, locale_path_len,
++ "/" VERSION) != 0)
++ goto bail_out;
++ }
++
++ if (locpath_var != NULL && locpath_var[0] != '\0')
++ {
++ char *reg_locale_path = NULL;
++ size_t reg_locale_path_len = 0;
++
++ if (__argz_create_sep (locpath_var, ':',
++ &reg_locale_path, &reg_locale_path_len) != 0)
++ goto bail_out;
++
++ if (__argz_append (locale_path, locale_path_len,
++ reg_locale_path, reg_locale_path_len) != 0)
++ goto bail_out;
++
++ free (reg_locale_path);
++ }
++
++ if (*locale_path != NULL)
++ {
++ /* Append the system default locale directory. */
++ if (__argz_add_sep (locale_path, locale_path_len,
++ _nl_default_locale_path, ':') != 0)
++ goto bail_out;
++ }
++
++ return 0;
++
++ bail_out:
++ free (*locale_path);
++ *locale_path = NULL;
++ *locale_path_len = 0;
++
++ return ENOMEM;
++}
++
+ char *
+ setlocale (int category, const char *locale)
+ {
+ char *locale_path;
+ size_t locale_path_len;
+- const char *locpath_var;
+ char *composite;
+
+ /* Sanity check for CATEGORY argument. */
+@@ -251,17 +304,10 @@ setlocale (int category, const char *locale)
+ locale_path = NULL;
+ locale_path_len = 0;
+
+- locpath_var = getenv ("LOCPATH");
+- if (locpath_var != NULL && locpath_var[0] != '\0')
++ if (compute_locale_search_path (&locale_path, &locale_path_len) != 0)
+ {
+- if (__argz_create_sep (locpath_var, ':',
+- &locale_path, &locale_path_len) != 0
+- || __argz_add_sep (&locale_path, &locale_path_len,
+- _nl_default_locale_path, ':') != 0)
+- {
+- __libc_rwlock_unlock (__libc_setlocale_lock);
+- return NULL;
+- }
++ __libc_rwlock_unlock (__libc_setlocale_lock);
++ return NULL;
+ }
+
+ if (category == LC_ALL)
+diff --git a/string/Makefile b/string/Makefile
+index 8424a61..f925503 100644
+--- a/string/Makefile
++++ b/string/Makefile
+@@ -38,7 +38,7 @@ routines := strcat strchr strcmp strcoll strcpy strcspn \
+ swab strfry memfrob memmem rawmemchr strchrnul \
+ $(addprefix argz-,append count create ctsep next \
+ delete extract insert stringify \
+- addsep replace) \
++ addsep replace suffix) \
+ envz basename \
+ strcoll_l strxfrm_l string-inlines memrchr \
+ xpg-strerror strerror_l
+diff --git a/string/argz-suffix.c b/string/argz-suffix.c
+new file mode 100644
+index 0000000..505b0f2
+--- /dev/null
++++ b/string/argz-suffix.c
+@@ -0,0 +1,56 @@
++/* Copyright (C) 2015 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++ Contributed by Ludovic Courtès <ludo@gnu.org>.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <argz.h>
++#include <errno.h>
++#include <stdlib.h>
++#include <string.h>
++
++
++error_t
++__argz_suffix_entries (char **argz, size_t *argz_len, const char *suffix)
++
++{
++ size_t suffix_len = strlen (suffix);
++ size_t count = __argz_count (*argz, *argz_len);
++ size_t new_argz_len = *argz_len + count * suffix_len;
++ char *new_argz = malloc (new_argz_len);
++
++ if (new_argz)
++ {
++ char *p = new_argz, *entry;
++
++ for (entry = *argz;
++ entry != NULL;
++ entry = argz_next (*argz, *argz_len, entry))
++ {
++ p = stpcpy (p, entry);
++ p = stpcpy (p, suffix);
++ p++;
++ }
++
++ free (*argz);
++ *argz = new_argz;
++ *argz_len = new_argz_len;
++
++ return 0;
++ }
++ else
++ return ENOMEM;
++}
++weak_alias (__argz_suffix_entries, argz_suffix_entries)
+diff --git a/string/argz.h b/string/argz.h
+index bb62a31..d276a35 100644
+--- a/string/argz.h
++++ b/string/argz.h
+@@ -134,6 +134,16 @@ extern error_t argz_replace (char **__restrict __argz,
+ const char *__restrict __str,
+ const char *__restrict __with,
+ unsigned int *__restrict __replace_count);
++
++/* Suffix each entry of ARGZ & ARGZ_LEN with SUFFIX. Return 0 on success,
++ and ENOMEN if memory cannot be allocated. */
++extern error_t __argz_suffix_entries (char **__restrict __argz,
++ size_t *__restrict __argz_len,
++ const char *__restrict __suffix);
++extern error_t argz_suffix_entries (char **__restrict __argz,
++ size_t *__restrict __argz_len,
++ const char *__restrict __suffix);
++
+
+ /* Returns the next entry in ARGZ & ARGZ_LEN after ENTRY, or NULL if there
+ are no more. If entry is NULL, then the first entry is returned. This
diff --git a/contrib/guix/patches/nsis-SConstruct-sde-support.patch b/contrib/guix/patches/nsis-SConstruct-sde-support.patch
index 5edf1b7c8e..f58406a7a0 100644
--- a/contrib/guix/patches/nsis-SConstruct-sde-support.patch
+++ b/contrib/guix/patches/nsis-SConstruct-sde-support.patch
@@ -1,3 +1,6 @@
+https://github.com/kichik/nsis/pull/13
+https://sourceforge.net/p/nsis/code/7248/
+
diff --git a/SConstruct b/SConstruct
index e8252c9..41786f2 100755
--- a/SConstruct
diff --git a/contrib/seeds/generate-seeds.py b/contrib/seeds/generate-seeds.py
index 9560b586ec..dbecba7d1d 100755
--- a/contrib/seeds/generate-seeds.py
+++ b/contrib/seeds/generate-seeds.py
@@ -37,7 +37,7 @@ import re
class BIP155Network(Enum):
IPV4 = 1
IPV6 = 2
- TORV2 = 3
+ TORV2 = 3 # no longer supported
TORV3 = 4
I2P = 5
CJDNS = 6
@@ -46,11 +46,11 @@ def name_to_bip155(addr):
'''Convert address string to BIP155 (networkID, addr) tuple.'''
