merge bitcoin#27676: Bump minimum required runtime version and prepare for building with upstream LLVM

2024-12-23 19:12:47 +01:00 · 2024-11-03 09:46:25 +00:00 · 2024-11-03 09:46:25 +00:00 · be175091e6
commit be175091e6
parent 9f5d4b3719
10 changed files with 16 additions and 25 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -154,7 +154,7 @@ task:
    FILE_ENV: "./ci/test/00_setup_env_native_nowallet.sh"

 task:
-  name: 'macOS 10.12 [gui, no tests] [jammy]'
+  name: 'macOS 11.0 [gui, no tests] [jammy]'
  << : *GLOBAL_TASK_TEMPLATE
  container:
    image: ubuntu:jammy
--- a/configure.ac
+++ b/configure.ac
@ -1048,6 +1048,7 @@ if test x$TARGET_OS = xdarwin; then
  AX_CHECK_LINK_FLAG([[-Wl,-dead_strip]], [LDFLAGS="$LDFLAGS -Wl,-dead_strip"],, [[$LDFLAG_WERROR]])
  AX_CHECK_LINK_FLAG([[-Wl,-dead_strip_dylibs]], [LDFLAGS="$LDFLAGS -Wl,-dead_strip_dylibs"],, [[$LDFLAG_WERROR]])
  AX_CHECK_LINK_FLAG([[-Wl,-bind_at_load]], [HARDENED_LDFLAGS="$HARDENED_LDFLAGS -Wl,-bind_at_load"],, [[$LDFLAG_WERROR]])
+  AX_CHECK_LINK_FLAG([[-Wl,-fixup_chains]], [HARDENED_LDFLAGS="$HARDENED_LDFLAGS -Wl,-fixup_chains"], [], [[$LDFLAG_WERROR]])
 fi

 AC_CHECK_HEADERS([endian.h sys/endian.h byteswap.h stdio.h stdlib.h unistd.h strings.h sys/types.h sys/stat.h sys/select.h sys/prctl.h sys/sysctl.h vm/vm_param.h sys/vmmeter.h sys/resources.h])
--- a/contrib/devtools/security-check.py
+++ b/contrib/devtools/security-check.py
@ -158,13 +158,6 @@ def check_MACHO_NOUNDEFS(binary) -> bool:
    '''
    return binary.header.has(lief.MachO.HEADER_FLAGS.NOUNDEFS)

-def check_MACHO_LAZY_BINDINGS(binary) -> bool:
-    '''
-    Check for no lazy bindings.
-    We don't use or check for MH_BINDATLOAD. See #18295.
-    '''
-    return binary.dyld_info.lazy_bind == (0,0)
-
 def check_MACHO_Canary(binary) -> bool:
    '''
    Check for use of stack canary
@ -214,7 +207,6 @@ BASE_PE = [

 BASE_MACHO = [
    ('NOUNDEFS', check_MACHO_NOUNDEFS),
-    ('LAZY_BINDINGS', check_MACHO_LAZY_BINDINGS),
    ('Canary', check_MACHO_Canary),
 ]

--- a/contrib/devtools/symbol-check.py
+++ b/contrib/devtools/symbol-check.py
@ -242,7 +242,7 @@ def check_MACHO_libraries(binary) -> bool:
    return ok

 def check_MACHO_min_os(binary) -> bool:
-    if binary.build_version.minos == [10,15,0]:
+    if binary.build_version.minos == [11,0,0]:
        return True
    return False

--- a/contrib/devtools/test-security-check.py
+++ b/contrib/devtools/test-security-check.py
@ -120,13 +120,13 @@ class TestSecurityChecks(unittest.TestCase):

