From f6869929d89d76d5bd7d83fd141e9607a5481903 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Tue, 27 Jun 2023 18:45:11 +0000 Subject: [PATCH 01/26] build: obey bitcoin#22993 by setting macOS target to Darwin 19 --- contrib/guix/README.md | 6 +++--- contrib/guix/guix-build | 2 +- contrib/guix/guix-codesign | 2 +- contrib/guix/libexec/build.sh | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/contrib/guix/README.md b/contrib/guix/README.md index 0e756bdb361d5..7e4525188dc41 100644 --- a/contrib/guix/README.md +++ b/contrib/guix/README.md @@ -75,7 +75,7 @@ crucial differences: 1. Since only Windows and macOS build outputs require codesigning, the `HOSTS` environment variable will have a sane default value of `x86_64-w64-mingw32 - x86_64-apple-darwin18` instead of all the platforms. + x86_64-apple-darwin19` instead of all the platforms. 2. The `guix-codesign` command ***requires*** a `DETACHED_SIGS_REPO` flag. * _**DETACHED_SIGS_REPO**_ @@ -159,7 +159,7 @@ which case you can override the default list by setting the space-separated `HOSTS` environment variable: ```sh -env HOSTS='x86_64-w64-mingw32 x86_64-apple-darwin18' ./contrib/guix/guix-build +env HOSTS='x86_64-w64-mingw32 x86_64-apple-darwin19' ./contrib/guix/guix-build ``` See the [recognized environment variables][env-vars-list] section for more @@ -224,7 +224,7 @@ details. _(defaults to "x86\_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu powerpc64-linux-gnu powerpc64le-linux-gnu - x86\_64-w64-mingw32 x86\_64-apple-darwin18")_ + x86\_64-w64-mingw32 x86\_64-apple-darwin19")_ * _**SOURCES_PATH**_ diff --git a/contrib/guix/guix-build b/contrib/guix/guix-build index af00e9dee0a4f..cbe07b1f8dafe 100755 --- a/contrib/guix/guix-build +++ b/contrib/guix/guix-build @@ -76,7 +76,7 @@ mkdir -p "$VERSION_BASE" # Default to building for all supported HOSTs (overridable by environment) export HOSTS="${HOSTS:-x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu riscv64-linux-gnu x86_64-w64-mingw32 - x86_64-apple-darwin18}" + x86_64-apple-darwin19}" # Usage: distsrc_for_host HOST # diff --git a/contrib/guix/guix-codesign b/contrib/guix/guix-codesign index 51cb7846e7a19..7f55ecf17099e 100755 --- a/contrib/guix/guix-codesign +++ b/contrib/guix/guix-codesign @@ -91,7 +91,7 @@ fi ################ # Default to building for all supported HOSTs (overridable by environment) -export HOSTS="${HOSTS:-x86_64-w64-mingw32 x86_64-apple-darwin18}" +export HOSTS="${HOSTS:-x86_64-w64-mingw32 x86_64-apple-darwin19}" # Usage: distsrc_for_host HOST # diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh index 73b7b1a5d306b..ebd4553c6d21d 100644 --- a/contrib/guix/libexec/build.sh +++ b/contrib/guix/libexec/build.sh @@ -147,7 +147,7 @@ case "$HOST" in # # After the native packages in depends are built, the ld wrapper should # no longer affect our build, as clang would instead reach for - # x86_64-apple-darwin18-ld from cctools + # x86_64-apple-darwin19-ld from cctools ;; *) export GUIX_LD_WRAPPER_DISABLE_RPATH=yes ;; esac @@ -417,8 +417,8 @@ mkdir -p "$DISTSRC" find "${DISTNAME}" -print0 \ | sort --zero-terminated \ | tar --create --no-recursion --mode='u+rw,go+r-w,a+X' --null --files-from=- \ - | gzip -9n > "${OUTDIR}/${DISTNAME}-${HOST//x86_64-apple-darwin18/osx64}.tar.gz" \ - || ( rm -f "${OUTDIR}/${DISTNAME}-${HOST//x86_64-apple-darwin18/osx64}.tar.gz" && exit 1 ) + | gzip -9n > "${OUTDIR}/${DISTNAME}-${HOST//x86_64-apple-darwin19/osx64}.tar.gz" \ + || ( rm -f "${OUTDIR}/${DISTNAME}-${HOST//x86_64-apple-darwin19/osx64}.tar.gz" && exit 1 ) ;; esac ) # $DISTSRC/installed From 30cd5ef2fa2faa7e114e47d978f1f1572475a4f3 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Tue, 27 Jun 2023 18:51:37 +0000 Subject: [PATCH 02/26] merge bitcoin#25643: compile FastFixedDtoa with -O1 to fix cross-arch reproducibility for arm32 --- depends/packages/qt.mk | 2 ++ .../qt/fast_fixed_dtoa_no_optimize.patch | 20 +++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 depends/patches/qt/fast_fixed_dtoa_no_optimize.patch diff --git a/depends/packages/qt.mk b/depends/packages/qt.mk index 0b7464fc7cd89..07ca21d22a4ec 100644 --- a/depends/packages/qt.mk +++ b/depends/packages/qt.mk @@ -16,6 +16,7 @@ $(package)_patches+= fix_limits_header.patch $(package)_patches+= fix_montery_include.patch $(package)_patches += glibc_compatibility.patch $(package)_patches+= qtbase-moc-ignore-gcc-macro.patch +$(package)_patches += fast_fixed_dtoa_no_optimize.patch $(package)_qttranslations_file_name=qttranslations-$($(package)_suffix) $(package)_qttranslations_sha256_hash=577b0668a777eb2b451c61e8d026d79285371597ce9df06b6dee6c814164b7c3 @@ -241,6 +242,7 @@ define $(package)_preprocess_cmds patch -p1 -i $($(package)_patch_dir)/fix_montery_include.patch && \ patch -p1 -i $($(package)_patch_dir)/glibc_compatibility.patch && \ patch -p1 -i $($(package)_patch_dir)/qtbase-moc-ignore-gcc-macro.patch && \ + patch -p1 -i $($(package)_patch_dir)/fast_fixed_dtoa_no_optimize.patch && \ mkdir -p qtbase/mkspecs/macx-clang-linux &&\ cp -f qtbase/mkspecs/macx-clang/qplatformdefs.h qtbase/mkspecs/macx-clang-linux/ &&\ cp -f $($(package)_patch_dir)/mac-qmake.conf qtbase/mkspecs/macx-clang-linux/qmake.conf && \ diff --git a/depends/patches/qt/fast_fixed_dtoa_no_optimize.patch b/depends/patches/qt/fast_fixed_dtoa_no_optimize.patch new file mode 100644 index 0000000000000..d4d6539f56dc4 --- /dev/null +++ b/depends/patches/qt/fast_fixed_dtoa_no_optimize.patch @@ -0,0 +1,20 @@ +Modify the optimisation flags for FastFixedDtoa. +This fixes a non-determinism issue in the asm produced for +this function when cross-compiling on x86_64 and aarch64 for +the arm-linux-gnueabihf HOST. + +--- a/qtbase/src/3rdparty/double-conversion/fixed-dtoa.h ++++ b/qtbase/src/3rdparty/double-conversion/fixed-dtoa.h +@@ -48,9 +48,12 @@ namespace double_conversion { + // + // This method only works for some parameters. If it can't handle the input it + // returns false. The output is null-terminated when the function succeeds. ++#pragma GCC push_options ++#pragma GCC optimize ("-O1") + bool FastFixedDtoa(double v, int fractional_count, + Vector buffer, int* length, int* decimal_point); + ++#pragma GCC pop_options + } // namespace double_conversion + + #endif // DOUBLE_CONVERSION_FIXED_DTOA_H_ From 2ed704bc8c6935990b1270d1c5df72e80e64af3d Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Wed, 24 Nov 2021 17:00:43 +0200 Subject: [PATCH 03/26] merge bitcoin#23583: Don't hard-code x86_64 as the arch when using qmake --- depends/README.md | 8 -- depends/packages/qt.mk | 7 +- depends/patches/qt/dont_hardcode_x86_64.patch | 123 ++++++++++++++++++ depends/patches/qt/mac-qmake.conf | 1 - 4 files changed, 128 insertions(+), 11 deletions(-) create mode 100644 depends/patches/qt/dont_hardcode_x86_64.patch diff --git a/depends/README.md b/depends/README.md index 110ccc3777dc8..2555e54f02640 100644 --- a/depends/README.md +++ b/depends/README.md @@ -83,14 +83,6 @@ For linux S390X cross compilation: sudo apt-get install g++-s390x-linux-gnu binutils-s390x-linux-gnu -### Install the required dependencies: M1-based macOS - -To be able to build the `qt` package, ensure that Rosetta 2 is installed: - -``` -softwareupdate --install-rosetta -``` - ### Dependency Options The following can be set when running make: `make FOO=bar` diff --git a/depends/packages/qt.mk b/depends/packages/qt.mk index 07ca21d22a4ec..ba184369e1d91 100644 --- a/depends/packages/qt.mk +++ b/depends/packages/qt.mk @@ -10,7 +10,7 @@ $(package)_linguist_tools = lrelease lupdate lconvert $(package)_patches = qt.pro qttools_src.pro $(package)_patches += fix_qt_pkgconfig.patch mac-qmake.conf fix_no_printer.patch no-xlib.patch $(package)_patches+= fix_android_qmake_conf.patch fix_android_jni_static.patch dont_hardcode_pwd.patch -$(package)_patches+= no_sdk_version_check.patch +$(package)_patches += dont_hardcode_x86_64.patch no_sdk_version_check.patch $(package)_patches+= fix_lib_paths.patch fix_android_pch.patch $(package)_patches+= fix_limits_header.patch $(package)_patches+= fix_montery_include.patch @@ -130,8 +130,10 @@ $(package)_config_opts_darwin += -device-option MAC_TARGET=$(host) $(package)_config_opts_darwin += -device-option XCODE_VERSION=$(XCODE_VERSION) endif -# for macOS on Apple Silicon (ARM) see https://bugreports.qt.io/browse/QTBUG-85279 +ifneq ($(build_arch),$(host_arch)) $(package)_config_opts_aarch64_darwin += -device-option QMAKE_APPLE_DEVICE_ARCHS=arm64 +$(package)_config_opts_x86_64_darwin += -device-option QMAKE_APPLE_DEVICE_ARCHS=x86_64 +endif $(package)_config_opts_linux = -qt-xcb $(package)_config_opts_linux += -no-xcb-xlib @@ -236,6 +238,7 @@ define $(package)_preprocess_cmds patch -p1 -i $($(package)_patch_dir)/fix_android_jni_static.patch && \ patch -p1 -i $($(package)_patch_dir)/fix_android_pch.patch && \ patch -p1 -i $($(package)_patch_dir)/no-xlib.patch && \ + patch -p1 -i $($(package)_patch_dir)/dont_hardcode_x86_64.patch && \ patch -p1 -i $($(package)_patch_dir)/no_sdk_version_check.patch && \ patch -p1 -i $($(package)_patch_dir)/fix_lib_paths.patch && \ patch -p1 -i $($(package)_patch_dir)/fix_limits_header.patch && \ diff --git a/depends/patches/qt/dont_hardcode_x86_64.patch b/depends/patches/qt/dont_hardcode_x86_64.patch new file mode 100644 index 0000000000000..0e1ca6acdabbc --- /dev/null +++ b/depends/patches/qt/dont_hardcode_x86_64.patch @@ -0,0 +1,123 @@ +macOS: Don't hard-code x86_64 as the architecture when using qmake + +Upstream commit: + - Qt 6.1: 9082cc8e8d5a6441dabe5e7a95bc0cd9085b95fe + +For other Qt branches see +https://codereview.qt-project.org/q/I70db7e4c27f0d3da5d0af33cb491d72c312d3fa8 + + +--- old/qtbase/configure.json ++++ new/qtbase/configure.json +@@ -208,11 +208,18 @@ + + "testTypeDependencies": { + "linkerSupportsFlag": [ "use_gold_linker" ], +- "verifySpec": [ "shared", "use_gold_linker", "compiler-flags", "qmakeargs", "commit" ], ++ "verifySpec": [ ++ "shared", ++ "use_gold_linker", ++ "compiler-flags", "qmakeargs", ++ "simulator_and_device", ++ "thread", ++ "commit" ], + "compile": [ "verifyspec" ], + "detectPkgConfig": [ "cross_compile", "machineTuple" ], + "library": [ "pkg-config", "compiler-flags" ], +- "getPkgConfigVariable": [ "pkg-config" ] ++ "getPkgConfigVariable": [ "pkg-config" ], ++ "architecture" : [ "verifyspec" ] + }, + + "testTypeAliases": { +@@ -653,7 +660,7 @@ + }, + "architecture": { + "label": "Architecture", +- "output": [ "architecture" ] ++ "output": [ "architecture", "commitConfig" ] + }, + "pkg-config": { + "label": "Using pkg-config", +diff --git a/configure.pri b/configure.pri +index 33c90a8c2f..71767e29d6 100644 + +--- old/qtbase/configure.pri ++++ new/qtbase/configure.pri +@@ -642,6 +642,13 @@ defineTest(qtConfOutput_commitOptions) { + write_file($$QT_BUILD_TREE/mkspecs/qdevice.pri, $${currentConfig}.output.devicePro)|error() + } + ++# Output is written after configuring each Qt module, ++# but some tests within a module might depend on the ++# configuration output of previous tests. ++defineTest(qtConfOutput_commitConfig) { ++ qtConfProcessOutput() ++} ++ + # type (empty or 'host'), option name, default value + defineTest(processQtPath) { + out_var = config.rel_input.$${2} +diff --git a/mkspecs/common/macx.conf b/mkspecs/common/macx.conf +index 7d4a406134..de96c12fc9 100644 + +--- old/qtbase/mkspecs/common/macx.conf ++++ new/qtbase/mkspecs/common/macx.conf +@@ -6,7 +6,6 @@ QMAKE_PLATFORM += macos osx macx + QMAKE_MAC_SDK = macosx + + QMAKE_MACOSX_DEPLOYMENT_TARGET = 10.12 +-QMAKE_APPLE_DEVICE_ARCHS = x86_64 + + QT_MAC_SDK_VERSION_MIN = 10.13 + QT_MAC_SDK_VERSION_MAX = 11.0 +diff --git a/mkspecs/features/mac/default_post.prf b/mkspecs/features/mac/default_post.prf +index d052808c14..0a89effe87 100644 + +--- old/qtbase/mkspecs/features/mac/default_post.prf ++++ new/qtbase/mkspecs/features/mac/default_post.prf +@@ -89,6 +89,11 @@ app_extension_api_only { + QMAKE_LFLAGS += $$QMAKE_CFLAGS_APPLICATION_EXTENSION + } + ++# Non-universal builds do not set QMAKE_APPLE_DEVICE_ARCHS, ++# so we pick it up from what the arch test resolved instead. ++isEmpty(QMAKE_APPLE_DEVICE_ARCHS): \ ++ QMAKE_APPLE_DEVICE_ARCHS = $$QT_ARCH ++ + macx-xcode { + qmake_pkginfo_typeinfo.name = QMAKE_PKGINFO_TYPEINFO + !isEmpty(QMAKE_PKGINFO_TYPEINFO): \ +@@ -144,9 +149,6 @@ macx-xcode { + simulator: VALID_SIMULATOR_ARCHS = $$QMAKE_APPLE_SIMULATOR_ARCHS + VALID_ARCHS = $$VALID_DEVICE_ARCHS $$VALID_SIMULATOR_ARCHS + +- isEmpty(VALID_ARCHS): \ +- error("QMAKE_APPLE_DEVICE_ARCHS or QMAKE_APPLE_SIMULATOR_ARCHS must contain at least one architecture") +- + single_arch: VALID_ARCHS = $$first(VALID_ARCHS) + + ACTIVE_ARCHS = $(filter $(EXPORT_VALID_ARCHS), $(ARCHS)) +diff --git a/mkspecs/features/toolchain.prf b/mkspecs/features/toolchain.prf +index 5003679bd0..c7c080cb07 100644 + +--- old/qtbase/mkspecs/features/toolchain.prf ++++ new/qtbase/mkspecs/features/toolchain.prf +@@ -182,9 +182,14 @@ isEmpty($${target_prefix}.INCDIRS) { + # UIKit simulator platforms will see the device SDK's sysroot in + # QMAKE_DEFAULT_*DIRS, because they're handled in a single build pass. + darwin { +- # Clang doesn't pick up the architecture from the sysroot, and will +- # default to the host architecture, so we need to manually set it. +- cxx_flags += -arch $$QMAKE_APPLE_DEVICE_ARCHS ++ uikit { ++ # Clang doesn't automatically pick up the architecture, just because ++ # we're passing the iOS sysroot below, and we will end up building the ++ # test for the host architecture, resulting in linker errors when ++ # linking against the iOS libraries. We work around this by passing ++ # the architecture explicitly. ++ cxx_flags += -arch $$first(QMAKE_APPLE_DEVICE_ARCHS) ++ } + + uikit:macx-xcode: \ + cxx_flags += -isysroot $$sdk_path_device.value diff --git a/depends/patches/qt/mac-qmake.conf b/depends/patches/qt/mac-qmake.conf index 190ab7a160e49..e4bfaa1463e27 100644 --- a/depends/patches/qt/mac-qmake.conf +++ b/depends/patches/qt/mac-qmake.conf @@ -13,7 +13,6 @@ QMAKE_MAC_SDK.macosx.Path = $${MAC_SDK_PATH} QMAKE_MAC_SDK.macosx.platform_name = macosx QMAKE_MAC_SDK.macosx.SDKVersion = $${MAC_SDK_VERSION} QMAKE_MAC_SDK.macosx.PlatformPath = /phony -QMAKE_APPLE_DEVICE_ARCHS=x86_64 !host_build: QMAKE_CFLAGS += -target $${MAC_TARGET} !host_build: QMAKE_OBJECTIVE_CFLAGS += $$QMAKE_CFLAGS !host_build: QMAKE_CXXFLAGS += $$QMAKE_CFLAGS From 7d9a5d6ddcbc834bca3c2ce1462fae70afcb153b Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Sun, 28 Nov 2021 20:56:54 +0200 Subject: [PATCH 04/26] merge bitcoin#23618: Ditch no_sdk_version_check.patch --- depends/packages/qt.mk | 4 ++-- depends/patches/qt/no_sdk_version_check.patch | 20 ------------------- 2 files changed, 2 insertions(+), 22 deletions(-) delete mode 100644 depends/patches/qt/no_sdk_version_check.patch diff --git a/depends/packages/qt.mk b/depends/packages/qt.mk index ba184369e1d91..b04856b5e2c5d 100644 --- a/depends/packages/qt.mk +++ b/depends/packages/qt.mk @@ -10,7 +10,7 @@ $(package)_linguist_tools = lrelease lupdate lconvert $(package)_patches = qt.pro qttools_src.pro $(package)_patches += fix_qt_pkgconfig.patch mac-qmake.conf fix_no_printer.patch no-xlib.patch $(package)_patches+= fix_android_qmake_conf.patch fix_android_jni_static.patch dont_hardcode_pwd.patch -$(package)_patches += dont_hardcode_x86_64.patch no_sdk_version_check.patch +$(package)_patches += dont_hardcode_x86_64.patch $(package)_patches+= fix_lib_paths.patch fix_android_pch.patch $(package)_patches+= fix_limits_header.patch $(package)_patches+= fix_montery_include.patch @@ -239,7 +239,6 @@ define $(package)_preprocess_cmds patch -p1 -i $($(package)_patch_dir)/fix_android_pch.patch && \ patch -p1 -i $($(package)_patch_dir)/no-xlib.patch && \ patch -p1 -i $($(package)_patch_dir)/dont_hardcode_x86_64.patch && \ - patch -p1 -i $($(package)_patch_dir)/no_sdk_version_check.patch && \ patch -p1 -i $($(package)_patch_dir)/fix_lib_paths.patch && \ patch -p1 -i $($(package)_patch_dir)/fix_limits_header.patch && \ patch -p1 -i $($(package)_patch_dir)/fix_montery_include.patch && \ @@ -263,6 +262,7 @@ endef define $(package)_config_cmds export PKG_CONFIG_SYSROOT_DIR=/ && \ export PKG_CONFIG_LIBDIR=$(host_prefix)/lib/pkgconfig && \ + export QT_MAC_SDK_NO_VERSION_CHECK=1 && \ cd qtbase && \ ./configure -top-level $($(package)_config_opts) endef diff --git a/depends/patches/qt/no_sdk_version_check.patch b/depends/patches/qt/no_sdk_version_check.patch deleted file mode 100644 index b16635b572025..0000000000000 --- a/depends/patches/qt/no_sdk_version_check.patch +++ /dev/null @@ -1,20 +0,0 @@ -commit f5eb142cd04be2bc4ca610ed3b5b7e8ce3520ee3 -Author: fanquake -Date: Tue Jan 5 16:08:49 2021 +0800 - - Don't invoke macOS SDK version checking - - This tries to use xcrun which is not available when cross-compiling. - -diff --git a/qtbase/mkspecs/features/mac/default_post.prf b/qtbase/mkspecs/features/mac/default_post.prf -index 92a9112bca6..447e186eb26 100644 ---- a/qtbase/mkspecs/features/mac/default_post.prf -+++ b/qtbase/mkspecs/features/mac/default_post.prf -@@ -8,7 +8,6 @@ contains(TEMPLATE, .*app) { - !macx-xcode:if(isEmpty(BUILDS)|build_pass) { - # Detect changes to the platform SDK - QMAKE_EXTRA_VARIABLES += QMAKE_MAC_SDK QMAKE_MAC_SDK_VERSION QMAKE_XCODE_DEVELOPER_PATH -- QMAKE_EXTRA_INCLUDES += $$shell_quote($$PWD/sdk.mk) - } - - # Detect incompatible SDK versions From 13c2a9b5867c977e70c40b51366eb92387fca1ab Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Fri, 26 Nov 2021 14:19:27 +0200 Subject: [PATCH 05/26] merge bitcoin#23603: Fix x86_64 <-> arm64 cross-compiling for macOS --- depends/builders/darwin.mk | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/depends/builders/darwin.mk b/depends/builders/darwin.mk index c07417cfab570..ffa18e8bad8e9 100644 --- a/depends/builders/darwin.mk +++ b/depends/builders/darwin.mk @@ -21,3 +21,8 @@ darwin_NM:=$(shell xcrun -f nm) darwin_INSTALL_NAME_TOOL:=$(shell xcrun -f install_name_tool) darwin_native_binutils= darwin_native_toolchain= + +x86_64_darwin_CFLAGS = -arch x86_64 +x86_64_darwin_CXXFLAGS = $(x86_64_darwin_CFLAGS) +aarch64_darwin_CFLAGS = -arch arm64 +aarch64_darwin_CXXFLAGS = $(aarch64_darwin_CFLAGS) From 19a81643c8e0d52f68bfd3ba62d4c19765d3c7af Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Tue, 20 Jun 2023 07:15:17 +0000 Subject: [PATCH 06/26] merge bitcoin#23817: Fix regression introduced in PR23603 --- depends/builders/darwin.mk | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/depends/builders/darwin.mk b/depends/builders/darwin.mk index ffa18e8bad8e9..e298d302ca25a 100644 --- a/depends/builders/darwin.mk +++ b/depends/builders/darwin.mk @@ -22,7 +22,7 @@ darwin_INSTALL_NAME_TOOL:=$(shell xcrun -f install_name_tool) darwin_native_binutils= darwin_native_toolchain= -x86_64_darwin_CFLAGS = -arch x86_64 -x86_64_darwin_CXXFLAGS = $(x86_64_darwin_CFLAGS) -aarch64_darwin_CFLAGS = -arch arm64 -aarch64_darwin_CXXFLAGS = $(aarch64_darwin_CFLAGS) +x86_64_darwin_CFLAGS += -arch x86_64 +x86_64_darwin_CXXFLAGS += -arch x86_64 +aarch64_darwin_CFLAGS += -arch arm64 +aarch64_darwin_CXXFLAGS += -arch arm64 From 14f6e376807b62b0fb2fe2511029e92b69b071e1 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Tue, 20 Jun 2023 07:16:11 +0000 Subject: [PATCH 07/26] merge bitcoin#24520: only check for the macOS SDK once --- contrib/guix/guix-build | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/guix/guix-build b/contrib/guix/guix-build index