if addr.endswith('.onion'):
vchAddr = b32decode(addr[0:-6], True)
- if len(vchAddr) == 10:
- return (BIP155Network.TORV2, vchAddr)
- elif len(vchAddr) == 35:
- assert(vchAddr[34] == 3)
+ if len(vchAddr) == 35:
+ assert vchAddr[34] == 3
return (BIP155Network.TORV3, vchAddr[:32])
+ elif len(vchAddr) == 10:
+ return (BIP155Network.TORV2, vchAddr)
else:
raise ValueError('Invalid onion %s' % vchAddr)
elif addr.endswith('.b32.i2p'):
@@ -100,7 +100,10 @@ def parse_spec(s):
host = name_to_bip155(host)
- return host + (port, )
+ if host[0] == BIP155Network.TORV2:
+ return None # TORV2 is no longer supported, so we ignore it
+ else:
+ return host + (port, )
def ser_compact_size(l):
r = b""
@@ -136,6 +139,8 @@ def process_nodes(g, f, structname):
continue
spec = parse_spec(line)
+ if spec is None: # ignore this entry (e.g. no longer supported addresses like TORV2)
+ continue
blob = bip155_serialize(spec)
hoststr = ','.join(('0x%02x' % b) for b in blob)
g.write(f' {hoststr},\n')
diff --git a/contrib/seeds/nodes_main.txt b/contrib/seeds/nodes_main.txt
index 7300e3043d..f7bfb6eb0a 100644
--- a/contrib/seeds/nodes_main.txt
+++ b/contrib/seeds/nodes_main.txt
@@ -650,518 +650,6 @@
[2a0f:df00:0:254::46]:8333
[2c0f:f598:5:1:1001::1]:8333
[2c0f:fce8:0:400:b7c::1]:8333
-226eupdnaouu4h2v.onion:8333
-22h7b6f3caabqqsu.onion:8333
-23wdfqkzttmenvki.onion:8333
-23yi3frxymtwdgre.onion:8333
-2ajon3moyf4i2hbb.onion:8333
-2bfmlpk55hffpl6e.onion:8333
-2ckmbf6sglwydeth.onion:8333
-2hkusi5gcaautwqf.onion:8333
-2ivhmlbxbgnkcykl.onion:8333
-2mmxouhv6nebowkq.onion:8333
-2qsnv6exnuuiar7z.onion:8333
-2qudbhlnvqpli3sz.onion:8333
-2ujxdfovfyjpmdto.onion:8333
-2xdgeufrek3eumkw.onion:8333
-2xdzsruhsej4tsiw.onion:8333
-34ran2woq4easmss.onion:8333
-36q7khhej2lxd3wf.onion:8333
-373wjdspuo52utzq.onion:8333
-376klet5xqbrg2jv.onion:8333
-37kwd7fxop766l5k.onion:8333
-3e5t7hq4alt5tovx.onion:8333
-3gbxhebfhouuwgc3.onion:8333
-3hgbjze2nbwyuewf.onion:8333
-3iuuvrd2waha2cxo.onion:8333
-3jtxujdaiwh6iltu.onion:8333
-3l5eq2du7mvscj4a.onion:8333
-3nofngnqlqeehn7o.onion:8333
-3r44ddzjitznyahw.onion:8333
-3vtbuwmton7vq5qz.onion:8333
-46ohzttz4peki43g.onion:8333
-47fl3ivl4v56jstr.onion:8333
-47i6qrl2ijqcwlg6.onion:8333
-47uupgzcnrwahoto.onion:8333
-4c5cki37evofds6d.onion:8333
-4eq36jrx7xuytfpc.onion:8333
-4ewkdxvcg57adrni.onion:8333
-4flvgibnm2nld3na.onion:8333
-4iaontym47imawe4.onion:8333
-4jxz37oou5ag763c.onion:8333
-4mnkvj6ha73eqnbk.onion:8333
-4nnuyxm5k5tlyjq3.onion:8333
-4nz2yg4cnote3ej7.onion:8333
-4pozwh6564ygzddk.onion:8333
-4qgfb56rvpbmesx7.onion:8333
-4rsax23taqzwmimj.onion:8333
-4u5j5ay6rasowt4m.onion:8333
-4vorvtoyegh4zbvr.onion:8333
-52s4j5pldwlpzhtw.onion:8333
-5abpiiqfvekoejro.onion:8333
-5aydzxx6jyoz3nez.onion:8333
-5cxzdsrtok5dgo4a.onion:8333
-5eduikpudie3jyrf.onion:8333
-5epeafkmya4fv5d5.onion:8333
-5fyxlztic3t6notz.onion:8333
-5hd6eyew5ybnq6gb.onion:8333
-5jyfzhwksb6urrp2.onion:8333
-5nooqgct567ig57v.onion:8333
-5nsfm4nqqzzprjrp.onion:8333
-5oqstxspzhlgjef6.onion:8333
-5pzzmd4tfonrqzb2.onion:8333
-5sckmx4yucbnp4io.onion:8333
-5ue7worzbn6hon3e.onion:8333
-5wxhx2tozpovf6z3.onion:8333
-5xk3yun36e32e34i.onion:8333
-5zght2g7vcsapi65.onion:8333
-62dcdpvdolfzkdzl.onion:8333
-63bko2mhixnn2b7d.onion:8333
-67hjvfv6wictalm5.onion:8333
-6g6ko4klkf5atldi.onion:8333
-6k5zreexw4cadxi5.onion:8333
-6kf5ayhlpenywgas.onion:8333
-6maigxjvcet4pite.onion:8333
-6ressv4dvplb5ihh.onion:8333
-6rjex6gyuaui3c5e.onion:8333
-6skgnf43pphdvjua.onion:8333
-6stxaoduwisg5sqh.onion:8333
-6xqy4ts6bo6u5dgm.onion:8333
-7avnl3dqpgu23jva.onion:8333
-7ff4wk266no23txn.onion:8333
