| Age | Commit message (Collapse) | Author |
|---|
|
With the release of binutils/ld 2.36, ld swapped to much improved
default settings when producing windows binaries with mingw-w64. One of
these changes was to stop stripping the .reloc section from binaries,
which is required for working ASLR.
.reloc section stripping is something we've accounted for previously,
see #18702. The related upstream discussion is in this thread:
https://sourceware.org/bugzilla/show_bug.cgi?id=19011.
When we switched to using a newer Guix time-machine in #23778, we begun
using binutils 2.37 to produce releases. Since then, our windows
installer (produced with makensis) has not functioned correctly when run on
a Windows system with the "Force randomization for images (Mandatory ASLR)"
option enabled. Note that all of our other release binaries, which all
contain .reloc sections, function fine under the same option, so it
cannot be just the presence of a .reloc section that is the issue.
For now, restore makensis to it's pre-binutils-2.36 behaviour, which
fixes the produced installer. The underlying issue can be further
investigated in future.
|
|
|
|
2eb1e5384ff7a220fd1afacd4a0170acff54fe56
103c0d9f7e084c94ba7d83a44e784ab0b4a6d8e4 guix: use elfesteem 2eb1e5384ff7a220fd1afacd4a0170acff54fe56 (fanquake)
Pull request description:
Our patch has been merged upstream, see https://github.com/LRGH/elfesteem/pull/3.
Guix Build (x86_64):
```bash
3deb66d386587e7ce29b92528170081d9e74443ddf50d07b72aacaee31c11641 guix-build-103c0d9f7e08/output/aarch64-linux-gnu/SHA256SUMS.part
5f53a059ccf07181fa1154dc6ab741a9beda663a48d123d2aa4256ca7d38497a guix-build-103c0d9f7e08/output/aarch64-linux-gnu/bitcoin-103c0d9f7e08-aarch64-linux-gnu-debug.tar.gz
20cdb705439ff54822f7c3cad12254b46f8ff93aae58f1716253f39bd734eaf1 guix-build-103c0d9f7e08/output/aarch64-linux-gnu/bitcoin-103c0d9f7e08-aarch64-linux-gnu.tar.gz
ae51fb2ef8e76326bde4693f778444a5c21df1feba42b161e667c5f069aae967 guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/SHA256SUMS.part
0ffeaa089582871a578069c0251bf51823624274c23c2fd65f04d2a3e50f3296 guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/bitcoin-103c0d9f7e08-arm-linux-gnueabihf-debug.tar.gz
71f3da47678d8169414ef0072271604fa550e84ce86979706b3b289a1521a119 guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/bitcoin-103c0d9f7e08-arm-linux-gnueabihf.tar.gz
f5d13de726f7705e946a2b3a63d182d8c7e70e3adc9a92552676898e9819db27 guix-build-103c0d9f7e08/output/arm64-apple-darwin/SHA256SUMS.part
e411e8f0cc3ab18981ccb65768a6af1622748c14b6e0513401179bcd0df519a7 guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin-unsigned.dmg
d7e9aa52f9b0a0249445e926753978d6845bab0c02639d162879b921f237b8ce guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin-unsigned.tar.gz
cefde91f0b75a27e945f190194dbe0dab5653a6bcc91b18bec34d952aebd72d7 guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin.tar.gz
0b399fd5f7a85974ab25933575a0173c814d4ab578d16ab13896bb51e408b92f guix-build-103c0d9f7e08/output/dist-archive/bitcoin-103c0d9f7e08.tar.gz
22d6a771d2eab73ab328c8b472160333dd52c6f734761f466c79251a37bd1895 guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/SHA256SUMS.part
a6e598b022683e0858be8bd4a6d75bc15f2fbc7632c45f8b03c7a8dff367343a guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/bitcoin-103c0d9f7e08-powerpc64-linux-gnu-debug.tar.gz
04ea54706ac47f8880ae0fcddabb0f4fe899a0bacf52d0d936dbbc1149e14e10 guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/bitcoin-103c0d9f7e08-powerpc64-linux-gnu.tar.gz