cbe07b1f8dafe..fe9b7b8c02d12 100755 --- a/contrib/guix/guix-build +++ b/contrib/guix/guix-build @@ -121,7 +121,7 @@ else fi ################ -# When building for darwin, the macOS SDK should exists +# When building for darwin, the macOS SDK should exist ################ for host in $HOSTS; do @@ -130,6 +130,7 @@ for host in $HOSTS; do OSX_SDK="$(make -C "${PWD}/depends" --no-print-directory HOST="$host" print-OSX_SDK | sed 's@^[^=]\+=@@g')" if [ -e "$OSX_SDK" ]; then echo "Found macOS SDK at '${OSX_SDK}', using..." + break else echo "macOS SDK does not exist at '${OSX_SDK}', please place the extracted, untarred SDK there to perform darwin builds, exiting..." exit 1 From 6169e200c3a659d1f3ff2edfd3bec12eee8edc50 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Sun, 11 Jun 2023 04:38:03 +0000 Subject: [PATCH 08/26] merge bitcoin#24508: Drop unneeded openssl dependency for signapple --- contrib/guix/manifest.scm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index 4408b709a857a..f702fc66d326d 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -498,8 +498,7 @@ and endian independent.") ("python-certvalidator" ,python-certvalidator) ("python-elfesteem" ,python-elfesteem) ("python-requests" ,python-requests) - ("python-macholib" ,python-macholib) - ("libcrypto" ,openssl))) + ("python-macholib" ,python-macholib))) ;; There are no tests, but attempting to run python setup.py test leads to ;; problems, just disable the test (arguments '(#:tests? #f)) From a8129266eb28009f8af81edb1b5554efcab4051f Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Sat, 10 Jun 2023 10:05:38 +0000 Subject: [PATCH 09/26] merge bitcoin#25639: Drop repetition of option's default value --- contrib/guix/manifest.scm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index f702fc66d326d..b43c6f5ffa095 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -630,8 +630,7 @@ parse, modify and abstract ELF, PE and MachO formats.") ((string-contains target "-linux-") (list (cond ((string-contains target "riscv64-") (make-bitcoin-cross-toolchain target - #:base-libc (make-glibc-without-werror glibc-2.27/bitcoin-patched) - #:base-kernel-headers base-linux-kernel-headers)) + #:base-libc (make-glibc-without-werror glibc-2.27/bitcoin-patched))) (else (make-bitcoin-cross-toolchain target))))) ((string-contains target "darwin") From 9c5d657c54a6746be6f4fcd2bf3e4672d2bfcfd6 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Tue, 9 May 2023 18:08:03 +0000 Subject: [PATCH 10/26] merge bitcoin#26018: consistently use -ffile-prefix-map --- contrib/guix/patches/glibc-2.24-guix-prefix.patch | 2 +- contrib/guix/patches/glibc-2.27-guix-prefix.patch | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/guix/patches/glibc-2.24-guix-prefix.patch b/contrib/guix/patches/glibc-2.24-guix-prefix.patch index cba2f59a8dcdb..875e8cd611914 100644 --- a/contrib/guix/patches/glibc-2.24-guix-prefix.patch +++ b/contrib/guix/patches/glibc-2.24-guix-prefix.patch @@ -15,7 +15,7 @@ when we being using newer versions of glibc. CFLAGS-.oS = $(CFLAGS-.o) $(PIC-ccflag) + +# Map Guix store paths to /usr -+CFLAGS-.oS += `find /gnu/store -maxdepth 1 -mindepth 1 -type d -exec echo -n " -fdebug-prefix-map={}=/usr" \;` ++CFLAGS-.oS += `find /gnu/store -maxdepth 1 -mindepth 1 -type d -exec echo -n " -ffile-prefix-map={}=/usr" \;` + CPPFLAGS-.oS = $(CPPFLAGS-.o) -DPIC -DLIBC_NONSHARED=1 libtype.oS = lib%_nonshared.a diff --git a/contrib/guix/patches/glibc-2.27-guix-prefix.patch b/contrib/guix/patches/glibc-2.27-guix-prefix.patch index cdb3971f7a049..d777af74f0188 100644 --- a/contrib/guix/patches/glibc-2.27-guix-prefix.patch +++ b/contrib/guix/patches/glibc-2.27-guix-prefix.patch @@ -15,7 +15,7 @@ when we being using newer versions of glibc. CFLAGS-.o = $(filter %frame-pointer,$(+cflags)) $(pie-default) + +# Map Guix store paths to /usr -+CFLAGS-.o += `find /gnu/store -maxdepth 1 -mindepth 1 -type d -exec echo -n " -fdebug-prefix-map={}=/usr" \;` ++CFLAGS-.o += `find /gnu/store -maxdepth 1 -mindepth 1 -type d -exec echo -n " -ffile-prefix-map={}=/usr" \;` + libtype.o := lib%.a object-suffixes += .o From fc6252bedc0865246d1db99d68ad815973e7f1df Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Tue, 21 Jun 2022 07:21:32 +0100 Subject: [PATCH 11/26] merge bitcoin#25437: remove explicit glibc stack protector disabling --- contrib/guix/manifest.scm | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index b43c6f5ffa095..635745e9fdb3b 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -137,25 +137,11 @@ chain for " target " development.")) (define base-gcc gcc-10) (define base-linux-kernel-headers linux-libre-headers-5.15) -;; Building glibc with stack smashing protector first landed in glibc 2.25, use -;; this function to disable for older glibcs -;; -;; From glibc 2.25 changelog: -;; -;; * Most of glibc can now be built with the stack smashing protector enabled. -;; It is recommended to build glibc with --enable-stack-protector=strong. -;; Implemented by Nick Alcock (Oracle). -(define (make-glibc-without-ssp xglibc) - (package-with-extra-configure-variable - (package-with-extra-configure-variable - xglibc "libc_cv_ssp" "no") - "libc_cv_ssp_strong" "no")) - (define* (make-bitcoin-cross-toolchain target #:key (base-gcc-for-libc base-gcc) (base-kernel-headers base-linux-kernel-headers) - (base-libc (make-glibc-without-ssp (make-glibc-without-werror glibc-2.24))) + (base-libc (make-glibc-without-werror glibc-2.24)) (base-gcc (make-gcc-rpath-link base-gcc))) "Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values desirable for building Dash Core release binaries." From 205aa83eaafa7e998616ba5fc381798560ed9764 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Mon, 19 Jun 2023 13:19:30 +0000 Subject: [PATCH 12/26] merge bitcoin#25484: enable toolchain hardening by default --- contrib/guix/manifest.scm | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index 635745e9fdb3b..de2f9b16012da 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -137,12 +137,19 @@ chain for " target " development.")) (define base-gcc gcc-10) (define base-linux-kernel-headers linux-libre-headers-5.15) +;; https://gcc.gnu.org/install/configure.html +(define (hardened-gcc gcc) + (package-with-extra-configure-variable ( + package-with-extra-configure-variable gcc + "--enable-default-ssp" "yes") + "--enable-default-pie" "yes")) + (define* (make-bitcoin-cross-toolchain target #:key (base-gcc-for-libc base-gcc) (base-kernel-headers base-linux-kernel-headers) - (base-libc (make-glibc-without-werror glibc-2.24)) - (base-gcc (make-gcc-rpath-link base-gcc))) + (base-libc (make-glibc-with-bind-now (make-glibc-without-werror glibc-2.24))) + (base-gcc (make-gcc-rpath-link (hardened-gcc base-gcc)))) "Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values desirable for building Dash Core release binaries." (make-cross-toolchain target @@ -497,6 +504,12 @@ inspecting signatures in Mach-O binaries.") (define (make-glibc-without-werror glibc) (package-with-extra-configure-variable glibc "enable_werror" "no")) +(define (make-glibc-with-stack-protector glibc) + (package-with-extra-configure-variable glibc "--enable-stack-protector" "all")) + +(define (make-glibc-with-bind-now glibc) + (package-with-extra-configure-variable glibc "--enable-bind-now" "yes")) + (define-public glibc-2.24 (package (inherit glibc-2.31) @@ -616,7 +629,8 @@ parse, modify and abstract ELF, PE and MachO formats.") ((string-contains target "-linux-") (list (cond ((string-contains target "riscv64-") (make-bitcoin-cross-toolchain target - #:base-libc (make-glibc-without-werror glibc-2.27/bitcoin-patched))) + #:base-libc (make-glibc-with-stack-protector + (make-glibc-with-bind-now (make-glibc-without-werror glibc-2.27/bitcoin-patched))))) (else (make-bitcoin-cross-toolchain target))))) ((string-contains target "darwin") From ab8c26a5331b6876044c469a47d7db76b24e498d Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Mon, 19 Jun 2023 13:22:31 +0000 Subject: [PATCH 13/26] merge bitcoin#23585: Drop Darwin version for better maintainability --- .gitlab-ci.yml | 8 ++++---- ci/test/00_setup_env_mac.sh | 2 +- ci/test/00_setup_env_mac_host.sh | 2 +- contrib/gitian-descriptors/gitian-osx.yml | 6 +++--- contrib/guix/README.md | 6 +++--- contrib/guix/guix-build | 2 +- contrib/guix/guix-codesign | 2 +- contrib/guix/libexec/build.sh | 6 +++--- depends/README.md | 2 +- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0d33c1ab9ae80..d52ed8f1bf65d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -48,7 +48,7 @@ builder-image: before_script: - echo HOST=$HOST - | - if [ "$HOST" = "x86_64-apple-darwin19" ]; then + if [ "$HOST" = "x86_64-apple-darwin" ]; then mkdir -p depends/SDKs mkdir -p depends/sdk-sources OSX_SDK_BASENAME="Xcode-${XCODE_VERSION}-${XCODE_BUILD_ID}-extracted-SDK-with-libcxx-headers.tar.gz" @@ -193,12 +193,12 @@ x86_64-pc-linux-gnu-nowallet: HOST: x86_64-pc-linux-gnu DEP_OPTS: "NO_WALLET=1" -x86_64-apple-darwin19: +x86_64-apple-darwin: extends: - .build-depends-template - .skip-in-fast-mode-template variables: - HOST: x86_64-apple-darwin19 + HOST: x86_64-apple-darwin ### @@ -302,7 +302,7 @@ mac-build: - .build-template - .skip-in-fast-mode-template needs: - - x86_64-apple-darwin19 + - x86_64-apple-darwin variables: BUILD_TARGET: mac diff --git a/ci/test/00_setup_env_mac.sh b/ci/test/00_setup_env_mac.sh index 15e8bb3f76e08..663c9a403a474 100755 --- a/ci/test/00_setup_env_mac.sh +++ b/ci/test/00_setup_env_mac.sh @@ -7,7 +7,7 @@ export LC_ALL=C.UTF-8 export CONTAINER_NAME=ci_macos_cross -export HOST=x86_64-apple-darwin19 +export HOST=x86_64-apple-darwin export PACKAGES="cmake libcap-dev libz-dev libbz2-dev python3-dev python3-setuptools" export XCODE_VERSION=12.1 