Commit Graph

29 Commits

Author SHA1 Message Date
Kittywhiskers Van Gogh
07bd5977e5 partial bitcoin#23511: require glibc 2.18+ 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
f62fd6f51f merge bitcoin#22244: Correctly extract symbol versions in symbol-check 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
29c885c9f7 merge bitcoin#20434: Parse ELF directly for symbol and security checks 2023-01-18 19:02:39 -06:00
UdjinM6
815cd1d906 more of 17863/21376 2022-10-03 16:08:31 -04:00
Wladimir J. van der Laan
7fb31bc434 Merge #17863: scripts: Add MACHO dylib checks to symbol-check.py
c491368d8cfddf3a5b6d574f10ed67492fcecbed scripts: add MACHO dylib checking to symbol-check.py (fanquake)
76bf97213f4b153dd3ccf1314088a73c4804601d scripts: fix check-symbols & check-security argument passing (fanquake)

Pull request description:

  Based on #17857.

  This adds dynamic library checks for MACHO executables to symbol-check.py. The script has been modified to function more like `security-check.py`. The error output is now also slightly different. i.e:
  ```bash
  # Linux x86
  bitcoin-cli: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4
  bitcoin-cli: export of symbol vtable for std::basic_ios<char, std::char_traits<char> > not allowed
  bitcoin-cli: NEEDED library libstdc++.so.6 is not allowed
  bitcoin-cli: failed IMPORTED_SYMBOLS EXPORTED_SYMBOLS LIBRARY_DEPENDENCIES

  # RISCV (skips exported symbols checks)
  bitcoin-tx: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4
  bitcoin-tx: NEEDED library libstdc++.so.6 is not allowed
  bitcoin-tx: failed IMPORTED_SYMBOLS LIBRARY_DEPENDENCIES

  # macOS
  Checking macOS dynamic libraries...
  libboost_filesystem.dylib is not in ALLOWED_LIBRARIES!
  bitcoind: failed DYNAMIC_LIBRARIES
  ```

  Compared to `v0.19.0.1` the macOS allowed dylibs has been slimmed down somewhat:
  ```diff
   src/qt/bitcoin-qt:
   /usr/lib/libSystem.B.dylib
  -/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
   /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
   /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
   /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
   /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
   /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
   /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
  -/System/Library/Frameworks/Security.framework/Versions/A/Security
  -/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
   /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
  -/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
  -/System/Library/Frameworks/AGL.framework/Versions/A/AGL
   /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
   /usr/lib/libc++.1.dylib
  -/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
   /System/Library/Frameworks/CoreText.framework/Versions/A/CoreText
   /System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO
   /usr/lib/libobjc.A.dylib
  ```

ACKs for top commit:
  laanwj:
    ACK c491368d8cfddf3a5b6d574f10ed67492fcecbed

Tree-SHA512: f8624e4964e80b3e0d34e8d3cc33f3107938f3ef7a01c07828f09b902b5ea31a53c50f9be03576e1896ed832cf2c399e03a7943a4f537a1e1c705f3804aed979
2022-10-03 16:08:31 -04:00
UdjinM6
c6e724bf21 partial bitcoin#22244: Add xkb version to symbol-check 2022-04-26 20:37:20 +05:30
Kittywhiskers Van Gogh
1763f727b5 merge bitcoin#21376: Qt 5.12.10 2022-04-26 00:54:10 +05:30
MarcoFalke
60b3c5a64e
Merge #15257: Scripts and tools: Bump flake8 to 3.7.8
3d0a82cff8cbb809876e82dbe62d14d2adc07d94 devtools: Accomodate block-style copyright blocks (Ben Woosley)
0ef0e51fe4bb592e67255776b5a0ba04679fb8c4 lint: Bump flake8 to 3.7.8 (Ben Woosley)
838920704ad90a71cf288b700052503db8abb17e lint: Disable flake8 W504 warning (Ben Woosley)
b21680baf5391a602b295b9d7d0ef66553661cb9 test/contrib: Fix invalid escapes in regex strings (Ben Woosley)

Pull request description:

  This is a second go at #15221, fixing new lints in:
  W504 line break after binary operator
  W605 invalid escape sequence
  F841 local variable 'e' is assigned to but never used

  This time around:
  * One commit per rule, for easier review
  * I went with the PEP-8 style of breaking before binary operators
  * I looked into the raw regex newline issue, and found that raw strings with newlines embedded do work appropriately. E.g. run `re.match(r" \n ", " \n ")` to check this for yourself. `re.MULTILINE` exists to modify `^` and `$` in multiline scenarios, but  all of these searches are per-line.

ACKs for top commit:
  practicalswift:
    ACK 3d0a82cff8cbb809876e82dbe62d14d2adc07d94 -- diff looks correct

Tree-SHA512: bea0c144cadd72e4adf2e9a4b4ee0535dd91a8e694206924cf8a389dc9253f364a717edfe9abda88108fbb67fda19b9e823f46822d7303c0aaa72e48909a6105
2021-10-05 20:34:01 +03:00
MarcoFalke
b184989b4d Merge #17569: build: Allow export of environ symbols and work around rv64 toolchain issue
eafd2593674b6890418a50eadf69425071b824e4 build: Add NX workaround for RV64 (Wladimir J. van der Laan)
f6e42256fe8900ed90f9644906b77f97e1600952 build: Allow export of environ symbols (Wladimir J. van der Laan)

Pull request description:

  This export was introduced in #17270 which added
  ```
  //! Necessary on some platforms
  extern char** environ;
  ```
  This should (finally) make the gitian build pass again (fix issue #17525.).

