merge bitcoin#21851: support cross-compiling for arm64-apple-darwin

This commit is contained in:
Kittywhiskers Van Gogh 2021-05-03 14:45:08 +08:00 committed by PastaPastaPasta
parent be2eb53c57
commit 66e1541808
16 changed files with 64 additions and 50 deletions

View File

@ -42,8 +42,8 @@ builder-image:
image: $CI_REGISTRY_IMAGE:builder-$CI_COMMIT_REF_SLUG image: $CI_REGISTRY_IMAGE:builder-$CI_COMMIT_REF_SLUG
variables: variables:
SDK_URL: https://bitcoincore.org/depends-sources/sdks SDK_URL: https://bitcoincore.org/depends-sources/sdks
XCODE_VERSION: "12.1" XCODE_VERSION: "12.2"
XCODE_BUILD_ID: 12A7403 XCODE_BUILD_ID: 12B45b
MAKEJOBS: -j4 MAKEJOBS: -j4
before_script: before_script:
- echo HOST=$HOST - echo HOST=$HOST

View File

@ -9,8 +9,8 @@ export LC_ALL=C.UTF-8
export CONTAINER_NAME=ci_macos_cross export CONTAINER_NAME=ci_macos_cross
export HOST=x86_64-apple-darwin export HOST=x86_64-apple-darwin
export PACKAGES="cmake libcap-dev libz-dev libbz2-dev python3-dev python3-setuptools" export PACKAGES="cmake libcap-dev libz-dev libbz2-dev python3-dev python3-setuptools"
export XCODE_VERSION=12.1 export XCODE_VERSION=12.2
export XCODE_BUILD_ID=12A7403 export XCODE_BUILD_ID=12B45b
export RUN_UNIT_TESTS=false export RUN_UNIT_TESTS=false
export RUN_INTEGRATION_TESTS=false export RUN_INTEGRATION_TESTS=false
export GOAL="all deploy" export GOAL="all deploy"

View File

@ -13,8 +13,8 @@ if [[ ! -d "$WORKSPACE_PATH" ]]; then
exit 1 exit 1
fi fi
XCODE_VERSION="12.1" XCODE_VERSION="12.2"
XCODE_RELEASE="12A7403" XCODE_RELEASE="12B45b"
XCODE_ARCHIVE="Xcode-${XCODE_VERSION}-${XCODE_RELEASE}-extracted-SDK-with-libcxx-headers" XCODE_ARCHIVE="Xcode-${XCODE_VERSION}-${XCODE_RELEASE}-extracted-SDK-with-libcxx-headers"
# Check if macOS SDK is present, if not, download it # Check if macOS SDK is present, if not, download it

View File

@ -206,12 +206,9 @@ BASE_PE = [
] ]
BASE_MACHO = [ BASE_MACHO = [
('PIE', check_PIE),
('NOUNDEFS', check_MACHO_NOUNDEFS), ('NOUNDEFS', check_MACHO_NOUNDEFS),
('NX', check_NX),
('LAZY_BINDINGS', check_MACHO_LAZY_BINDINGS), ('LAZY_BINDINGS', check_MACHO_LAZY_BINDINGS),
('Canary', check_MACHO_Canary), ('Canary', check_MACHO_Canary),
('CONTROL_FLOW', check_MACHO_control_flow),
] ]
CHECKS = { CHECKS = {
@ -226,7 +223,10 @@ CHECKS = {
lief.ARCHITECTURES.X86: BASE_PE, lief.ARCHITECTURES.X86: BASE_PE,
}, },
lief.EXE_FORMATS.MACHO: { lief.EXE_FORMATS.MACHO: {
lief.ARCHITECTURES.X86: BASE_MACHO, lief.ARCHITECTURES.X86: BASE_MACHO + [('PIE', check_PIE),
('NX', check_NX),
('CONTROL_FLOW', check_MACHO_control_flow)],
lief.ARCHITECTURES.ARM64: BASE_MACHO,
} }
} }