-7hipbuzfdcyzqkkg.onion:8333
-7sjmlzrthjlpfydk.onion:8333
-7tut3zt2akwrmw6x.onion:8333
-7uhsjzj6nx3dfnxt.onion:8333
-7wm4wso3wvatxnbt.onion:8333
-7ykmzuybwd2ptzg4.onion:8333
-a27bvhina4y23jxo.onion:8333
-a53vtdm7uiet5vdl.onion:8333
-a56572xjuofnt2dp.onion:8333
-abp25knifdsnc2rv.onion:8333
-aefx7ubzpal7clak.onion:8333
-ai5r2diozoe7rrdz.onion:8333
-aipupphit3enggpj.onion:8333
-algpjjygd3gtnmpp.onion:8333
-alihua7rhyc452hr.onion:8333
-am3gyyfynxzwyxhx.onion:8333
-ankozzfhl2r3uc6u.onion:8333
-at3twjlbtc2lqnq5.onion:8333
-avqobl72pmc64dyi.onion:8333
-awmdz2fs3b5h5ut5.onion:8333
-ayywpiy77butdjrj.onion:8333
-b2i3pj7c24cvprs7.onion:8333
-b4ilebyxcu6nttio.onion:8333
-b4vvkbqipcmkwp4v.onion:8333
-bddfqxps5ibd3ftw.onion:8333
-be5bgcpo4ooux5qy.onion:8333
-bgla4m6zetvtv7ls.onion:8333
-bh32gzw3nyckzqut.onion:8333
-bho4kodpehn7xr3x.onion:8333
-bitcoin4rlfa4wqx.onion:8333
-biw7s6jf6r2mf3cu.onion:8333
-bk7yp6epnmcllq72.onion:8333
-blcktrgve5vetjsk.onion:8333
-blwbp7gfdffdsx4g.onion:8333
-bnxn6qqc55gvn5op.onion:8333
-bp7o22lvcjawelvv.onion:8333
-bqqyqucgj4tchn64.onion:8333
-bvdzmutcqf7gzzn5.onion:8333
-c36zmegjkinftmtf.onion:8333
-c4fn62gnltlgrptv.onion:8333
-caael5yedviooqzk.onion:8333
-caq54ablfbrnumdd.onion:8333
-cernrmrk5zomzozn.onion:8333
-chri6itgjaagof4t.onion:8333
-cncwik3tnd2ejm5z.onion:8333
-cuyjqoziemcmwaxl.onion:8333
-cx7qa2gpqyp7pld5.onion:8333
-czp7wgaus4gvio72.onion:8333
-d2fn54rfyjdangi4.onion:8333
-d2sk45u6ca64yeqh.onion:8333
-d3aowmngvktsziae.onion:8333
-d5iu4aiz3y2kgcgj.onion:8333
-d6zbw2sxnxgj5sv3.onion:8333
-db5rd5e46t7mgini.onion:8333
-dci2gulorl44yj55.onion:8333
-ddpth2mwt3rsvoog.onion:8333
-dfrwza7fcecknnms.onion:8333
-djwhjfj4rh3oz3yj.onion:8333
-dkk5mmpe5jtjodk5.onion:8333
-doj3zgmsbzurmqgp.onion:8333
-dpce4f3rcqddzbx5.onion:8333
-drwo3vnxch5ozfbo.onion:8333
-duikkidxip3lyexn.onion:8333
-duqdliptc22i6hf5.onion:8333
-duyp4coh5d7nh3ud.onion:8333
-duz5two3z7c55lxj.onion:8333
-dvu6dlar6ezc6xen.onion:8333
-dy6zqs46ycleayyp.onion:8333
-dz2ydmj3yqrcm4r7.onion:8333
-e2b2a5suvdawzxud.onion:8333
-e33h57j2ewkkqsn5.onion:8333
-e5kjiay7pzj5qpzv.onion:8333
-e7iko42d2wzcmvy4.onion:8333
-ea6boh4kotq56ws5.onion:8333
-efdx6gc4s5ezyqeg.onion:8333
-efrpuuic6ukeyqcs.onion:8333
-egruc3bi3itru6gq.onion:8333
-erc6tjs2ucyadl23.onion:8333
-eue2n5sk5tktg5bv.onion:8333
-ezkr7stq4w7ohjrt.onion:8333
-f3nyyjba6kpxznhk.onion:8333
-faq73vj4pcs73thu.onion:8333
-fdvtlj3pscbxuh75.onion:8333
-fgdpxov4nzxvhcpv.onion:8333
-fisqq6vzk3m6t225.onion:8333
-fkgp3qwegacrd2bj.onion:8333
-fo3tdfwx27takqq5.onion:8333
-fqkxtchwypispkpv.onion:8333
-fqunuhlwvd7rq6d5.onion:8333
-frwt5mscpyhiuwpe.onion:8333
-fta4gfjiuv6f2le2.onion:8333
-fuoy2ipuqrqwe5cf.onion:8333
-fz6nsij6jiyuwlsc.onion:8333
-g3vlnaaaog5sgui5.onion:8333
-g44i6jwsutkwmspz.onion:8333
-g55t65d5ckjixcnw.onion:8333
-gajd6eyrl2qwkfmg.onion:8333
-gblue3hr53p4grx7.onion:8333
-gbpro5tzduiuff4v.onion:8333
-gc4l3tql32qhfgmi.onion:8333
-gcnlorvtpycuajc6.onion:8333
-gdsib2nk2eeoidgc.onion:8333
-ge5gm7c6w7yahpz7.onion:8333
-gegcteeep4cwftl5.onion:8333
-gfoyraudgv5qjdku.onion:8333
-ggpbuypmxgi26lc6.onion:8333
-ghqivye7cfckisnt.onion:8333
-girakxomne5fby64.onion:8333
-glz5gfk33tuug5ne.onion:8333
-gplatxoyg5nxl5rj.onion:8333
-gripl5xjwy2dcr6c.onion:8333
-gthhzlmqci22nxru.onion:8333
-gto2d64swosfmk6c.onion:8333
-guaciney52mgcbp2.onion:8333
-gwktgrmtwk6nv5sc.onion:8333
-gwoxnokdcwc7hy4p.onion:8333
-h333f4qnwe7mrymn.onion:8333
-h6a32n4blbwwyn4d.onion:8333
-hafwtrbooszoembm.onion:8333
-hbwhgsb3eeinnr6t.onion:8333
-hcv6foxh5mk7fhb5.onion:8333
-hd6hktcl6wamzlzm.onion:8333