export XCODE_BUILD_ID=12A7403 diff --git a/ci/test/00_setup_env_mac_host.sh b/ci/test/00_setup_env_mac_host.sh index a5459ea0a95e2..3ff94c65a8199 100755 --- a/ci/test/00_setup_env_mac_host.sh +++ b/ci/test/00_setup_env_mac_host.sh @@ -7,7 +7,7 @@ export LC_ALL=C.UTF-8 export CONTAINER_NAME=ci_macos -export HOST=x86_64-apple-darwin19 +export HOST=x86_64-apple-darwin export PIP_PACKAGES="zmq lief" export RUN_UNIT_TESTS=true export RUN_INTEGRATION_TESTS=false diff --git a/contrib/gitian-descriptors/gitian-osx.yml b/contrib/gitian-descriptors/gitian-osx.yml index 3dd0d7dc9bc01..94795287aef40 100644 --- a/contrib/gitian-descriptors/gitian-osx.yml +++ b/contrib/gitian-descriptors/gitian-osx.yml @@ -38,7 +38,7 @@ script: | set -e -o pipefail WRAP_DIR=$HOME/wrapped - HOSTS="x86_64-apple-darwin19" + HOSTS="x86_64-apple-darwin" CONFIGFLAGS="--enable-reduce-exports --disable-miner --disable-bench --disable-gui-tests --disable-fuzz-binary XORRISOFS=${WRAP_DIR}/xorrisofs DMG=${WRAP_DIR}/dmg --enable-crash-hooks" FAKETIME_HOST_PROGS="" FAKETIME_PROGS="ar ranlib date dmg xorrisofs" @@ -172,8 +172,8 @@ script: | find ${DISTNAME} -path '*.dSYM*' | sort | tar --mtime="$REFERENCE_DATETIME" --no-recursion --mode='u+rw,go+r-w,a+X' --owner=0 --group=0 -c -T - | gzip -9n > ${OUTDIR}/${DISTNAME}-${i}-debug.tar.gz cd ../../ done - mv ${OUTDIR}/${DISTNAME}-x86_64-apple-darwin19.tar.gz ${OUTDIR}/${DISTNAME}-osx64.tar.gz - mv ${OUTDIR}/${DISTNAME}-x86_64-apple-darwin19-debug.tar.gz ${OUTDIR}/${DISTNAME}-osx64-debug.tar.gz + mv ${OUTDIR}/${DISTNAME}-x86_64-apple-darwin.tar.gz ${OUTDIR}/${DISTNAME}-osx64.tar.gz + mv ${OUTDIR}/${DISTNAME}-x86_64-apple-darwin-debug.tar.gz ${OUTDIR}/${DISTNAME}-osx64-debug.tar.gz # Compress ccache (otherwise the assert file will get too huge) if [ "$CCACHE_DIR" != "" ]; then diff --git a/contrib/guix/README.md b/contrib/guix/README.md index 7e4525188dc41..41a66e9738538 100644 --- a/contrib/guix/README.md +++ b/contrib/guix/README.md @@ -75,7 +75,7 @@ crucial differences: 1. Since only Windows and macOS build outputs require codesigning, the `HOSTS` environment variable will have a sane default value of `x86_64-w64-mingw32 - x86_64-apple-darwin19` instead of all the platforms. + x86_64-apple-darwin` instead of all the platforms. 2. The `guix-codesign` command ***requires*** a `DETACHED_SIGS_REPO` flag. * _**DETACHED_SIGS_REPO**_ @@ -159,7 +159,7 @@ which case you can override the default list by setting the space-separated `HOSTS` environment variable: ```sh -env HOSTS='x86_64-w64-mingw32 x86_64-apple-darwin19' ./contrib/guix/guix-build +env HOSTS='x86_64-w64-mingw32 x86_64-apple-darwin' ./contrib/guix/guix-build ``` See the [recognized environment variables][env-vars-list] section for more @@ -224,7 +224,7 @@ details. _(defaults to "x86\_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu powerpc64-linux-gnu powerpc64le-linux-gnu - x86\_64-w64-mingw32 x86\_64-apple-darwin19")_ + x86\_64-w64-mingw32 x86\_64-apple-darwin")_ * _**SOURCES_PATH**_ diff --git a/contrib/guix/guix-build b/contrib/guix/guix-build index fe9b7b8c02d12..c59ccf90b28f6 100755 --- a/contrib/guix/guix-build +++ b/contrib/guix/guix-build @@ -76,7 +76,7 @@ mkdir -p "$VERSION_BASE" # Default to building for all supported HOSTs (overridable by environment) export HOSTS="${HOSTS:-x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu riscv64-linux-gnu x86_64-w64-mingw32 - x86_64-apple-darwin19}" + x86_64-apple-darwin}" # Usage: distsrc_for_host HOST # diff --git a/contrib/guix/guix-codesign b/contrib/guix/guix-codesign index 7f55ecf17099e..0a60799630d79 100755 --- a/contrib/guix/guix-codesign +++ b/contrib/guix/guix-codesign @@ -91,7 +91,7 @@ fi ################ # Default to building for all supported HOSTs (overridable by environment) -export HOSTS="${HOSTS:-x86_64-w64-mingw32 x86_64-apple-darwin19}" +export HOSTS="${HOSTS:-x86_64-w64-mingw32 x86_64-apple-darwin}" # Usage: distsrc_for_host HOST # diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh index ebd4553c6d21d..3eea4d4229d0e 100644 --- a/contrib/guix/libexec/build.sh +++ b/contrib/guix/libexec/build.sh @@ -147,7 +147,7 @@ case "$HOST" in # # After the native packages in depends are built, the ld wrapper should # no longer affect our build, as clang would instead reach for - # x86_64-apple-darwin19-ld from cctools + # x86_64-apple-darwin-ld from cctools ;; *) export GUIX_LD_WRAPPER_DISABLE_RPATH=yes ;; esac @@ -417,8 +417,8 @@ mkdir -p "$DISTSRC" find "${DISTNAME}" -print0 \ | sort --zero-terminated \ | tar --create --no-recursion --mode='u+rw,go+r-w,a+X' --null --files-from=- \ - | gzip -9n > "${OUTDIR}/${DISTNAME}-${HOST//x86_64-apple-darwin19/osx64}.tar.gz" \ - || ( rm -f "${OUTDIR}/${DISTNAME}-${HOST//x86_64-apple-darwin19/osx64}.tar.gz" && exit 1 ) + | gzip -9n > "${OUTDIR}/${DISTNAME}-${HOST//x86_64-apple-darwin/osx64}.tar.gz" \ + || ( rm -f "${OUTDIR}/${DISTNAME}-${HOST//x86_64-apple-darwin/osx64}.tar.gz" && exit 1 ) ;; esac ) # $DISTSRC/installed diff --git a/depends/README.md b/depends/README.md index 2555e54f02640..37def98cb7595 100644 --- a/depends/README.md +++ b/depends/README.md @@ -25,7 +25,7 @@ Common `host-platform-triplets` for cross compilation are: - `i686-pc-linux-gnu` for Linux 32 bit - `x86_64-pc-linux-gnu` for x86 Linux - `x86_64-w64-mingw32` for Win64 -- `x86_64-apple-darwin19` for macOS +- `x86_64-apple-darwin` for macOS - `arm-linux-gnueabihf` for Linux ARM 32 bit - `aarch64-linux-gnu` for Linux ARM 64 bit - `powerpc64-linux-gnu` for Linux POWER 64-bit (big endian) From 9600020a1f1880a3f4e32250d5cfbe4d1237aa21 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Mon, 19 Jun 2023 13:26:12 +0000 Subject: [PATCH 14/26] merge bitcoin#24549: Use $HOST instead of generic osx{64} for macOS artifacts --- contrib/guix/guix-codesign | 2 +- contrib/guix/libexec/build.sh | 14 +++++++------- contrib/guix/libexec/codesign.sh | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/contrib/guix/guix-codesign b/contrib/guix/guix-codesign index 0a60799630d79..8e9b03cb92003 100755 --- a/contrib/guix/guix-codesign +++ b/contrib/guix/guix-codesign @@ -155,7 +155,7 @@ unsigned_tarball_for_host() { echo "$(outdir_for_host "$1")/${DISTNAME}-win-unsigned.tar.gz" ;; *darwin*) - echo "$(outdir_for_host "$1")/${DISTNAME}-osx-unsigned.tar.gz" + echo "$(outdir_for_host "$1")/${DISTNAME}-${1}-unsigned.tar.gz" ;; *) exit 1 diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh index 3eea4d4229d0e..0252f7b69f20e 100644 --- a/contrib/guix/libexec/build.sh +++ b/contrib/guix/libexec/build.sh @@ -342,10 +342,10 @@ mkdir -p "$DISTSRC" find . -print0 \ | sort --zero-terminated \ | tar --create --no-recursion --mode='u+rw,go+r-w,a+X' --null --files-from=- \ - | gzip -9n > "${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz" \ - || ( rm -f "${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz" && exit 1 ) + | gzip -9n > "${OUTDIR}/${DISTNAME}-${HOST}-unsigned.tar.gz" \ + || ( rm -f "${OUTDIR}/${DISTNAME}-${HOST}-unsigned.tar.gz" && exit 1 ) ) - make deploy ${V:+V=1} OSX_DMG="${OUTDIR}/${DISTNAME}-osx-unsigned.dmg" + make deploy ${V:+V=1} OSX_DMG="${OUTDIR}/${DISTNAME}-${HOST}-unsigned.dmg" ;; esac ( @@ -417,8 +417,8 @@ mkdir -p "$DISTSRC" find "${DISTNAME}" -print0 \ | sort --zero-terminated \ | tar --create --no-recursion --mode='u+rw,go+r-w,a+X' --null --files-from=- \ - | gzip -9n > "${OUTDIR}/${DISTNAME}-${HOST//x86_64-apple-darwin/osx64}.tar.gz" \ - || ( rm -f "${OUTDIR}/${DISTNAME}-${HOST//x86_64-apple-darwin/osx64}.tar.gz" && exit 1 ) + | gzip -9n > "${OUTDIR}/${DISTNAME}-${HOST}.tar.gz" \ + || ( rm -f "${OUTDIR}/${DISTNAME}-${HOST}.tar.gz" && exit 1 ) ;; esac ) # $DISTSRC/installed @@ -433,8 +433,8 @@ mkdir -p "$DISTSRC" find . -print0 \ | sort --zero-terminated \ | tar --create --no-recursion --mode='u+rw,go+r-w,a+X' --null --files-from=- \ - | gzip -9n > "${OUTDIR}/${DISTNAME}-win-unsigned.tar.gz" \ - || ( rm -f "${OUTDIR}/${DISTNAME}-win-unsigned.tar.gz" && exit 1 ) + | gzip -9n > "${OUTDIR}/${DISTNAME}-win64-unsigned.tar.gz" \ + || ( rm -f "${OUTDIR}/${DISTNAME}-win64-unsigned.tar.gz" && exit 1 ) ) ;; esac diff --git a/contrib/guix/libexec/codesign.sh b/contrib/guix/libexec/codesign.sh index 3c5ec17bc509b..59df8e87fac22 100755 --- a/contrib/guix/libexec/codesign.sh +++ b/contrib/guix/libexec/codesign.sh @@ -88,7 +88,7 @@ mkdir -p "$DISTSRC" -- -volume_date all_file_dates ="$SOURCE_DATE_EPOCH" # Compress uncompressed.dmg and output to OUTDIR - ./dmg dmg uncompressed.dmg "${OUTDIR}/${DISTNAME}-osx-signed.dmg" + ./dmg dmg uncompressed.dmg "${OUTDIR}/${DISTNAME}-${HOST}.dmg" ;; *) exit 1 From b7d688ed218006ee67eb156a59485ab4be43d821 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Tue, 20 Jun 2023 10:01:13 +0000 Subject: [PATCH 15/26] merge bitcoin#24733: Fix "ERR: Unsigned tarballs do not exist" --- contrib/guix/guix-codesign | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/guix/guix-codesign b/contrib/guix/guix-codesign index 8e9b03cb92003..8fe5d223bcdc4 100755 --- a/contrib/guix/guix-codesign +++ b/contrib/guix/guix-codesign @@ -152,7 +152,7 @@ outdir_for_host() { unsigned_tarball_for_host() { case "$1" in *mingw*) - echo "$(outdir_for_host "$1")/${DISTNAME}-win-unsigned.tar.gz" + echo "$(outdir_for_host "$1")/${DISTNAME}-win64-unsigned.tar.gz" ;; *darwin*) echo "$(outdir_for_host "$1")/${DISTNAME}-${1}-unsigned.tar.gz" From 96e8ad806261b0e237d27907fdc3ed02c33e7e73 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Tue, 20 Jun 2023 13:28:05 +0000 Subject: [PATCH 16/26] merge bitcoin#21991: libevent 2.1.12-stable --- depends/packages/libevent.mk | 14 ++++---------- .../libevent/0001-fix-windows-getaddrinfo.patch | 15 --------------- doc/dependencies.md | 2 +- 3 files