View File

@ -217,7 +217,7 @@ def check_MACHO_min_os(binary) -> bool:
return False return False
def check_MACHO_sdk(binary) -> bool: def check_MACHO_sdk(binary) -> bool:
if binary.build_version.sdk == [10, 15, 6]: if binary.build_version.sdk == [11, 0, 0]:
return True return True
return False return False

View File

@ -116,21 +116,34 @@ class TestSecurityChecks(unittest.TestCase):
executable = 'test1' executable = 'test1'
cc = determine_wellknown_cmd('CC', 'clang') cc = determine_wellknown_cmd('CC', 'clang')
write_testcode(source) write_testcode(source)
arch = get_arch(cc, source, executable)
if arch == lief.ARCHITECTURES.X86:
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fno-stack-protector']),
(1, executable+': failed NOUNDEFS LAZY_BINDINGS Canary PIE NX CONTROL_FLOW'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fstack-protector-all']),
(1, executable+': failed NOUNDEFS LAZY_BINDINGS PIE NX CONTROL_FLOW'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-fstack-protector-all']),
(1, executable+': failed NOUNDEFS LAZY_BINDINGS PIE CONTROL_FLOW'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-fstack-protector-all']),
(1, executable+': failed LAZY_BINDINGS PIE CONTROL_FLOW'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all']),
(1, executable+': failed PIE CONTROL_FLOW'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all', '-fcf-protection=full']),
(1, executable+': failed PIE'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-pie','-Wl,-bind_at_load','-fstack-protector-all', '-fcf-protection=full']),
(0, ''))
else:
# arm64 darwin doesn't support non-PIE binaries, control flow or executable stacks
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector']),
(1, executable+': failed NOUNDEFS LAZY_BINDINGS Canary'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all']),
(1, executable+': failed NOUNDEFS LAZY_BINDINGS'))
self.assertEqual(call_security_check(cc, source, executable, ['-fstack-protector-all']),
(1, executable+': failed LAZY_BINDINGS'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-bind_at_load','-fstack-protector-all']),
(0, ''))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fno-stack-protector']),
(1, executable+': failed PIE NOUNDEFS NX LAZY_BINDINGS Canary CONTROL_FLOW'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fstack-protector-all']),
(1, executable+': failed PIE NOUNDEFS NX LAZY_BINDINGS CONTROL_FLOW'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-fstack-protector-all']),
(1, executable+': failed PIE NOUNDEFS LAZY_BINDINGS CONTROL_FLOW'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-fstack-protector-all']),
(1, executable+': failed PIE LAZY_BINDINGS CONTROL_FLOW'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all']),
(1, executable+': failed PIE CONTROL_FLOW'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all', '-fcf-protection=full']),
(1, executable+': failed PIE'))
self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-pie','-Wl,-bind_at_load','-fstack-protector-all', '-fcf-protection=full']),
(0, ''))
clean_files(source, executable) clean_files(source, executable)