-hda6msa4v4rt77gx.onion:8333
-hdgnxkuqsd6wjwwx.onion:8333
-hgh3azn3eesddvcg.onion:8333
-hhyxu6bwkjefejoz.onion:8333
-hizn6rmofsg3upmn.onion:8333
-hjqxxsy2osemfvev.onion:8333
-hkbp7mbgw6klls4s.onion:8333
-hlojuwiwbkoj4kdz.onion:8333
-hlzxsjr7ob3qzzqq.onion:8333
-hniuzplezebyhv7a.onion:8333
-hondewkj4s4rdcwf.onion:8333
-hql5nv6vhceid3bn.onion:8333
-hspjo7mqrre5gyxr.onion:8333
-hu64s2mdr3x7yxka.onion:8333
-hvwvq2swkqw3qvyo.onion:8333
-hwo2biyndrrvpl6f.onion:8333
-hzxj3dth3y2xt45o.onion:8333
-i3ufxuw3t7cxfdpq.onion:8333
-ia3n3q5u45gvpx7a.onion:8333
-icfgs3fctckd4yeo.onion:8333
-icpz6thqvdjcwlvb.onion:8333
-if32zo5u4mhdunfd.onion:8333
-ig4lguql6vxkbmmr.onion:8333
-ihhcr7fhczqdac4y.onion:8333
-ijm2tyxob7vkvazz.onion:8333
-ip3puuqghumfz5ww.onion:8333
-iq3ket72f3y2frpg.onion:8333
-iqagt5co4dt7h6hf.onion:8333
-iugw42ih6hprqr26.onion:8333
-ivf774v4t7k63i6d.onion:8333
-ivfacdf7cig2z2y2.onion:8333
-ivsxdwku5og2zj4l.onion:8333
-ixwgrhaklvu4g6o7.onion:8333
-iz56moo6mkp3g7xo.onion:8333
-j2cp5muw5j3lumcx.onion:8333
-j2lrkrwugldwewws.onion:8333
-j2qtmkd2dablssz4.onion:8333
-j5e2yuan57v2h5el.onion:8333
-j5jfrdthqt5g25xz.onion:8333
-j5lk2uv2bspfqxfk.onion:8333
-janvvzsmzcsj3fil.onion:8333
-jenn2tmyl3xxarmq.onion:8333
-jfoe5f2sczojfp32.onion:8333
-jgcgi6k2pxooi5q3.onion:8333
-jhana24s3dzkitzp.onion:8333
-jitgulb24mvfqrdg.onion:8333
-jjuvwbjfzljmn7t3.onion:8333
-jlcfomgr5xfexaif.onion:8333
-jlehs6ybb26qlnna.onion:8333
-jljzz4tmbqrxq3q5.onion:8333
-joc4oqceedkg77vf.onion:8333
-jr5y6njubcbv6g37.onion:8333
-jroaos6la4vieho4.onion:8333
-jsmphgkay7iihbkr.onion:8333
-jtksnokusbzms7wl.onion:8333
-ju5duo3r6p6diznc.onion:8333
-jw6zymxcnebahuuj.onion:8333
-jxalvhf7w7wevqzw.onion:8333
-jyzhe3ig44ickysb.onion:8333
-jze6ukn4idrh44eo.onion:8333
-k4glotlxnmttb6ct.onion:8333
-k7uy3iwmvguzygd2.onion:8333
-kl23ofag3ukb6hxl.onion:8333
-kokt2qr6d4pmyb2d.onion:8333
-kpalu3h5ydkoaivs.onion:8333
-krdpbdvtqw5c5lee.onion:8333
-kriw6kzjzarzgb3g.onion:8333
-krp2thcmwrpsoue6.onion:8333
-kvyvdwjwtae5mo77.onion:8333
-kyrxri5rbr6ipurs.onion:8333
-kz3oxg7745dxt62q.onion:8333
-l3w5fcki2wbro2qb.onion:8333
-l44bisuxhh7reb5q.onion:8333
-l565g523emjebusj.onion:8333
-l6w5kdeigwsgnf5t.onion:8333
-l7a4emryfxkjgmmb.onion:8333
-l7sloscjqqbifcsw.onion:8333
-laafjqvtog7djfl2.onion:8333
-lah676kxbgbgw3u2.onion:8333
-lbq2a7pnpmviw2qo.onion:8333
-lc4wnpql27vymi35.onion:8333
-ldoffbfpk3j6c7y7.onion:8333
-lehpmglkivobq2qo.onion:8333
-lgewpjz7ie7daqqr.onion:8333
-lgkvbvro67jomosw.onion:8333
-liw5z4ngic6b7vnv.onion:8333
-ljs7gwrmmza6q6ga.onion:8333
-lmvax3e6awaxvhqi.onion:8333
-lrz77dwf7yq4cgnt.onion:8333
-lva54pnbq2nsmjyr.onion:8333
-lxc2uphxyyxflhnf.onion:8333
-lyjybdr4hmj3bqab.onion:8333
-lz2zlnmyynwtgwf2.onion:8333
-m6hcnpikimyh37yp.onion:8333
-md635omjnrgheed3.onion:8333
-mdb3oupwf4f2qyjb.onion:8333
-me6d4esx7ohdnxne.onion:8333
-mecfkik5ci47wckj.onion:8333
-mfrvevn7w6rwsp4r.onion:8333
-mimuutlew5srtduk.onion:8333
-mnysk3izxvra3huv.onion:8333
-mqu6gqtrhm6xzwwh.onion:8333
-mwuc6vom4ngijtb3.onion:8333
-mxdtrjhe2yfsx3pg.onion:8333
-n4ibet4piscv22nj.onion:8333
-n6d46vbzx43bevlb.onion:8333
-n6t6kfgzlvozxhfm.onion:8333
-n7rrochwerf2qxze.onion:8333
-ncsdiqmnxhnnjbsz.onion:8333
-nitxw3ilffngpumv.onion:8333
-njlsvubildehluwr.onion:8333
-njslfsivyyhixbsp.onion:8333
-nkf5e6b7pl4jfd4a.onion:8333
-nkppsb3t3ducje6m.onion:8333
-nlfwyqksmeqe45zz.onion:8333
-nlyjmpcmpaz5b4aa.onion:8333
-nnmv7z65k65mcesr.onion:8333
-nrrfwdmrm3imuebn.onion:8333
-nrrmkgmulpgsbwlt.onion:8333
-nw4h7leckut7eapv.onion:8333
-nwky3wd3ihoidvb5.onion:8333
-ny4kkemmmqv4lptm.onion:8333