changed, 5 insertions(+), 26 deletions(-) delete mode 100644 depends/patches/libevent/0001-fix-windows-getaddrinfo.patch diff --git a/depends/packages/libevent.mk b/depends/packages/libevent.mk index 1cd5a1749ac88..dad317193c024 100644 --- a/depends/packages/libevent.mk +++ b/depends/packages/libevent.mk @@ -1,14 +1,8 @@ package=libevent -$(package)_version=2.1.11-stable -$(package)_download_path=https://github.com/libevent/libevent/archive/ -$(package)_file_name=release-$($(package)_version).tar.gz -$(package)_sha256_hash=229393ab2bf0dc94694f21836846b424f3532585bac3468738b7bf752c03901e -$(package)_patches=0001-fix-windows-getaddrinfo.patch - -define $(package)_preprocess_cmds - patch -p1 < $($(package)_patch_dir)/0001-fix-windows-getaddrinfo.patch && \ - ./autogen.sh -endef +$(package)_version=2.1.12-stable +$(package)_download_path=https://github.com/libevent/libevent/releases/download/release-$($(package)_version)/ +$(package)_file_name=$(package)-$($(package)_version).tar.gz +$(package)_sha256_hash=92e6de1be9ec176428fd2367677e61ceffc2ee1cb119035037a27d346b0403bb # When building for Windows, we set _WIN32_WINNT to target the same Windows # version as we do in configure. Due to quirks in libevents build system, this diff --git a/depends/patches/libevent/0001-fix-windows-getaddrinfo.patch b/depends/patches/libevent/0001-fix-windows-getaddrinfo.patch deleted file mode 100644 index a98cd90bd58a2..0000000000000 --- a/depends/patches/libevent/0001-fix-windows-getaddrinfo.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -ur libevent-2.1.8-stable.orig/configure.ac libevent-2.1.8-stable/configure.ac ---- libevent-2.1.8-stable.orig/configure.ac 2017-01-29 17:51:00.000000000 +0000 -+++ libevent-2.1.8-stable/configure.ac 2020-03-07 01:11:16.311335005 +0000 -@@ -389,6 +389,10 @@ - #ifdef HAVE_NETDB_H - #include - #endif -+#ifdef _WIN32 -+#include -+#include -+#endif - ]], - [[ - getaddrinfo; -Only in libevent-2.1.8-stable: configure.ac~ diff --git a/doc/dependencies.md b/doc/dependencies.md index bca8169a4b5ed..31fb105ffe862 100644 --- a/doc/dependencies.md +++ b/doc/dependencies.md @@ -14,7 +14,7 @@ These are the dependencies currently used by Dash Core. You can find instruction | GCC | | [7+](https://gcc.gnu.org/) (C++17 support) | | | | | glibc | | [2.18](https://www.gnu.org/software/libc/) | | | | | | HarfBuzz-NG | | | | | [Yes](https://github.com/dashpay/dash/blob/develop/depends/packages/qt.mk) | -| libevent | [2.1.11-stable](https://github.com/libevent/libevent/releases) | [2.0.21](https://github.com/bitcoin/bitcoin/pull/18676) | No | | | +| libevent | [2.1.12-stable](https://github.com/libevent/libevent/releases) | [2.0.21](https://github.com/bitcoin/bitcoin/pull/18676) | No | | | | libnatpmp | git commit [4536032...](https://github.com/miniupnp/libnatpmp/tree/4536032ae32268a45c073a4d5e91bbab4534773a) | | No | | | | libpng | | | | | [Yes](https://github.com/dashpay/dash/blob/develop/depends/packages/qt.mk) | | Linux Kernel | [N/A](https://www.kernel.org/) | 3.2.0 | | | | From f16a29a864618cb0eb1ab968c1edbf233bcb2174 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Tue, 20 Jun 2023 13:29:58 +0000 Subject: [PATCH 17/26] partial bitcoin#22318: Avoid @GLIBC_2.25 symbols for compatibility contains: - a4b0b340df22dd0e11096c94ebe669dc68f4a05d --- depends/packages/libevent.mk | 5 +++++ depends/patches/libevent/glibc_compatibility.patch | 14 ++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 depends/patches/libevent/glibc_compatibility.patch diff --git a/depends/packages/libevent.mk b/depends/packages/libevent.mk index dad317193c024..f5d0e29a07e08 100644 --- a/depends/packages/libevent.mk +++ b/depends/packages/libevent.mk @@ -3,6 +3,7 @@ $(package)_version=2.1.12-stable $(package)_download_path=https://github.com/libevent/libevent/releases/download/release-$($(package)_version)/ $(package)_file_name=$(package)-$($(package)_version).tar.gz $(package)_sha256_hash=92e6de1be9ec176428fd2367677e61ceffc2ee1cb119035037a27d346b0403bb +$(package)_patches = glibc_compatibility.patch # When building for Windows, we set _WIN32_WINNT to target the same Windows # version as we do in configure. Due to quirks in libevents build system, this @@ -16,6 +17,10 @@ define $(package)_set_vars $(package)_cppflags_mingw32=-D_WIN32_WINNT=0x0601 endef +define $(package)_preprocess_cmds + patch -p1 -i $($(package)_patch_dir)/glibc_compatibility.patch +endef + define $(package)_config_cmds $($(package)_autoconf) endef diff --git a/depends/patches/libevent/glibc_compatibility.patch b/depends/patches/libevent/glibc_compatibility.patch new file mode 100644 index 0000000000000..e27777a671b52 --- /dev/null +++ b/depends/patches/libevent/glibc_compatibility.patch @@ -0,0 +1,14 @@ +Avoid getrandom@GLIBC_2.25 symbol. + +--- old/config.h.in ++++ new/config.h.in +@@ -101,9 +101,6 @@ + /* Define to 1 if you have the `getprotobynumber' function. */ + #undef HAVE_GETPROTOBYNUMBER + +-/* Define to 1 if you have the `getrandom' function. */ +-#undef HAVE_GETRANDOM +- + /* Define to 1 if you have the `getservbyname' function. */ + #undef HAVE_GETSERVBYNAME + From 6751b13f380100cca5ffad3ee8866adb504b2678 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Mon, 3 May 2021 19:51:45 +0800 Subject: [PATCH 18/26] merge bitcoin#22526: use newer config.guess & config.sub in depends --- contrib/install_db4.sh | 8 ++++---- depends/packages/libevent.mk | 1 + depends/packages/native_cctools.mk | 4 ++++ depends/packages/sqlite.mk | 4 ++++ 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/contrib/install_db4.sh b/contrib/install_db4.sh index 05d0ee816672f..81c615d93deea 100755 --- a/contrib/install_db4.sh +++ b/contrib/install_db4.sh @@ -221,10 +221,10 @@ EOF # The packaged config.guess and config.sub are ancient (2009) and can cause build issues. # Replace them with modern versions. # See https://github.com/bitcoin/bitcoin/issues/16064 -CONFIG_GUESS_URL='https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=55eaf3e779455c4e5cc9f82efb5278be8f8f900b' -CONFIG_GUESS_HASH='2d1ff7bca773d2ec3c6217118129220fa72d8adda67c7d2bf79994b3129232c1' -CONFIG_SUB_URL='https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=55eaf3e779455c4e5cc9f82efb5278be8f8f900b' -CONFIG_SUB_HASH='3a4befde9bcdf0fdb2763fc1bfa74e8696df94e1ad7aac8042d133c8ff1d2e32' +CONFIG_GUESS_URL='https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=4550d2f15b3a7ce2451c1f29500b9339430c877f' +CONFIG_GUESS_HASH='c8f530e01840719871748a8071113435bdfdf75b74c57e78e47898edea8754ae' +CONFIG_SUB_URL='https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=4550d2f15b3a7ce2451c1f29500b9339430c877f' +CONFIG_SUB_HASH='3969f7d5f6967ccc6f792401b8ef3916a1d1b1d0f0de5a4e354c95addb8b800e' rm -f "dist/config.guess" rm -f "dist/config.sub" diff --git a/depends/packages/libevent.mk b/depends/packages/libevent.mk index f5d0e29a07e08..31d749d9eb851 100644 --- a/depends/packages/libevent.mk +++ b/depends/packages/libevent.mk @@ -18,6 +18,7 @@ define $(package)_set_vars endef define $(package)_preprocess_cmds + cp -f $(BASEDIR)/config.guess $(BASEDIR)/config.sub build-aux && \ patch -p1 -i $($(package)_patch_dir)/glibc_compatibility.patch endef diff --git a/depends/packages/native_cctools.mk b/depends/packages/native_cctools.mk index 885207fce9af5..d169eb6723184 100644 --- a/depends/packages/native_cctools.mk +++ b/depends/packages/native_cctools.mk @@ -16,6 +16,10 @@ define $(package)_set_vars $(package)_cxx=$(clangxx_prog) endef +define $(package)_preprocess_cmds + cp -f $(BASEDIR)/config.guess $(BASEDIR)/config.sub cctools +endef + define $(package)_config_cmds $($(package)_autoconf) endef diff --git a/depends/packages/sqlite.mk b/depends/packages/sqlite.mk index 8f51757c26b24..cbdb5ceb52dae 100644 --- a/depends/packages/sqlite.mk +++ b/depends/packages/sqlite.mk @@ -10,6 +10,10 @@ $(package)_config_opts_linux=--with-pic $(package)_cppflags_linux = -DSQLITE_DISABLE_LFS endef +define $(package)_preprocess_cmds + cp -f $(BASEDIR)/config.guess $(BASEDIR)/config.sub . +endef + define $(package)_config_cmds $($(package)_autoconf) endef From ba2f56d6ecc201abe606341c3da6b1e591ec263a Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Thu, 28 Jul 2022 14:24:30 +0100 Subject: [PATCH 19/26] merge bitcoin#25633: don't restrict --enable-lto to non-guix cctools --- depends/hosts/darwin.mk | 3 +++ depends/packages/native_cctools.mk | 14 ++++++++++---- depends/packages/native_clang.mk | 3 +++ depends/packages/native_libtapi.mk | 4 +--- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/depends/hosts/darwin.mk b/depends/hosts/darwin.mk index e4b7ca22e260d..d8a153e32ad07 100644 --- a/depends/hosts/darwin.mk +++ b/depends/hosts/darwin.mk @@ -17,6 +17,7 @@ darwin_native_toolchain=native_cctools clang_prog=$(build_prefix)/bin/clang clangxx_prog=$(clang_prog)++ +llvm_config_prog=$(build_prefix)/bin/llvm-config clang_resource_dir=$(build_prefix)/lib/clang/$(native_clang_version) else @@ -34,8 +35,10 @@ darwin_native_toolchain= # Source: https://lists.gnu.org/archive/html/bug-make/2017-11/msg00017.html clang_prog=$(shell $(SHELL) $(.SHELLFLAGS) "command -v clang") clangxx_prog=$(shell $(SHELL) $(.SHELLFLAGS) "command -v clang++") +llvm_config_prog=$(shell $(SHELL) $(.SHELLFLAGS) "command -v llvm-config") clang_resource_dir=$(shell clang -print-resource-dir) +llvm_lib_dir=$(shell $(llvm_config_prog) --libdir) endif cctools_TOOLS=AR RANLIB STRIP NM LIBTOOL OTOOL INSTALL_NAME_TOOL diff --git a/depends/packages/native_cctools.mk b/depends/packages/native_cctools.mk index d169eb6723184..03e9002ecd759 100644 --- a/depends/packages/native_cctools.mk +++ b/depends/packages/native_cctools.mk @@ -7,18 +7,24 @@ $(package)_build_subdir=cctools $(package)_dependencies=native_libtapi define $(package)_set_vars - $(package)_config_opts=--target=$(host) + $(package)_config_opts=--target=$(host) --enable-lto-support + $(package)_config_opts+=--with-llvm-config=$(llvm_config_prog) $(package)_ldflags+=-Wl,-rpath=\\$$$$$$$$\$$$$$$$$ORIGIN/../lib - ifeq ($(strip $(FORCE_USE_SYSTEM_CLANG)),) - $(package)_config_opts+=--enable-lto-support --with-llvm-config=$(build_prefix)/bin/llvm-config - endif $(package)_cc=$(clang_prog) $(package)_cxx=$(clangxx_prog) endef +ifneq ($(strip $(FORCE_USE_SYSTEM_CLANG)),) define $(package)_preprocess_cmds + mkdir -p $($(package)_staging_prefix_dir)/lib && \ + cp $(llvm_lib_dir)/libLTO.so $($(package)_staging_prefix_dir)/lib/ && \ cp -f $(BASEDIR)/config.guess $(BASEDIR)/config.sub cctools endef +else +define $(package)_preprocess_cmds + cp -f $(BASEDIR)/config.guess $(BASEDIR)/config.sub cctools +endef +endif define $(package)_config_cmds $($(package)_autoconf) diff --git a/depends/packages/native_clang.mk b/depends/packages/native_clang.mk index 245269a9d342a..f2712294ab20e 100644 --- a/depends/packages/native_clang.mk +++ b/depends/packages/native_clang.mk @@ -16,10 +16,13 @@ endef define $(package)_stage_cmds mkdir -p $($(package)_staging_prefix_dir)/lib/clang/$($(package)_version)/include && \ mkdir -p $($(package)_staging_prefix_dir)/bin && \ + mkdir -p $($(package)_staging_prefix_dir)/include/llvm-c && \ cp bin/clang $($(package)_staging_prefix_dir)/bin/ && \ cp -P bin/clang++ $($(package)_staging_prefix_dir)/bin/ && \ cp bin/dsymutil $($(package)_staging_prefix_dir)/bin/$(host)-dsymutil && \ cp bin/llvm-config $($(package)_staging_prefix_dir)/bin/ && \ + cp include/llvm-c/ExternC.h $($(package)_staging_prefix_dir)/include/llvm-c && \ + cp include/llvm-c/lto.h $($(package)_staging_prefix_dir)/include/llvm-c && \ cp lib/libLTO.so $($(package)_staging_prefix_dir)/lib/ && \ cp -r lib/clang/$($(package)_version)/include/* $($(package)_staging_prefix_dir)/lib/clang/$($(package)_version)/include/ endef diff --git a/depends/packages/native_libtapi.mk b/depends/packages/native_libtapi.mk index 1633213a42337..052bb2368933a 100644 --- a/depends/packages/native_libtapi.mk +++ b/depends/packages/native_libtapi.mk @@ -13,7 +13,5 @@ define $(package)_build_cmds endef define $(package)_stage_cmds - ./install.sh && \ - mkdir -p $($(package)_staging_prefix_dir)/include/llvm-c && \ - cp src/llvm/include/llvm-c/lto.h $($(package)_staging_prefix_dir)/include/llvm-c + ./install.sh endef From 1a49f48fd658b1e1ef20b48355f6dbf1d41a9200 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Thu, 17 Mar 2022 08:55:07 +0100 Subject: [PATCH 20/26] merge bitcoin#24597: Include arm64-apple-darwin into codesigned archs --- contrib/guix/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/guix/README.md b/contrib/guix/README.md index 41a66e9738538..89be0eb3f7710 100644 --- a/contrib/guix/README.md +++ b/contrib/guix/README.md @@ -75,7 +75,7 @@ crucial differences: 1. Since only Windows and macOS build outputs require codesigning, the `HOSTS` environment variable will have a sane default value of `x86_64-w64-mingw32 - x86_64-apple-darwin` instead of all the platforms. + x86_64-apple-darwin arm64-apple-darwin` instead of all the platforms. 2. The `guix-codesign` command ***requires*** a `DETACHED_SIGS_REPO` flag. * _**DETACHED_SIGS_REPO**_ From f3dd5d72715cd17e1481d776b17832f60aac4650 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Sun, 24 Apr 2022 11:51:38 +0200 Subject: [PATCH 21/26] merge bitcoin#24955: Improve error message about missed macOS SDK --- contrib/guix/guix-build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/guix/guix-build b/contrib/guix/guix-build index c59ccf90b28f6..b1e3ee44813f4 100755 --- a/contrib/guix/guix-build +++ b/contrib/guix/guix-build @@ -132,7 +132,7 @@ for host in $HOSTS; do echo "Found macOS SDK at '${OSX_SDK}', using..." break else - echo "macOS SDK does not exist at '${OSX_SDK}', please place the extracted, untarred SDK there to perform darwin builds, exiting..." + echo "macOS SDK does not exist at '${OSX_SDK}', please place the extracted, untarred SDK there to perform darwin builds, or define SDK_PATH environment variable. Exiting..." exit 1 fi ;; From 8dc99a4967598aaca625cafe8b5163e4d047cb67 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Mon, 9 May 2022 21:23:53 +0100 Subject: [PATCH 22/26] merge bitcoin#25099: bump time-machine to 998eda3067c7d21e0d9bb3310d2f5a14b8f1c681 --- contrib/guix/libexec/prelude.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/guix/libexec/prelude.bash b/contrib/guix/libexec/prelude.bash index 9b993a10a74eb..f9b541b510b8e 100644 --- a/contrib/guix/libexec/prelude.bash +++ b/contrib/guix/libexec/prelude.bash @@ -51,7 +51,7 @@ fi time-machine() { # shellcheck disable=SC2086 guix time-machine --url=https://git.savannah.gnu.org/git/guix.git \ - --commit=34e9eae68c9583acce5abc4100add3d88932a5ae \ + --commit=998eda3067c7d21e0d9bb3310d2f5a14b8f1c681 \ --cores="$JOBS" \ --keep-failed \ --fallback \ From be2eb53c5764fc13f4ea5a7f0c64e19bfe322d8c Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Mon, 19 Jun 2023 13:37:41 +0000 Subject: [PATCH 23/26] merge bitcoin#24552: make it possible to override gpg binary --- contrib/guix/guix-attest | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/contrib/guix/guix-attest b/contrib/guix/guix-attest index c8ea5f7485160..84fb2840eaf9c 100755 --- a/contrib/guix/guix-attest +++ b/contrib/guix/guix-attest @@ -19,8 +19,16 @@ source "$(dirname "${BASH_SOURCE[0]}")/libexec/prelude.bash" ################ check_tools cat env basename mkdir diff sort + if [ -z "$NO_SIGN" ]; then - check_tools gpg + # make it possible to override the gpg binary + GPG=${GPG:-gpg} + + # $GPG can contain extra arguments passed to the binary + # so let's check only the existence of arg[0] + # shellcheck disable=SC2206 + GPG_ARRAY=($GPG) + check_tools "${GPG_ARRAY[0]}" fi ################ @@ -90,7 +98,7 @@ if [ -z "${signer_name}" ]; then signer_name="$gpg_key_name" fi -if [ -z "$NO_SIGN" ] && ! gpg --dry-run --list-secret-keys "${gpg_key_name}" >/dev/null 2>&1; then +if [ -z "$NO_SIGN" ] && ! ${GPG} --dry-run --list-secret-keys "${gpg_key_name}" >/dev/null 2>&1; then echo "ERR: GPG can't seem to find any key named '${gpg_key_name}'" exit 1 fi @@ -240,11 +248,11 @@ mkdir -p "$outsigdir" echo "Signing SHA256SUMS to produce SHA256SUMS.asc" for i in *.SHA256SUMS; do if [ ! -e "$i".asc ]; then - gpg --detach-sign \ - --digest-algo sha256 \ - --local-user "$gpg_key_name" \ - --armor \ - --output "$i".asc "$i" + ${GPG} --detach-sign \ + --digest-algo sha256 \ + --local-user "$gpg_key_name" \ + --armor \ + --output "$i".asc "$i" else echo "Signature already there" fi From 66e154180855546ea8568d7afeafcd4ef441bd1c Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Mon, 3 May 2021 14:45:08 +0800 Subject: [PATCH 24/26] merge bitcoin#21851: support cross-compiling for arm64-apple-darwin --- .gitlab-ci.yml | 4 +-- ci/test/00_setup_env_mac.sh | 4 +-- contrib/containers/guix/scripts/guix-start | 4 +-- contrib/devtools/security-check.py | 8 ++--- contrib/devtools/symbol-check.py | 2 +- contrib/devtools/test-security-check.py | 41 ++++++++++++++-------- contrib/gitian-build.py | 6 ++-- contrib/gitian-descriptors/gitian-osx.yml | 4 +-- contrib/guix/Dockerfile | 2 +- contrib/guix/README.md | 4 +-- contrib/guix/guix-build | 2 +- contrib/guix/guix-codesign | 2 +- contrib/guix/manifest.scm | 2 +- contrib/macdeploy/README.md | 22 ++++++------ depends/README.md | 1 + depends/hosts/darwin.mk | 6 ++-- 16 files changed, 64 insertions(+), 50 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d52ed8f1bf65d..489b9606e176d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -42,8 +42,8 @@ builder-image: image: $CI_REGISTRY_IMAGE:builder-$CI_COMMIT_REF_SLUG variables: SDK_URL: https://bitcoincore.org/depends-sources/sdks - XCODE_VERSION: "12.1" - XCODE_BUILD_ID: 12A7403 + XCODE_VERSION: "12.2" + XCODE_BUILD_ID: 12B45b MAKEJOBS: -j4 before_script: - echo HOST=$HOST diff --git a/ci/test/00_setup_env_mac.sh b/ci/test/00_setup_env_mac.sh index 663c9a403a474..317ad67c011fa 100755 --- a/ci/test/00_setup_env_mac.sh +++ b/ci/test/00_setup_env_mac.sh @@ -9,8 +9,8 @@ export LC_ALL=C.UTF-8 export CONTAINER_NAME=ci_macos_cross export HOST=x86_64-apple-darwin export PACKAGES="cmake libcap-dev libz-dev libbz2-dev python3-dev python3-setuptools" -export XCODE_VERSION=12.1 -export XCODE_BUILD_ID=12A7403 +export XCODE_VERSION=12.2 +export XCODE_BUILD_ID=12B45b export RUN_UNIT_TESTS=false export RUN_INTEGRATION_TESTS=false export GOAL="all deploy" diff --git a/contrib/containers/guix/scripts/guix-start b/contrib/containers/guix/scripts/guix-start index 7d0f27d8115ea..a32c4f71e1381 100755 --- a/contrib/containers/guix/scripts/guix-start +++ b/contrib/containers/guix/scripts/guix-start @@ -13,8 +13,8 @@ if [[ ! -d "$WORKSPACE_PATH" ]]; then exit 1 fi -XCODE_VERSION="12.1" -XCODE_RELEASE="12A7403" +XCODE_VERSION="12.2" +XCODE_RELEASE="12B45b" XCODE_ARCHIVE="Xcode-${XCODE_VERSION}-${XCODE_RELEASE}-extracted-SDK-with-libcxx-headers" # Check if macOS SDK is present, if not, download it diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index 563029ca7c2a3..e0ea46c3bc080 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -206,12 +206,9 @@ def check_MACHO_control_flow(binary) -> bool: ] BASE_MACHO = [ - ('PIE', check_PIE), ('NOUNDEFS', check_MACHO_NOUNDEFS), - ('NX', check_NX), ('LAZY_BINDINGS', check_MACHO_LAZY_BINDINGS), ('Canary', check_MACHO_Canary), - ('CONTROL_FLOW', check_MACHO_control_flow), ] CHECKS = { @@ -226,7 +223,10 @@ def check_MACHO_control_flow(binary) -> bool: lief.ARCHITECTURES.X86: BASE_PE, }, lief.EXE_FORMATS.MACHO: { - lief.ARCHITECTURES.X86: BASE_MACHO, + lief.ARCHITECTURES.X86: BASE_MACHO + [('PIE', check_PIE), + ('NX', check_NX), + ('CONTROL_FLOW', check_MACHO_control_flow)], + lief.ARCHITECTURES.ARM64: BASE_MACHO, } } diff --git a/contrib/devtools/symbol-check.py b/contrib/devtools/symbol-check.py index d1a7cfffb538c..5fd78ced13948 100755 --- a/contrib/devtools/symbol-check.py +++ b/contrib/devtools/symbol-check.py @@ -217,7 +217,7 @@ def check_MACHO_min_os(binary) -> bool: return False def check_MACHO_sdk(binary) -> bool: - if binary.build_version.sdk == [10, 15, 6]: + if binary.build_version.sdk == [11, 0, 0]: return True return False diff --git a/contrib/devtools/test-security-check.py b/contrib/devtools/test-security-check.py index eec8c7bfd67d7..46839a0c496f4 100755 --- a/contrib/devtools/test-security-check.py +++ b/contrib/devtools/test-security-check.py @@ -116,21 +116,34 @@ def test_MACHO(self): executable = 'test1' cc = determine_wellknown_cmd('CC', 'clang') write_testcode(source) + arch = get_arch(cc, source, executable) + + if arch == lief.ARCHITECTURES.X86: + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fno-stack-protector']), + (1, executable+': failed NOUNDEFS LAZY_BINDINGS Canary PIE NX CONTROL_FLOW')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fstack-protector-all']), + (1, executable+': failed NOUNDEFS LAZY_BINDINGS PIE NX CONTROL_FLOW')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-fstack-protector-all']), + (1, executable+': failed NOUNDEFS LAZY_BINDINGS PIE CONTROL_FLOW')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-fstack-protector-all']), + (1, executable+': failed LAZY_BINDINGS PIE CONTROL_FLOW')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all']), + (1, executable+': failed PIE CONTROL_FLOW')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all', '-fcf-protection=full']), + (1, executable+': failed PIE')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-pie','-Wl,-bind_at_load','-fstack-protector-all', '-fcf-protection=full']), + (0, '')) + else: + # arm64 darwin doesn't support non-PIE binaries, control flow or executable stacks + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector']), + (1, executable+': failed NOUNDEFS LAZY_BINDINGS Canary')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all']), + (1, executable+': failed NOUNDEFS LAZY_BINDINGS')) + self.assertEqual(call_security_check(cc, source, executable, ['-fstack-protector-all']), + (1, executable+': failed LAZY_BINDINGS')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-bind_at_load','-fstack-protector-all']), + (0, '')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fno-stack-protector']), - (1, executable+': failed PIE NOUNDEFS NX LAZY_BINDINGS Canary CONTROL_FLOW')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fstack-protector-all']), - (1, executable+': failed PIE NOUNDEFS NX LAZY_BINDINGS CONTROL_FLOW')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-fstack-protector-all']), - (1, executable+': failed PIE NOUNDEFS LAZY_BINDINGS CONTROL_FLOW')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-fstack-protector-all']), - (1, executable+': failed PIE LAZY_BINDINGS CONTROL_FLOW')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all']), - (1, executable+': failed PIE CONTROL_FLOW')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all', '-fcf-protection=full']), - (1, executable+': failed PIE')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-pie','-Wl,-bind_at_load','-fstack-protector-all', '-fcf-protection=full']), - (0, '')) clean_files(source, executable) diff --git a/contrib/gitian-build.py b/contrib/gitian-build.py index 7475730510b4f..348c99039863a 100755 --- a/contrib/gitian-build.py +++ b/contrib/gitian-build.py @@ -74,8 +74,8 @@ def build(): if args.macos: print('\nCompiling ' + args.version + ' MacOS') - subprocess.check_call(['wget', '-N', '-P', 'inputs', 'https://bitcoincore.org/depends-sources/sdks/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz']) - subprocess.check_output(["echo 'be17f48fd0b08fb4dcd229f55a6ae48d9f781d210839b4ea313ef17dd12d6ea5 inputs/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz' | sha256sum -c"], shell=True) + subprocess.check_call(['wget', '-N', '-P', 'inputs', 'https://bitcoincore.org/depends-sources/sdks/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz']) + subprocess.check_output(["echo 'df75d30ecafc429e905134333aeae56ac65fac67cb4182622398fd717df77619 inputs/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz' | sha256sum -c"], shell=True) subprocess.check_call(['bin/gbuild', '--fetch-tags', '-j', args.jobs, '-m', args.memory, '--commit', 'dash='+args.commit, '--url', 'dash='+args.url, '../dash/contrib/gitian-descriptors/gitian-osx.yml']) subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version+'-osx-unsigned', '--destination', '../gitian.sigs/', '../dash/contrib/gitian-descriptors/gitian-osx.yml']) subprocess.check_call('mv build/out/dashcore-*-osx-unsigned.tar.gz inputs/', shell=True) @@ -218,7 +218,7 @@ def main(): args.macos = 'm' in args.os # Disable for MacOS if no SDK found - if args.macos and not os.path.isfile('gitian-builder/inputs/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz'): + if args.macos and not os.path.isfile('gitian-builder/inputs/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz'): print('Cannot build for MacOS, SDK does not exist. Will build for other OSes') args.macos = False diff --git a/contrib/gitian-descriptors/gitian-osx.yml b/contrib/gitian-descriptors/gitian-osx.yml index 94795287aef40..96adb2dbc5d82 100644 --- a/contrib/gitian-descriptors/gitian-osx.yml +++ b/contrib/gitian-descriptors/gitian-osx.yml @@ -33,7 +33,7 @@ remotes: - "url": "https://github.com/dashpay/dash.git" "dir": "dash" files: -- "Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz" +- "Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz" script: | set -e -o pipefail @@ -108,7 +108,7 @@ script: | BASEPREFIX="${PWD}/depends" mkdir -p ${BASEPREFIX}/SDKs - tar -C ${BASEPREFIX}/SDKs -xf ${BUILD_DIR}/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz + tar -C ${BASEPREFIX}/SDKs -xf ${BUILD_DIR}/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz # Build dependencies for each host for i in $HOSTS; do diff --git a/contrib/guix/Dockerfile b/contrib/guix/Dockerfile index d921cd554c9e1..7705ffa7a4e95 100644 --- a/contrib/guix/Dockerfile +++ b/contrib/guix/Dockerfile @@ -59,5 +59,5 @@ RUN mkdir base_cache sources SDKs WORKDIR /dash RUN mkdir -p depends/SDKs && \ - curl -L https://bitcoincore.org/depends-sources/sdks/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz | tar -xz -C depends/SDKs + curl -L https://bitcoincore.org/depends-sources/sdks/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz | tar -xz -C depends/SDKs diff --git a/contrib/guix/README.md b/contrib/guix/README.md index 89be0eb3f7710..93ed69d7dc54e 100644 --- a/contrib/guix/README.md +++ b/contrib/guix/README.md @@ -224,7 +224,7 @@ details. _(defaults to "x86\_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu powerpc64-linux-gnu powerpc64le-linux-gnu - x86\_64-w64-mingw32 x86\_64-apple-darwin")_ + x86\_64-w64-mingw32 x86\_64-apple-darwin arm64-apple-darwin")_ * _**SOURCES_PATH**_ @@ -249,7 +249,7 @@ details. Set the path where _extracted_ SDKs can be found. This is passed through to the depends tree. Note that this is should be set to the _parent_ directory of the actual SDK (e.g. `SDK_PATH=$HOME/Downloads/macOS-SDKs` instead of - `$HOME/Downloads/macOS-SDKs/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers`). + `$HOME/Downloads/macOS-SDKs/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers`). The path that this environment variable points to **must be a directory**, and **NOT a symlink to a directory**. diff --git a/contrib/guix/guix-build b/contrib/guix/guix-build index b1e3ee44813f4..a5131d72f7e2a 100755 --- a/contrib/guix/guix-build +++ b/contrib/guix/guix-build @@ -76,7 +76,7 @@ mkdir -p "$VERSION_BASE" # Default to building for all supported HOSTs (overridable by environment) export HOSTS="${HOSTS:-x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu riscv64-linux-gnu x86_64-w64-mingw32 - x86_64-apple-darwin}" + x86_64-apple-darwin arm64-apple-darwin}" # Usage: distsrc_for_host HOST # diff --git a/contrib/guix/guix-codesign b/contrib/guix/guix-codesign index 8fe5d223bcdc4..45da43abf1c12 100755 --- a/contrib/guix/guix-codesign +++ b/contrib/guix/guix-codesign @@ -91,7 +91,7 @@ fi ################ # Default to building for all supported HOSTs (overridable by environment) -export HOSTS="${HOSTS:-x86_64-w64-mingw32 x86_64-apple-darwin}" +export HOSTS="${HOSTS:-x86_64-w64-mingw32 x86_64-apple-darwin arm64-apple-darwin}" # Usage: distsrc_for_host HOST # diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index de2f9b16012da..54329023c5557 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -605,7 +605,7 @@ parse, modify and abstract ELF, PE and MachO formats.") ;; Build tools gnu-make libtool - autoconf + autoconf-2.71 automake pkg-config bison diff --git a/contrib/macdeploy/README.md b/contrib/macdeploy/README.md index 802a8f9467386..3c38ad62b592b 100644 --- a/contrib/macdeploy/README.md +++ b/contrib/macdeploy/README.md @@ -13,13 +13,13 @@ When complete, it will have produced `Dash-Qt.dmg`. ### Step 1: Obtaining `Xcode.app` Our current macOS SDK -(`Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz`) can be +(`Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz`) can be extracted from -[Xcode_12.1.xip](https://download.developer.apple.com/Developer_Tools/Xcode_12.1/Xcode_12.1.xip). +[Xcode_12.2.xip](https://download.developer.apple.com/Developer_Tools/Xcode_12.2/Xcode_12.2.xip). Alternatively, after