        if arch == lief.ARCHITECTURES.X86:
            self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fno-stack-protector']),
-                (1, executable+': failed NOUNDEFS LAZY_BINDINGS Canary PIE NX CONTROL_FLOW'))
+                (1, executable+': failed NOUNDEFS Canary PIE NX CONTROL_FLOW'))
            self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-Wl,-allow_stack_execute','-fstack-protector-all']),
-                (1, executable+': failed NOUNDEFS LAZY_BINDINGS PIE NX CONTROL_FLOW'))
+                (1, executable+': failed NOUNDEFS PIE NX CONTROL_FLOW'))
            self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-flat_namespace','-fstack-protector-all']),
-                (1, executable+': failed NOUNDEFS LAZY_BINDINGS PIE CONTROL_FLOW'))
+                (1, executable+': failed NOUNDEFS PIE CONTROL_FLOW'))
            self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-fstack-protector-all']),
-                (1, executable+': failed LAZY_BINDINGS PIE CONTROL_FLOW'))
+                (1, executable+': failed PIE CONTROL_FLOW'))
            self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all']),
                (1, executable+': failed PIE CONTROL_FLOW'))
            self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-no_pie','-Wl,-bind_at_load','-fstack-protector-all', '-fcf-protection=full']),
@ -136,11 +136,9 @@ class TestSecurityChecks(unittest.TestCase):
        else:
            # arm64 darwin doesn't support non-PIE binaries, control flow or executable stacks
            self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fno-stack-protector']),
-                (1, executable+': failed NOUNDEFS LAZY_BINDINGS Canary'))
+                (1, executable+': failed NOUNDEFS Canary'))
            self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-flat_namespace','-fstack-protector-all']),
-                (1, executable+': failed NOUNDEFS LAZY_BINDINGS'))
-            self.assertEqual(call_security_check(cc, source, executable, ['-fstack-protector-all']),
-                (1, executable+': failed LAZY_BINDINGS'))
+                (1, executable+': failed NOUNDEFS'))
            self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-bind_at_load','-fstack-protector-all']),
                (0, ''))

--- a/contrib/devtools/test-symbol-check.py
+++ b/contrib/devtools/test-symbol-check.py
@ -121,7 +121,7 @@ class TestSymbolChecks(unittest.TestCase):
                }
        ''')

-        self.assertEqual(call_symbol_check(cc, source, executable, ['-Wl,-platform_version','-Wl,macos', '-Wl,10.15', '-Wl,11.4']),
+        self.assertEqual(call_symbol_check(cc, source, executable, ['-Wl,-platform_version','-Wl,macos', '-Wl,11.0', '-Wl,11.4']),
                (1, f'{executable}: failed SDK'))

    def test_PE(self):
--- a/contrib/guix/manifest.scm
+++ b/contrib/guix/manifest.scm
@ -609,7 +609,7 @@ inspecting signatures in Mach-O binaries.")
           (list ;; Native GCC 11 toolchain
                 gcc-toolchain-11
                 binutils
-                 clang-toolchain-10
+                 clang-toolchain-11
                 python-signapple
                 xorriso))
          (else '())))))
--- a/depends/hosts/darwin.mk
+++ b/depends/hosts/darwin.mk
@ -1,4 +1,4 @@
-OSX_MIN_VERSION=10.15
+OSX_MIN_VERSION=11.0
 OSX_SDK_VERSION=11.0
 XCODE_VERSION=12.2
 XCODE_BUILD_ID=12B45b
--- a/depends/packages/native_clang.mk
+++ b/depends/packages/native_clang.mk
@ -1,12 +1,12 @@
 package=native_clang
-$(package)_version=10.0.1
+$(package)_version=11.1.0
 $(package)_download_path=https://github.com/llvm/llvm-project/releases/download/llvmorg-$($(package)_version)
 ifneq (,$(findstring aarch64,$(BUILD)))
 $(package)_file_name=clang+llvm-$($(package)_version)-aarch64-linux-gnu.tar.xz
-$(package)_sha256_hash=90dc69a4758ca15cd0ffa45d07fbf5bf4309d47d2c7745a9f0735ecffde9c31f
+$(package)_sha256_hash=18df38247af3fba0e0e2991fb00d7e3cf3560b4d3509233a14af699ef0039e1c
 else
 $(package)_file_name=clang+llvm-$($(package)_version)-x86_64-linux-gnu-ubuntu-16.04.tar.xz
-$(package)_sha256_hash=48b83ef827ac2c213d5b64f5ad7ed082c8bcb712b46644e0dc5045c6f462c231
+$(package)_sha256_hash=c691a558967fb7709fb81e0ed80d1f775f4502810236aa968b4406526b43bee1
 endif

 define $(package)_stage_cmds
--- a/share/qt/Info.plist.in
+++ b/share/qt/Info.plist.in
@ -3,7 +3,7 @@
 <plist version="0.9">
 <dict>
  <key>LSMinimumSystemVersion</key>
-  <string>10.15.0</string>
+  <string>11</string>

  <key>LSArchitecturePriority</key>
  <array>