-o25wkcw7eorg2toi.onion:8333
-o2gumvbkw6pm45cf.onion:8333
-o4yjshdwlbshylqw.onion:8333
-ofx4qgw6lppnvtgv.onion:8333
-oketipl4gndqcaus.onion:8333
-oq5q4qrqijr2kpun.onion:8333
-oqw3mfoiobqcklxh.onion:8333
-orsy2v63ecrmdj55.onion:8333
-ot4tzmznyimmlszk.onion:8333
-owk6c2jfthwkyahe.onion:8333
-oy7ss3hm2okx4tun.onion:8333
-p2pc6wbaepvdi6ce.onion:8333
-p2x24gdhasmgcl5j.onion:8333
-p6couujr2ndhllv3.onion:8333
-pa7dw5bln5lqmu53.onion:8333
-pasmchtoooj2kchd.onion:8333
-pdapkkhk6pbcy2tj.onion:8333
-peh5ajouuw6mw4sr.onion:8333
-pkuuc5pwl5xygwhr.onion:8333
-pq4wjl7vg7tsfycc.onion:8333
-ptbwqhusps5qieql.onion:8333
-ptwpbwyj5lnyew2f.onion:8333
-pu7w3jfyrzp7sxsi.onion:8333
-pwylbyvfuc62hhvx.onion:8333
-q2fhnnyt5b2ayvce.onion:8333
-q3i3apuionbazmfe.onion:8333
-qd6fcpu3pvbf2y3x.onion:8333
-qfewv3y7a3p4i3bd.onion:8333
-qhytdttflhbc4rsh.onion:8333
-qkn35rb3x2gxbwq4.onion:8333
-qlvlexs7pwac2f4b.onion:8333
-qogcqirtuta6rlxg.onion:8333
-qrzqfxkhrmu5v5ro.onion:8333
-qsyjasq46b2syiys.onion:8333
-quu4b2zjbnr2ue4y.onion:8333
-quycfj2wenz6bfyd.onion:8333
-qvdy3cmocnlv5v7c.onion:8333
-qvwhpqygan2xky5h.onion:8333
-qyutwc26ullujafb.onion:8333
-r45qg2d6iwfdhqwl.onion:8333
-r4xudr6u4r5nyga4.onion:8333
-r6apa5ssujxbwd34.onion:8333
-r6z2gcsu37k3gaah.onion:8333
-rbrjgfcca6v5b7yo.onion:8333
-rcifxibawqt6rxzz.onion:8333
-rdo3xctk3zkzjvln.onion:8333
-rdvlepy6ghgpapzo.onion:8333
-recs3a27chv2lg65.onion:8333
-rfmbiy5vztvn6hyn.onion:8333
-rli5lbje4k77inzw.onion:8333
-roqwnmepcj453vfh.onion:8333
-rpbnx54qniivrmh3.onion:8333
-rsvvogqdlijp77hv.onion:8333
-rwm5d4hg3hc77kdt.onion:8333
-s3yelkvc5f5xeysw.onion:8333
-s6rx52hitmpp4lge.onion:8333
-sa6m3rvycipgemky.onion:8333
-savebeesmkivmfbo.onion:8333
-sbyjr5npk2mlmfw7.onion:8333
-serwj42jme5xhhmw.onion:8333
-sg4vmubv3djrzvuh.onion:8333
-shsgksluz6jkgp6g.onion:8333
-sjyzmwwu6diiit3r.onion:8333
-sk3en3reudg3sdg5.onion:8333
-skoifp4oj7l4osu5.onion:8333
-sle2caplkln33e7y.onion:8333
-smdd7q7gonajdmjq.onion:8333
-spmhuxjb2cd7leun.onion:8333
-srkgyv5edn2pa7il.onion:8333
-sslnjjhnmwllysv4.onion:8333
-su66ygras6rkdtnl.onion:8333
-sundvmbjrtgdfahx.onion:8333
-svd65k5jpal2p3lt.onion:8333
-svua5hiqluw7o2sw.onion:8333
-sxqjubmum4rmfgpu.onion:8333
-t245vi742ti3tnka.onion:8333
-t4fbovvgzpnimd2p.onion:8333
-t4l4wv3erkhpde2p.onion:8333
-t5qchwbr6u5v2agk.onion:8333
-t7jlaj6ggyx7s5vy.onion:8333
-ta6sjeqyb27f4n4a.onion:8333
-tav7utpw4pfy7j6k.onion:8333
-taxg5z2sxfm5c4d6.onion:8333
-tekwvnbodbzrlufs.onion:8333
-tg4uwrjmtr2jlbjy.onion:8333
-th4cjvffjtw6vomu.onion:8333
-th6fxymtwnfifqeu.onion:8333
-thtchhl25u26nglq.onion:8333
-tiiah7csuoklcvi6.onion:8333
-tk63x5fk3337z3ud.onion:8333
-tkgootat6cqn7vyy.onion:8333
-tnj565wwqz5wpjvs.onion:8333
-ts6qx37mmpu6nj5y.onion:8333
-ttjisvxydgbtp56f.onion:8333
-twn54v7ra2xjgd55.onion:8333
-txem5meug24g2ezd.onion:8333
-tyiunn36lmfcq5lr.onion:8333
-tyv56xs6g6ndzqux.onion:8333
-u47f3hxwq65sgs4o.onion:8333
-u4r7fnholrdwwlni.onion:8333
-u556ofb3myarafwn.onion:8333
-u5q3gbz4qpz4wvlr.onion:8333
-uakly3ydrevvpxwi.onion:8333
-ug6hapi4qtekzc7v.onion:8333
-ui553qotd6ron3rf.onion:8333
-uir7f3wltoka6bbb.onion:8333
-ukrjjhwodl44wmof.onion:8333
-ul5gm2ixy7kqdfwg.onion:8333
-undd7rsj4pen3wo4.onion:8333
-uorwpzfehtykrg43.onion:8333
-uovsp2yltnaojq6l.onion:8333
-usazmdcs32ny24dy.onion:8333
-usazs7glm7geyxkl.onion:8333
-uss2kedg7qkwgdr5.onion:8333
-utgyrvw75wv2nymi.onion:8333
-uzwacms7kyzhehbl.onion:8333
-v2kdcetvslmdfcwr.onion:8333
-v5lhnzzv6nngfg5d.onion:8333
-vc44gb4veppobrt3.onion:8333
-vfwyhju43wxhzvux.onion:8333
-vgujufk53lqyolio.onion:8333
-vheejqq2v5dkb4xr.onion:8333
-vj64edev4jnqfdsb.onion:8333