logging in to your account go to 'Downloads', then 'More' -and look for [`Xcode_12.1`](https://download.developer.apple.com/Developer_Tools/Xcode_12.1/Xcode_12.1.xip). +and look for [`Xcode_12.2`](https://download.developer.apple.com/Developer_Tools/Xcode_12.2/Xcode_12.2.xip). An Apple ID and cookies enabled for the hostname are needed to download this. -The `sha256sum` of the archive should be `612443b1894b39368a596ea1607f30cbb0481ad44d5e29c75edb71a6d2cf050f`. +The `sha256sum` of the archive should be `28d352f8c14a43d9b8a082ac6338dc173cb153f964c6e8fb6ba389e5be528bd0`. After Xcode version 7.x, Apple started shipping the `Xcode.app` in a `.xip` archive. This makes the SDK less-trivial to extract on non-macOS machines. One @@ -30,25 +30,25 @@ approach (tested on Debian Buster) is outlined below: apt install cpio git clone https://github.com/bitcoin-core/apple-sdk-tools.git -# Unpack Xcode_12.1.xip and place the resulting Xcode.app in your current +# Unpack Xcode_12.2.xip and place the resulting Xcode.app in your current # working directory -python3 apple-sdk-tools/extract_xcode.py -f Xcode_12.1.xip | cpio -d -i +python3 apple-sdk-tools/extract_xcode.py -f Xcode_12.2.xip | cpio -d -i ``` On macOS the process is more straightforward: ```bash -xip -x Xcode_12.1.xip +xip -x Xcode_12.2.xip ``` -### Step 2: Generating `Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz` from `Xcode.app` +### Step 2: Generating `Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz` from `Xcode.app` -To generate `Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz`, run +To generate `Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz`, run the script [`gen-sdk`](./gen-sdk) with the path to `Xcode.app` (extracted in the previous stage) as the first argument. ```bash -# Generate a Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz from +# Generate a Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz from # the supplied Xcode.app ./contrib/macdeploy/gen-sdk '/path/to/Xcode.app' ``` @@ -79,7 +79,7 @@ and its `libLTO.so` rather than those from `llvmgcc`, as it was originally done To complicate things further, all builds must target an Apple SDK. These SDKs are free to download, but not redistributable. To obtain it, register for an Apple Developer Account, -then download [Xcode_12.1](https://download.developer.apple.com/Developer_Tools/Xcode_12.1/Xcode_12.1.xip). +then download [Xcode_12.2](https://download.developer.apple.com/Developer_Tools/Xcode_12.2/Xcode_12.2.xip). This file is many gigabytes in size, but most (but not all) of what we need is contained only in a single directory: diff --git a/depends/README.md b/depends/README.md index 37def98cb7595..6e7227c68051d 100644 --- a/depends/README.md +++ b/depends/README.md @@ -26,6 +26,7 @@ Common `host-platform-triplets` for cross compilation are: - `x86_64-pc-linux-gnu` for x86 Linux - `x86_64-w64-mingw32` for Win64 - `x86_64-apple-darwin` for macOS +- `arm64-apple-darwin` for ARM macOS - `arm-linux-gnueabihf` for Linux ARM 32 bit - `aarch64-linux-gnu` for Linux ARM 64 bit - `powerpc64-linux-gnu` for Linux POWER 64-bit (big endian) diff --git a/depends/hosts/darwin.mk b/depends/hosts/darwin.mk index d8a153e32ad07..1f09b15f1a185 100644 --- a/depends/hosts/darwin.mk +++ b/depends/hosts/darwin.mk @@ -1,7 +1,7 @@ OSX_MIN_VERSION=10.15 -OSX_SDK_VERSION=10.15.6 -XCODE_VERSION=12.1 -XCODE_BUILD_ID=12A7403 +OSX_SDK_VERSION=11.0 +XCODE_VERSION=12.2 +XCODE_BUILD_ID=12B45b LD64_VERSION=609 OSX_SDK=$(SDK_PATH)/Xcode-$(XCODE_VERSION)-$(XCODE_BUILD_ID)-extracted-SDK-with-libcxx-headers From 6243a7126746b120ed12f2715e78c480139dee52 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Thu, 16 Jun 2022 11:14:04 +0100 Subject: [PATCH 25/26] merge bitcoin#25389: use libtool 2.4.7 --- configure.ac | 1 + contrib/guix/manifest.scm | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 7dc3ba1e90f6f..6ecfb62e6b2ff 100644 --- a/configure.ac +++ b/configure.ac @@ -20,6 +20,7 @@ BITCOIN_TX_NAME=dash-tx BITCOIN_WALLET_TOOL_NAME=dash-wallet dnl Unless the user specified ARFLAGS, force it to be cr +dnl This is also the default as-of libtool 2.4.7 AC_ARG_VAR(ARFLAGS, [Flags for the archiver, defaults to if not set]) if test "x${ARFLAGS+set}" != "xset"; then ARFLAGS="cr" diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index 54329023c5557..1ba96be2e48b1 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -604,7 +604,7 @@ parse, modify and abstract ELF, PE and MachO formats.") (list zlib "static") ;; Build tools gnu-make - libtool + libtool-2.4.7 autoconf-2.71 automake pkg-config From 0a7b8bda4f0c49dc327e0ea2902e10846f963520 Mon Sep 17 00:00:00 2001 From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com> Date: Wed, 21 Jun 2023 05:22:37 +0000 Subject: [PATCH 26/26] merge bitcoin#25357: drop -z,noexecstack for PPC64 --- contrib/containers/ci/Dockerfile | 2 +- contrib/gitian-descriptors/gitian-linux.yml | 2 +- contrib/gitian-descriptors/gitian-osx.yml | 2 +- contrib/gitian-descriptors/gitian-win.yml | 2 +- contrib/guix/libexec/build.sh | 4 --- contrib/guix/manifest.scm | 10 +++++-- .../patches/lief-fix-ppc64-nx-default.patch | 29 +++++++++++++++++++ 7 files changed, 40 insertions(+), 11 deletions(-) create mode 100644 contrib/guix/patches/lief-fix-ppc64-nx-default.patch diff --git a/contrib/containers/ci/Dockerfile b/contrib/containers/ci/Dockerfile index 313b75c5e1ebb..b1b15e86b1ee5 100644 --- a/contrib/containers/ci/Dockerfile +++ b/contrib/containers/ci/Dockerfile @@ -37,7 +37,7 @@ RUN pip3 install \ codespell==1.17.1 \ flake8==3.8.3 \ jinja2 \ - lief==0.12.0 \ + lief==0.12.1 \ pyzmq \ vulture==2.3 \ yq \ diff --git a/contrib/gitian-descriptors/gitian-linux.yml b/contrib/gitian-descriptors/gitian-linux.yml index 4172c8265bcf1..4f0b3253aee35 100755 --- a/contrib/gitian-descriptors/gitian-linux.yml +++ b/contrib/gitian-descriptors/gitian-linux.yml @@ -110,7 +110,7 @@ script: | done } - pip3 install lief==0.12.0 + pip3 install lief==0.12.1 # Faketime for depends so intermediate results are comparable export PATH_orig=${PATH} diff --git a/contrib/gitian-descriptors/gitian-osx.yml b/contrib/gitian-descriptors/gitian-osx.yml index 96adb2dbc5d82..b6cda7ac8952e 100644 --- a/contrib/gitian-descriptors/gitian-osx.yml +++ b/contrib/gitian-descriptors/gitian-osx.yml @@ -96,7 +96,7 @@ script: | done } - pip3 install lief==0.12.0 + pip3 install lief==0.12.1 # Faketime for depends so intermediate results are comparable export PATH_orig=${PATH} diff --git a/contrib/gitian-descriptors/gitian-win.yml b/contrib/gitian-descriptors/gitian-win.yml index ab41e5cdef1d2..e3154a246ee39 100755 --- a/contrib/gitian-descriptors/gitian-win.yml +++ b/contrib/gitian-descriptors/gitian-win.yml @@ -115,7 +115,7 @@ script: | done } - pip3 install lief==0.12.0 + pip3 install lief==0.12.1 # Faketime for depends so intermediate results are comparable export PATH_orig=${PATH} diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh index 0252f7b69f20e..8c3c52ea10b05 100644 --- a/contrib/guix/libexec/build.sh +++ b/contrib/guix/libexec/build.sh @@ -263,10 +263,6 @@ case "$HOST" in *powerpc64*) HOST_LDFLAGS="${HOST_LDFLAGS} -Wl,--no-tls-get-addr-optimize" ;; esac -case "$HOST" in - powerpc64-linux-*) HOST_LDFLAGS="${HOST_LDFLAGS} -Wl,-z,noexecstack" ;; -esac - # Make $HOST-specific native binaries from depends available in $PATH export PATH="${BASEPREFIX}/${HOST}/native/bin:${PATH}" mkdir -p "$DISTSRC" diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index 1ba96be2e48b1..735b3f33ff95a 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -548,10 +548,14 @@ inspecting signatures in Mach-O binaries.") "glibc-2.27-dont-redefine-nss-database.patch" "glibc-2.27-guix-prefix.patch")))))) +(define (fix-ppc64-nx-default lief) + (package-with-extra-patches lief + (search-our-patches "lief-fix-ppc64-nx-default.patch"))) + (define-public lief (package (name "python-lief") - (version "0.12.0") + (version "0.12.1") (source (origin (method git-fetch) @@ -561,7 +565,7 @@ inspecting signatures in Mach-O binaries.") (file-name (git-file-name name version)) (sha256 (base32 - "026jchj56q25v6gc0754dj9cj5hz5zaza8ij93y5ga94w20kzm9q")))) + "1xzbh3bxy4rw1yamnx68da1v5s56ay4g081cyamv67256g0qy2i1")))) (build-system python-build-system) (arguments `(#:phases @@ -618,7 +622,7 @@ parse, modify and abstract ELF, PE and MachO formats.") ;; Git git ;; Tests - lief) + (fix-ppc64-nx-default lief)) (let ((target (getenv "HOST"))) (cond ((string-suffix? "-mingw32" target) ;; Windows diff --git a/contrib/guix/patches/lief-fix-ppc64-nx-default.patch b/contrib/guix/patches/lief-fix-ppc64-nx-default.patch new file mode 100644 index 0000000000000..101bc1ddc0cfe --- /dev/null +++ b/contrib/guix/patches/lief-fix-ppc64-nx-default.patch @@ -0,0 +1,29 @@ +Correct default for Binary::has_nx on ppc64 + +From the Linux kernel source: + + * This is the default if a program doesn't have a PT_GNU_STACK + * program header entry. The PPC64 ELF ABI has a non executable stack + * stack by default, so in the absence of a PT_GNU_STACK program header + * we turn execute permission off. + +This patch can be dropped the next time we update LIEF. + +diff --git a/src/ELF/Binary.cpp b/src/ELF/Binary.cpp +index a90be1ab..fd2d9764 100644 +--- a/src/ELF/Binary.cpp ++++ b/src/ELF/Binary.cpp +@@ -1084,7 +1084,12 @@ bool Binary::has_nx() const { + return segment->type() == SEGMENT_TYPES::PT_GNU_STACK; + }); + if (it_stack == std::end(segments_)) { +- return false; ++ if (header().machine_type() == ARCH::EM_PPC64) { ++ // The PPC64 ELF ABI has a non-executable stack by default. ++ return true; ++ } else { ++ return false; ++ } + } + + return !(*it_stack)->has(ELF_SEGMENT_FLAGS::PF_X);