View File

@ -74,8 +74,8 @@ def build():
if args.macos: if args.macos:
print('\nCompiling ' + args.version + ' MacOS') print('\nCompiling ' + args.version + ' MacOS')
subprocess.check_call(['wget', '-N', '-P', 'inputs', 'https://bitcoincore.org/depends-sources/sdks/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz']) subprocess.check_call(['wget', '-N', '-P', 'inputs', 'https://bitcoincore.org/depends-sources/sdks/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz'])
subprocess.check_output(["echo 'be17f48fd0b08fb4dcd229f55a6ae48d9f781d210839b4ea313ef17dd12d6ea5 inputs/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz' | sha256sum -c"], shell=True) subprocess.check_output(["echo 'df75d30ecafc429e905134333aeae56ac65fac67cb4182622398fd717df77619 inputs/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz' | sha256sum -c"], shell=True)
subprocess.check_call(['bin/gbuild', '--fetch-tags', '-j', args.jobs, '-m', args.memory, '--commit', 'dash='+args.commit, '--url', 'dash='+args.url, '../dash/contrib/gitian-descriptors/gitian-osx.yml']) subprocess.check_call(['bin/gbuild', '--fetch-tags', '-j', args.jobs, '-m', args.memory, '--commit', 'dash='+args.commit, '--url', 'dash='+args.url, '../dash/contrib/gitian-descriptors/gitian-osx.yml'])
subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version+'-osx-unsigned', '--destination', '../gitian.sigs/', '../dash/contrib/gitian-descriptors/gitian-osx.yml']) subprocess.check_call(['bin/gsign', '-p', args.sign_prog, '--signer', args.signer, '--release', args.version+'-osx-unsigned', '--destination', '../gitian.sigs/', '../dash/contrib/gitian-descriptors/gitian-osx.yml'])
subprocess.check_call('mv build/out/dashcore-*-osx-unsigned.tar.gz inputs/', shell=True) subprocess.check_call('mv build/out/dashcore-*-osx-unsigned.tar.gz inputs/', shell=True)
@ -218,7 +218,7 @@ def main():
args.macos = 'm' in args.os args.macos = 'm' in args.os
# Disable for MacOS if no SDK found # Disable for MacOS if no SDK found
if args.macos and not os.path.isfile('gitian-builder/inputs/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz'): if args.macos and not os.path.isfile('gitian-builder/inputs/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz'):
print('Cannot build for MacOS, SDK does not exist. Will build for other OSes') print('Cannot build for MacOS, SDK does not exist. Will build for other OSes')
args.macos = False args.macos = False

View File

@ -33,7 +33,7 @@ remotes:
- "url": "https://github.com/dashpay/dash.git" - "url": "https://github.com/dashpay/dash.git"
"dir": "dash" "dir": "dash"
files: files:
- "Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz" - "Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz"
script: | script: |
set -e -o pipefail set -e -o pipefail
@ -108,7 +108,7 @@ script: |
BASEPREFIX="${PWD}/depends" BASEPREFIX="${PWD}/depends"
mkdir -p ${BASEPREFIX}/SDKs mkdir -p ${BASEPREFIX}/SDKs
tar -C ${BASEPREFIX}/SDKs -xf ${BUILD_DIR}/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz tar -C ${BASEPREFIX}/SDKs -xf ${BUILD_DIR}/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz
# Build dependencies for each host # Build dependencies for each host
for i in $HOSTS; do for i in $HOSTS; do

View File

@ -59,5 +59,5 @@ RUN mkdir base_cache sources SDKs
WORKDIR /dash WORKDIR /dash
RUN mkdir -p depends/SDKs && \ RUN mkdir -p depends/SDKs && \
curl -L https://bitcoincore.org/depends-sources/sdks/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz | tar -xz -C depends/SDKs curl -L https://bitcoincore.org/depends-sources/sdks/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz | tar -xz -C depends/SDKs

View File

@ -224,7 +224,7 @@ details.
_(defaults to "x86\_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu _(defaults to "x86\_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu
powerpc64-linux-gnu powerpc64le-linux-gnu powerpc64-linux-gnu powerpc64le-linux-gnu
x86\_64-w64-mingw32 x86\_64-apple-darwin")_ x86\_64-w64-mingw32 x86\_64-apple-darwin arm64-apple-darwin")_
* _**SOURCES_PATH**_ * _**SOURCES_PATH**_
@ -249,7 +249,7 @@ details.
Set the path where _extracted_ SDKs can be found. This is passed through to Set the path where _extracted_ SDKs can be found. This is passed through to
the depends tree. Note that this is should be set to the _parent_ directory of the depends tree. Note that this is should be set to the _parent_ directory of
the actual SDK (e.g. `SDK_PATH=$HOME/Downloads/macOS-SDKs` instead of the actual SDK (e.g. `SDK_PATH=$HOME/Downloads/macOS-SDKs` instead of
`$HOME/Downloads/macOS-SDKs/Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers`). `$HOME/Downloads/macOS-SDKs/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers`).
The path that this environment variable points to **must be a directory**, and The path that this environment variable points to **must be a directory**, and
**NOT a symlink to a directory**. **NOT a symlink to a directory**.