059a7018ce96e141c258d516b85c3ee95f02b61dc2db4931fa14993b2bd945e3 guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/SHA256SUMS.part
aacaa0e4827808ed189152c6f1a4e0d9300b89136a7dc064fd045f700ee06084 guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/bitcoin-103c0d9f7e08-powerpc64le-linux-gnu-debug.tar.gz
4041f8de495b4633df0e28d75ab6cfd0bfe7ec9292384ce4d3331383d06da310 guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/bitcoin-103c0d9f7e08-powerpc64le-linux-gnu.tar.gz
1586a47797a803cab03a9ebcd207eb395e1651c443e9192ac2b144b85e014762 guix-build-103c0d9f7e08/output/riscv64-linux-gnu/SHA256SUMS.part
74f088bca4e7c0d44e6b7161ee4c835b38bc9291c78f37e53d3ede2da98d52c0 guix-build-103c0d9f7e08/output/riscv64-linux-gnu/bitcoin-103c0d9f7e08-riscv64-linux-gnu-debug.tar.gz
12cfe35b28de03f2355d6fb5ed9393001d3b5a06b12a2792cb863ca4ae61db17 guix-build-103c0d9f7e08/output/riscv64-linux-gnu/bitcoin-103c0d9f7e08-riscv64-linux-gnu.tar.gz
b021e117d1e92ad105234661468efeab98246db79d51267a766399776999bafe guix-build-103c0d9f7e08/output/x86_64-apple-darwin/SHA256SUMS.part
0a6c9d00f9ea2d67ca58c867258bb1b595a3141d5f199ffb047f7235bb2863a6 guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin-unsigned.dmg
a7df5f759e792e4fae46ab7ddca5db8cff8973aa33d7d99c4bfbf7c04c2d3013 guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin-unsigned.tar.gz
801ec4f81af5f184cc0e0fcf650f4e5822d895a4202c35575f46e1c63498b1aa guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin.tar.gz
813e9c9c6e0ce430d2096963dbffeb141f239d67b334e44b3fd1f1bc9246758d guix-build-103c0d9f7e08/output/x86_64-linux-gnu/SHA256SUMS.part
43e7afc360267fea8e1620e0c2ea40c45af07debbd646abf9fe631465c2e2c47 guix-build-103c0d9f7e08/output/x86_64-linux-gnu/bitcoin-103c0d9f7e08-x86_64-linux-gnu-debug.tar.gz
0c5fc4b3c5bf4a53f1f9710cd738d5c0bbe6a2f0dc45e91f92065ae766b63635 guix-build-103c0d9f7e08/output/x86_64-linux-gnu/bitcoin-103c0d9f7e08-x86_64-linux-gnu.tar.gz
08c031137c2c472a944f3220cf3812a8ec1dd70da9b0f264361ba16badb65b9f guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/SHA256SUMS.part
4bbdc405075001b61e7cc48974e4b987c887a861add6db419fb51eccd914fbb0 guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-debug.zip
8de95b683500300a787dd1d0d74580e9d6ab448f00f4c32e58ad830b763f2755 guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-setup-unsigned.exe
36202c352d1f3b238daa00126f7ad369e53a510a32bb2585d69f967ef02aff48 guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-unsigned.tar.gz
6255922a31502a23ea323095dec2d176bca22977222936fc7857a55ac001f6e9 guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64.zip
```
ACKs for top commit:
hebasto:
ACK 103c0d9f7e084c94ba7d83a44e784ab0b4a6d8e4, I have reviewed the code and it looks OK.
Tree-SHA512: 421956999d2daedbce2e94a13dffa20b2dafb36ca5ffa094d8dca79eb5e60ec91bfade59cd24da548b45aec00f688d570e61a3567ea8075c25d198ac7fc4efff
|
|
Our patch has been merged upstream, see
https://github.com/LRGH/elfesteem/pull/3
|
|
Without ffile-prefix-map, the debug symbols will contain paths for the
guix store which will include the hashes of each package. However, the
hash for the same package will differ when on different architectures.
In order to be reproducible regardless of the architecture used to build
the package, map all guix store prefixes to something fixed, e.g. /usr.
We might be able to drop this in favour of using --with-nonshared-cflags
when we being using newer versions of glibc.
|
|
This patches our LIEF build using the change merged upstream:
https://github.com/lief-project/LIEF/pull/718.