-vmai5uigezr2khkj.onion:8333
-vmuykd7sxbmi7w57.onion:8333
-vomeacttinx3mpml.onion:8333
-vpow2xofg3fwzsdq.onion:8333
-vsawli4l5ifxdzaw.onion:8333
-vunubqkfms7sifok.onion:8333
-vuombnevwul4bqsb.onion:8333
-vxcpvdng65aefz6t.onion:8333
-vyxoizdzavp3obau.onion:8333
-wbeon2ci7lfio6ay.onion:8333
-wbwevew62mgsrrdz.onion:8333
-wfaydlg6zyfzjcu5.onion:8333
-wfz56s5lyn5dysez.onion:8333
-wg3mq4ugyy2gx32b.onion:8333
-whky54bctkf2n4p3.onion:8333
-whmjanqoyzizzc4t.onion:8333
-wlhou2wxgqyi3x3f.onion:8333
-wlvkfrplfiioz22o.onion:8333
-x3ngb3va7dovuenw.onion:8333
-x57x62bmmnylvo7r.onion:8333
-xgvm57mhgv564dka.onion:8333
-xhs3glfwnwiumivn.onion:8333
-xje5fwvyfdue2u6k.onion:8333
-xlgubgyly2blvsg5.onion:8333
-xnlu3tvakngy7tkp.onion:8333
-xo5marilhuyo7but.onion:8333
-xsaaxihdygnwxrix.onion:8333
-xu5mlugdsmzfkvzh.onion:8333
-xvrxqcptqvieedb2.onion:8333
-xwzhrrygftq3q4w4.onion:8333
-y4swmsaxdcos2bnu.onion:8333
-y5tl4lqi365pplud.onion:8333
-y5wzeqyaets5na6t.onion:8333
-y73qk2mzkjkhoky7.onion:8333
-y7oz3ydnvib4xhbb.onion:8333
-yah7qgfqqrteoche.onion:8333
-yba4brm555denlt7.onion:8333
-ygeqkg4inplsace3.onion:8333
-yjhnfu75lazbi34h.onion:8333
-yjw7kqapxx5vggoj.onion:8333
-ym7inmovbrna4gco.onion:8333
-yq5cusnuokscy64z.onion:8333
-yrcaioqrqrdwokqt.onion:8333
-yrcr7pgjuazad254.onion:8333
-yrksvon3tmvoohdv.onion:8333
-ytpus4vx5w7j6wp2.onion:8333
-ytqcigk2hhdl45ho.onion:8333
-yxojl3xmjus3dik2.onion:8333
-yzdqdsqx4fdung6w.onion:8333
-z33nukt7ngik3cpe.onion:8333
-z3ywbadw46ndnxgh.onion:8333
-z6mbqq7llxlrn4kq.onion:8333
-zb3lrcksn4rzhzje.onion:8333
-ze7odp7pzarjplsr.onion:8333
-zgbmhtbja4fy2373.onion:8333
-zh7hvalcgvjpoaqm.onion:8333
-ziztvxehmj5mehpg.onion:8333
-zjii3yecdrmq73y3.onion:8333
-zkrwmgjuvsza6ye2.onion:8333
-zoz2aopwi3wfuqwg.onion:8333
-ztdcfnh46773bivu.onion:8333
-zuxhc6d3nwpgc4af.onion:8333
-zuytrfevzjcpizli.onion:8333
-zvq6dpt3i2ofdp3g.onion:8333
-zwwm6ga7u2hqe2sd.onion:8333
-zyqb4lenfspntj5m.onion:8333
# manually added 2021-03 for minimal torv3 bootstrap support
2g5qfdkn2vvcbqhzcyvyiitg4ceukybxklraxjnu7atlhd22gdwywaid.onion:8333
@@ -1190,11 +678,11 @@ vi5bnbxkleeqi6hfccjochnn65lcxlfqs4uwgmhudph554zibiusqnad.onion:8333
xqt25cobm5zqucac3634zfght72he6u3eagfyej5ellbhcdgos7t2had.onion:8333
# manually added 2021-05 for minimal i2p bootstrap support
-72l3ucjkuscrbiiepoehuwqgknyzgo7zuix5ty4puwrkyhtmnsga.b32.i2p:8333
-c4gfnttsuwqomiygupdqqqyy5y5emnk5c73hrfvatri67prd7vyq.b32.i2p:8333
-gehtac45oaghz54ypyopim64mql7oad2bqclla74l6tfeolzmodq.b32.i2p:8333
-h3r6bkn46qxftwja53pxiykntegfyfjqtnzbm6iv6r5mungmqgmq.b32.i2p:8333
-hnbbyjpxx54623l555sta7pocy3se4sdgmuebi5k6reesz5rjp6q.b32.i2p:8333
-pjs7or2ctvteeo5tu4bwyrtydeuhqhvdprtujn4daxr75jpebjxa.b32.i2p:8333
-wwbw7nqr3ahkqv62cuqfwgtneekvvpnuc4i4f6yo7tpoqjswvcwa.b32.i2p:8333
-zsxwyo6qcn3chqzwxnseusqgsnuw3maqnztkiypyfxtya4snkoka.b32.i2p:8333
+72l3ucjkuscrbiiepoehuwqgknyzgo7zuix5ty4puwrkyhtmnsga.b32.i2p:0
+c4gfnttsuwqomiygupdqqqyy5y5emnk5c73hrfvatri67prd7vyq.b32.i2p:0
+gehtac45oaghz54ypyopim64mql7oad2bqclla74l6tfeolzmodq.b32.i2p:0
+h3r6bkn46qxftwja53pxiykntegfyfjqtnzbm6iv6r5mungmqgmq.b32.i2p:0
+hnbbyjpxx54623l555sta7pocy3se4sdgmuebi5k6reesz5rjp6q.b32.i2p:0
+pjs7or2ctvteeo5tu4bwyrtydeuhqhvdprtujn4daxr75jpebjxa.b32.i2p:0
+wwbw7nqr3ahkqv62cuqfwgtneekvvpnuc4i4f6yo7tpoqjswvcwa.b32.i2p:0
+zsxwyo6qcn3chqzwxnseusqgsnuw3maqnztkiypyfxtya4snkoka.b32.i2p:0
diff --git a/contrib/signet/README.md b/contrib/signet/README.md
index 71dc2f9638..706b296c54 100644
--- a/contrib/signet/README.md
+++ b/contrib/signet/README.md
@@ -21,27 +21,28 @@ accept one claim per day. See `--password` above.