View File

@ -76,7 +76,7 @@ mkdir -p "$VERSION_BASE"
# Default to building for all supported HOSTs (overridable by environment) # Default to building for all supported HOSTs (overridable by environment)
export HOSTS="${HOSTS:-x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu riscv64-linux-gnu export HOSTS="${HOSTS:-x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu riscv64-linux-gnu
x86_64-w64-mingw32 x86_64-w64-mingw32
x86_64-apple-darwin}" x86_64-apple-darwin arm64-apple-darwin}"
# Usage: distsrc_for_host HOST # Usage: distsrc_for_host HOST
# #

View File

@ -91,7 +91,7 @@ fi
################ ################
# Default to building for all supported HOSTs (overridable by environment) # Default to building for all supported HOSTs (overridable by environment)
export HOSTS="${HOSTS:-x86_64-w64-mingw32 x86_64-apple-darwin}" export HOSTS="${HOSTS:-x86_64-w64-mingw32 x86_64-apple-darwin arm64-apple-darwin}"
# Usage: distsrc_for_host HOST # Usage: distsrc_for_host HOST
# #

View File

@ -605,7 +605,7 @@ parse, modify and abstract ELF, PE and MachO formats.")
;; Build tools ;; Build tools
gnu-make gnu-make
libtool libtool
autoconf autoconf-2.71
automake automake
pkg-config pkg-config
bison bison