This can be dropped the next time we update LIEF.
|
|
GCC 10 started using -fno-common by default, which causes issues with
the powerpc builds using gibc 2.24. A patch was commited to glibc to fix
the issue, 18363b4f010da9ba459b13310b113ac0647c2fcc but is non-trvial
to backport, and was broken in at least one way, see the followup in
commit 7650321ce037302bfc2f026aa19e0213b8d02fe6.
For now, retain the legacy GCC behaviour by passing -fcommon when
building glibc 2.24.
https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html.
https://sourceware.org/git/?p=glibc.git;a=commit;h=18363b4f010da9ba459b13310b113ac0647c2fcc
https://sourceware.org/git/?p=glibc.git;a=commit;h=7650321ce037302bfc2f026aa19e0213b8d02fe6
|
|
|
|
The actual macro is __has_include(), not __has_include__(), using the
later would result in build failures when using GCC 10. i.e:
```bash
../sysdeps/unix/sysv/linux/riscv/flush-icache.c:24:5: warning: "__has_include__" is not defined, evaluates to 0 [-Wundef]
24 | #if __has_include__ (<asm/syscalls.h>)
```
Looks like at least someone else has run into the same thing, see:
http://lists.busybox.net/pipermail/buildroot/2020-July/590376.html.
See also:
https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005finclude.html
https://clang.llvm.org/docs/LanguageExtensions.html#has-include
|
|
This commit backports a patch to the GCC 10.3.0 we build for Windows
cross-compilation in Guix. The commit has been backported to the GCC
releases/gcc-10 branch, but hasn't yet made it into a release.
The patch corrects a regression from an earlier GCC commit, see:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=357c4350680bf29f0c7a115424e3da11c53b5582
and
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=074226d5aa86cd3de517014acfe34c7f69a2ccc7,
related to the way newer versions of mingw-w64 implement setjmp/longjmp.
Ultimately this was causing a crash for us when Windows users were
viewing the network traffic tab inside the GUI. After some period, long
enough that a buffer would need reallocating, a call into FreeTypes
gray_record_cell() would result in a call to ft_longjmp (longjmp), which
would then trigger a crash.
Fixes: https://github.com/bitcoin-core/gui/issues/582.
See also:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e8d1ca7d2c344a411779892616c423e157f4aea8.
https://bugreports.qt.io/browse/QTBUG-93476.
|
|
This introduces a patch to our GCC (10.3.0) mingw-w64 compiler, in Guix, to make
it avoid using aligned vmov instructions. This works around a longstanding issue
in GCC, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54412, which was recently
discovered to be causing issues, see #24726.
Note that distros like Debian are also patching around this issue, and that is
where this patch comes from. This would also explain why we haven't run into this
problem earlier, in development builds. See:
https://salsa.debian.org/mingw-w64-team/gcc-mingw-w64/-/blob/master/debian/patches/vmov-alignment.patch.
Fixes #24726.
Alternative to #24727.
See also:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939559
|
|
Our patch is now used upstream.
|
|
This currently points to the version-1.4.0 branch.
|
|
We use these flags in our test-security-check make target, but they are
only available because debian patches them in.
We can patch them in for our Guix builds so that we can check the sanity
of our security/symbol checking suite before running them.
|
|
|
|
Support for riscv64 in glibc landed in 2.27 so it's unavoidable that we
use 2.27.
Running a Bitcoin build with toolchains based on 2.24 for platforms
other than riscv64 seem to produce binaries which do not have 2.17
symbols. So use 2.24 since it's more recent and maintained by Debian
Stretch.
|
|
Otherwise the resulting .a static libraries (e.g. libstdc++.a) will not
be reproducible and end up making the Bitcoin binaries non-reproducible
as well.
See: https://reproducible-builds.org/docs/archives/#gnu-libtool
|
|
|
|
When building nsis, if VERSION is not specified, it defaults to
cvs_version which is non-deterministic as it includes the current date.
This patches nsis to default to SOURCE_DATE_EPOCH if it exists so that
nsis is reproducible.
Upstream change: https://github.com/kichik/nsis/pull/13
|