miner
=====
-To mine the first block in your custom chain, you can run:
+You will first need to pick a difficulty target. Since signet chains are primarily protected by a signature rather than proof of work, there is no need to spend as much energy as possible mining, however you may wish to choose to spend more time than the absolute minimum. The calibrate subcommand can be used to pick a target appropriate for your hardware, eg:
cd src/
- CLI="./bitcoin-cli -conf=mysignet.conf"
- MINER="..contrib/signet/miner"
+ MINER="../contrib/signet/miner"
GRIND="./bitcoin-util grind"
- ADDR=$($CLI -signet getnewaddress)
- $MINER --cli="$CLI" generate --grind-cmd="$GRIND" --address="$ADDR" --set-block-time=-1
-
-This will mine a block with the current timestamp. If you want to backdate the chain, you can give a different timestamp to --set-block-time.
-
-You will then need to pick a difficulty target. Since signet chains are primarily protected by a signature rather than proof of work, there is no need to spend as much energy as possible mining, however you may wish to choose to spend more time than the absolute minimum. The calibrate subcommand can be used to pick a target, eg:
-
$MINER calibrate --grind-cmd="$GRIND"
nbits=1e00f403 for 25s average mining time
It defaults to estimating an nbits value resulting in 25s average time to find a block, but the --seconds parameter can be used to pick a different target, or the --nbits parameter can be used to estimate how long it will take for a given difficulty.
-Using the --ongoing parameter will then cause the signet miner to create blocks indefinitely. It will pick the time between blocks so that difficulty is adjusted to match the provided --nbits value.
+To mine the first block in your custom chain, you can run:
- $MINER --cli="$CLI" generate --grind-cmd="$GRIND" --address="$ADDR" --nbits=1e00f403 --ongoing
+ CLI="./bitcoin-cli -conf=mysignet.conf"
+ ADDR=$($CLI -signet getnewaddress)
+ NBITS=1e00f403
+ $MINER --cli="$CLI" generate --grind-cmd="$GRIND" --address="$ADDR" --nbits=$NBITS
+
+This will mine a single block with a backdated timestamp designed to allow 100 blocks to be mined as quickly as possible, so that it is possible to do transactions.
+
+Adding the --ongoing parameter will then cause the signet miner to create blocks indefinitely. It will pick the time between blocks so that difficulty is adjusted to match the provided --nbits value.
+
+ $MINER --cli="$CLI" generate --grind-cmd="$GRIND" --address="$ADDR" --nbits=$NBITS --ongoing
Other options
-------------
@@ -50,9 +51,11 @@ The --debug and --quiet options are available to control how noisy the signet mi
Instead of specifying --ongoing, you can specify --max-blocks=N to mine N blocks and stop.
-Instead of using a single address, a ranged descriptor may be provided instead (via the --descriptor parameter), with the reward for the block at height H being sent to the H'th address generated from the descriptor.
+The --set-block-time option is available to manually move timestamps forward or backward (subject to the rules that blocktime must be greater than mediantime, and dates can't be more than two hours in the future). It can only be used when mining a single block (ie, not when using --ongoing or --max-blocks greater than 1).
+
+Instead of using a single address, a ranged descriptor may be provided via the --descriptor parameter, with the reward for the block at height H being sent to the H'th address generated from the descriptor.
-Instead of calculating a specific nbits value, --min-nbits can be specified instead, in which case the mininmum signet difficulty will be targeted.
+Instead of calculating a specific nbits value, --min-nbits can be specified instead, in which case the minimum signet difficulty will be targeted. Signet's minimum difficulty corresponds to --nbits=1e0377ae.
By default, the signet miner mines blocks at fixed intervals with minimal variation. If you want blocks to appear more randomly, as they do in mainnet, specify the --poisson option.
@@ -76,5 +79,5 @@ These steps can instead be done explicitly:
$MINER --cli="$CLI" solvepsbt --grind-cmd="$GRIND" |
$CLI -signet -stdin submitblock
-This is intended to allow you to replace part of the pipeline for further experimentation, if desired.
+This is intended to allow you to replace part of the pipeline for further experimentation (eg, to sign the block with a hardware wallet).