View File

@ -13,13 +13,13 @@ When complete, it will have produced `Dash-Qt.dmg`.
### Step 1: Obtaining `Xcode.app` ### Step 1: Obtaining `Xcode.app`
Our current macOS SDK Our current macOS SDK
(`Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz`) can be (`Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz`) can be
extracted from extracted from
[Xcode_12.1.xip](https://download.developer.apple.com/Developer_Tools/Xcode_12.1/Xcode_12.1.xip). [Xcode_12.2.xip](https://download.developer.apple.com/Developer_Tools/Xcode_12.2/Xcode_12.2.xip).
Alternatively, after logging in to your account go to 'Downloads', then 'More' Alternatively, after logging in to your account go to 'Downloads', then 'More'
and look for [`Xcode_12.1`](https://download.developer.apple.com/Developer_Tools/Xcode_12.1/Xcode_12.1.xip). and look for [`Xcode_12.2`](https://download.developer.apple.com/Developer_Tools/Xcode_12.2/Xcode_12.2.xip).
An Apple ID and cookies enabled for the hostname are needed to download this. An Apple ID and cookies enabled for the hostname are needed to download this.
The `sha256sum` of the archive should be `612443b1894b39368a596ea1607f30cbb0481ad44d5e29c75edb71a6d2cf050f`. The `sha256sum` of the archive should be `28d352f8c14a43d9b8a082ac6338dc173cb153f964c6e8fb6ba389e5be528bd0`.
After Xcode version 7.x, Apple started shipping the `Xcode.app` in a `.xip` After Xcode version 7.x, Apple started shipping the `Xcode.app` in a `.xip`
archive. This makes the SDK less-trivial to extract on non-macOS machines. One archive. This makes the SDK less-trivial to extract on non-macOS machines. One
@ -30,25 +30,25 @@ approach (tested on Debian Buster) is outlined below:
apt install cpio apt install cpio
git clone https://github.com/bitcoin-core/apple-sdk-tools.git git clone https://github.com/bitcoin-core/apple-sdk-tools.git
# Unpack Xcode_12.1.xip and place the resulting Xcode.app in your current # Unpack Xcode_12.2.xip and place the resulting Xcode.app in your current
# working directory # working directory
python3 apple-sdk-tools/extract_xcode.py -f Xcode_12.1.xip | cpio -d -i python3 apple-sdk-tools/extract_xcode.py -f Xcode_12.2.xip | cpio -d -i
``` ```
On macOS the process is more straightforward: On macOS the process is more straightforward:
```bash ```bash
xip -x Xcode_12.1.xip xip -x Xcode_12.2.xip
``` ```
### Step 2: Generating `Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz` from `Xcode.app` ### Step 2: Generating `Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz` from `Xcode.app`
To generate `Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz`, run To generate `Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz`, run
the script [`gen-sdk`](./gen-sdk) with the path to `Xcode.app` (extracted in the the script [`gen-sdk`](./gen-sdk) with the path to `Xcode.app` (extracted in the
previous stage) as the first argument. previous stage) as the first argument.
```bash ```bash
# Generate a Xcode-12.1-12A7403-extracted-SDK-with-libcxx-headers.tar.gz from # Generate a Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz from
# the supplied Xcode.app # the supplied Xcode.app
./contrib/macdeploy/gen-sdk '/path/to/Xcode.app' ./contrib/macdeploy/gen-sdk '/path/to/Xcode.app'
``` ```
@ -79,7 +79,7 @@ and its `libLTO.so` rather than those from `llvmgcc`, as it was originally done
To complicate things further, all builds must target an Apple SDK. These SDKs are free to To complicate things further, all builds must target an Apple SDK. These SDKs are free to
download, but not redistributable. To obtain it, register for an Apple Developer Account, download, but not redistributable. To obtain it, register for an Apple Developer Account,
then download [Xcode_12.1](https://download.developer.apple.com/Developer_Tools/Xcode_12.1/Xcode_12.1.xip). then download [Xcode_12.2](https://download.developer.apple.com/Developer_Tools/Xcode_12.2/Xcode_12.2.xip).
This file is many gigabytes in size, but most (but not all) of what we need is This file is many gigabytes in size, but most (but not all) of what we need is
contained only in a single directory: contained only in a single directory:

View File

@ -26,6 +26,7 @@ Common `host-platform-triplets` for cross compilation are:
- `x86_64-pc-linux-gnu` for x86 Linux - `x86_64-pc-linux-gnu` for x86 Linux
- `x86_64-w64-mingw32` for Win64 - `x86_64-w64-mingw32` for Win64
- `x86_64-apple-darwin` for macOS - `x86_64-apple-darwin` for macOS
- `arm64-apple-darwin` for ARM macOS
- `arm-linux-gnueabihf` for Linux ARM 32 bit - `arm-linux-gnueabihf` for Linux ARM 32 bit
- `aarch64-linux-gnu` for Linux ARM 64 bit - `aarch64-linux-gnu` for Linux ARM 64 bit
- `powerpc64-linux-gnu` for Linux POWER 64-bit (big endian) - `powerpc64-linux-gnu` for Linux POWER 64-bit (big endian)

View File

@ -1,7 +1,7 @@
OSX_MIN_VERSION=10.15 OSX_MIN_VERSION=10.15
OSX_SDK_VERSION=10.15.6 OSX_SDK_VERSION=11.0
XCODE_VERSION=12.1 XCODE_VERSION=12.2
XCODE_BUILD_ID=12A7403 XCODE_BUILD_ID=12B45b
LD64_VERSION=609 LD64_VERSION=609
OSX_SDK=$(SDK_PATH)/Xcode-$(XCODE_VERSION)-$(XCODE_BUILD_ID)-extracted-SDK-with-libcxx-headers OSX_SDK=$(SDK_PATH)/Xcode-$(XCODE_VERSION)-$(XCODE_BUILD_ID)-extracted-SDK-with-libcxx-headers