diff --git a/contrib/signet/miner b/contrib/signet/miner
index a3fba49d0e..78e1fa5ecd 100755
--- a/contrib/signet/miner
+++ b/contrib/signet/miner
@@ -23,7 +23,7 @@ PATH_BASE_TEST_FUNCTIONAL = os.path.abspath(os.path.join(PATH_BASE_CONTRIB_SIGNE
sys.path.insert(0, PATH_BASE_TEST_FUNCTIONAL)
from test_framework.blocktools import WITNESS_COMMITMENT_HEADER, script_BIP34_coinbase_height # noqa: E402
-from test_framework.messages import CBlock, CBlockHeader, COutPoint, CTransaction, CTxIn, CTxInWitness, CTxOut, FromHex, ToHex, deser_string, hash256, ser_compact_size, ser_string, ser_uint256, uint256_from_str # noqa: E402
+from test_framework.messages import CBlock, CBlockHeader, COutPoint, CTransaction, CTxIn, CTxInWitness, CTxOut, from_hex, deser_string, hash256, ser_compact_size, ser_string, ser_uint256, tx_from_hex, uint256_from_str # noqa: E402
from test_framework.script import CScriptOp # noqa: E402
logging.basicConfig(
@@ -37,7 +37,7 @@ RE_MULTIMINER = re.compile("^(\d+)(-(\d+))?/(\d+)$")
# #### some helpers that could go into test_framework
-# like FromHex, but without the hex part
+# like from_hex, but without the hex part
def FromBinary(cls, stream):
"""deserialize a binary stream (or bytes object) into an object"""
# handle bytes object by turning it into a stream
@@ -195,7 +195,7 @@ def finish_block(block, signet_solution, grind_cmd):
headhex = CBlockHeader.serialize(block).hex()
cmd = grind_cmd.split(" ") + [headhex]
newheadhex = subprocess.run(cmd, stdout=subprocess.PIPE, input=b"", check=True).stdout.strip()
- newhead = FromHex(CBlockHeader(), newheadhex.decode('utf8'))
+ newhead = from_hex(CBlockHeader(), newheadhex.decode('utf8'))
block.nNonce = newhead.nNonce
block.rehash()
return block
@@ -216,7 +216,7 @@ def generate_psbt(tmpl, reward_spk, *, blocktime=None):
block.nTime = tmpl["mintime"]
block.nBits = int(tmpl["bits"], 16)
block.nNonce = 0
- block.vtx = [cbtx] + [FromHex(CTransaction(), t["data"]) for t in tmpl["transactions"]]
+ block.vtx = [cbtx] + [tx_from_hex(t["data"]) for t in tmpl["transactions"]]
witnonce = 0
witroot = block.calc_witness_merkle_root()
@@ -274,7 +274,7 @@ def do_genpsbt(args):
def do_solvepsbt(args):
block, signet_solution = do_decode_psbt(sys.stdin.read())
block = finish_block(block, signet_solution, args.grind_cmd)
- print(ToHex(block))
+ print(block.serialize().hex())
def nbits_to_target(nbits):
shift = (nbits >> 24) & 0xff
@@ -428,10 +428,13 @@ def do_generate(args):
action_time = now
is_mine = True
elif bestheader["height"] == 0:
- logging.error("When mining first block in a new signet, must specify --set-block-time")
- return 1
+ time_delta = next_block_delta(int(bestheader["bits"], 16), bci["bestblockhash"], ultimate_target, args.poisson)
+ time_delta *= 100 # 100 blocks
+ logging.info("Backdating time for first block to %d minutes ago" % (time_delta/60))
+ mine_time = now - time_delta
+ action_time = now
+ is_mine = True
else:
-
time_delta = next_block_delta(int(bestheader["bits"], 16), bci["bestblockhash"], ultimate_target, args.poisson)
mine_time = bestheader["time"] + time_delta
@@ -500,7 +503,7 @@ def do_generate(args):
block = finish_block(block, signet_solution, args.grind_cmd)
# submit block
- r = args.bcli("-stdin", "submitblock", input=ToHex(block).encode('utf8'))
+ r = args.bcli("-stdin", "submitblock", input=block.serialize().hex().encode('utf8'))
# report
bstr = "block" if is_mine else "backup block"
@@ -520,12 +523,11 @@ def do_calibrate(args):
sys.stderr.write("Can only specify one of --nbits or --seconds\n")
return 1
if args.nbits is not None and len(args.nbits) != 8:
- sys.stderr.write("Must specify 8 hex digits for --nbits")
+ sys.stderr.write("Must specify 8 hex digits for --nbits\n")
return 1
TRIALS = 600 # gets variance down pretty low
TRIAL_BITS = 0x1e3ea75f # takes about 5m to do 600 trials
- #TRIAL_BITS = 0x1e7ea75f # XXX
header = CBlockHeader()
header.nBits = TRIAL_BITS
@@ -533,23 +535,14 @@ def do_calibrate(args):
start = time.time()
count = 0
- #CHECKS=[]
for i in range(TRIALS):
header.nTime = i
header.nNonce = 0
headhex = header.serialize().hex()
cmd = args.grind_cmd.split(" ") + [headhex]
newheadhex = subprocess.run(cmd, stdout=subprocess.PIPE, input=b"", check=True).stdout.strip()
- #newhead = FromHex(CBlockHeader(), newheadhex.decode('utf8'))
- #count += newhead.nNonce
- #if (i+1) % 100 == 0:
- # CHECKS.append((i+1, count, time.time()-start))
-
- #print("checks =", [c*1.0 / (b*targ*2**-256) for _,b,c in CHECKS])
avg = (time.time() - start) * 1.0 / TRIALS
- #exp_count = 2**256 / targ * TRIALS
- #print("avg =", avg, "count =", count, "exp_count =", exp_count)
if args.nbits is not None:
want_targ = nbits_to_target(int(args.nbits,16))
@@ -590,7 +583,6 @@ def main():
generate.add_argument("--nbits", default=None, type=str, help="Target nBits (specify difficulty)")
generate.add_argument("--min-nbits", action="store_true", help="Target minimum nBits (use min difficulty)")
generate.add_argument("--poisson", action="store_true", help="Simulate randomised block times")
- #generate.add_argument("--signcmd", default=None, type=str, help="Alternative signing command")
generate.add_argument("--multiminer", default=None, type=str, help="Specify which set of blocks to mine (eg: 1-40/100 for the first 40%%, 2/3 for the second 3rd)")
generate.add_argument("--backup-delay", default=300, type=int, help="Seconds to delay before mining blocks reserved for other miners (default=300)")
generate.add_argument("--standby-delay", default=0, type=int, help="Seconds to delay before mining blocks (default=0)")
@@ -605,7 +597,7 @@ def main():
sp.add_argument("--descriptor", default=None, type=str, help="Descriptor for block reward payment")
for sp in [solvepsbt, generate, calibrate]:
- sp.add_argument("--grind-cmd", default=None, type=str, help="Command to grind a block header for proof-of-work")
+ sp.add_argument("--grind-cmd", default=None, type=str, required=(sp==calibrate), help="Command to grind a block header for proof-of-work")
args = parser.parse_args(sys.argv[1:])
generated by cgit v1.2.3 (git 2.26.2) at 2024-10-04 15:52:26 +0000