  Built on top of #17538 which should be merged first.

Top commit has no ACKs.

Tree-SHA512: 5c2054d52d0957aec3dc945b76d8e219187d22dc03889e7a88fb76049bf8e4a3e9f4da00dd1e9dd0351211f8e70d1a1b8ad7244f0348dab698e9d14b9d0c0bd4
2021-09-14 14:30:13 -04:00
PastaPastaPasta
b483948627
Merge pull request #4255 from kittywhiskers/darwinqol
build: gitian, linting and macOS-specific QoL improvements (part 1)
2021-09-01 19:51:48 -04:00
Kittywhiskers Van Gogh
0b13db2ac5 merge #14954: Require python 3.5 2021-08-31 11:16:12 +05:30
Kittywhiskers Van Gogh
dc0e918126 merge bitcoin#17538: Bump minimum libc to 2.17 for release binaries 2021-08-28 11:52:01 +05:30
fanquake
824107ecfb
Merge #17545: build: remove libanl.so.1 from ALLOWED_LIBRARIES
ec89d2882a591f6af5aad57ab8638250d9dc1add build: remove libanl.so.1 from ALLOWED_LIBRARIES (fanquake)

Pull request description:

  It should no longer be needed after: 10ae7a7b23.

  Symbol checker output for the `0.19.0.1` gitian built Linux binaries:
  ```bash
  aarch64  arm  i686-pc  risvc  symbol-check.py  x86_64
  root@557096f567b5:/test# find aarch64/ -type f -executable | xargs python3 symbol-check.py
  ['libpthread.so.0', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-aarch64.so.1']
  ['libpthread.so.0', 'libfontconfig.so.1', 'libfreetype.so.6', 'libxcb.so.1', 'libdl.so.2', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-aarch64.so.1']
  root@557096f567b5:/test# find arm -type f -executable | xargs python3 symbol-check.py
  ['libpthread.so.0', 'librt.so.1', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-armhf.so.3']
  ['libpthread.so.0', 'librt.so.1', 'libfontconfig.so.1', 'libfreetype.so.6', 'libxcb.so.1', 'libdl.so.2', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-armhf.so.3']
  root@557096f567b5:/test# find i686-pc -type f -executable | xargs python3 symbol-check.py
  ['libpthread.so.0', 'librt.so.1', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux.so.2']
  ['libpthread.so.0', 'librt.so.1', 'libfontconfig.so.1', 'libfreetype.so.6', 'libxcb.so.1', 'libdl.so.2', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux.so.2']
  root@557096f567b5:/test# find risvc/ -type f -executable | xargs python3 symbol-check.py
  ['libpthread.so.0', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-riscv64-lp64d.so.1']
  ['libpthread.so.0', 'libfontconfig.so.1', 'libfreetype.so.6', 'libxcb.so.1', 'libdl.so.2', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-riscv64-lp64d.so.1', 'libatomic.so.1']
  root@557096f567b5:/test# find x86_64/ -type f -executable | xargs python3 symbol-check.py
  ['libpthread.so.0', 'librt.so.1', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-x86-64.so.2']
  ['libpthread.so.0', 'librt.so.1', 'libfontconfig.so.1', 'libfreetype.so.6', 'libxcb.so.1', 'libdl.so.2', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-x86-64.so.2']
  ```

ACKs for top commit:
  laanwj:
    ACK, good catch ec89d2882a591f6af5aad57ab8638250d9dc1add

Tree-SHA512: 6bc118da190a5c37d26f0dfad5d4661add2ef15525668efb93425423bddbddabf3d7d8809464e79691f517fbe2aab241678652b3dc55ec3f452cf0dcbc26057c
2021-07-14 18:43:47 -05:00
Wladimir J. van der Laan
f5a46e294f Merge #13724: [contrib] Support ARM and RISC-V symbol check
c516c3a770e93dcd283dc4a9275cba88221d0e3a [contrib] Support ARM and RISC-V symbol check (Chun Kuan Lee)

Pull request description:

  Solve the TODO in the gitian-descripter

Tree-SHA512: 8115e2958af3dde43d9d9d05f0b1b1b93b1c2aa513e771a3e4e1342a5d78af2b0e40c0bbb7e9a0d15954897317e6f5a0d80996239af3b376d5ddd527f73428ae

# Conflicts:
#	contrib/devtools/symbol-check.py
#	contrib/gitian-descriptors/gitian-linux.yml
2021-07-02 11:39:23 -04:00
fanquake
086bb0bae8 Merge #16408: depends: Prune X packages
0c55d8b58186ba69fffc147cd02b174450dac578 depends: qt: Patch to remove dep on libX11 (Carl Dong)
222e6cc52075cf6f866ce4a2e5900f0d6358f903 gitignore: Actually pay attention to depends patches (Carl Dong)
65f8da08df601ac98bad6f638392343fd564c0b9 symbol-check: Disallow libX11-*.so.* shared libraries (Carl Dong)
924569914e6079763fd1692bed372ded2c63d685 depends: libXext isn't needed by anyone (Carl Dong)
689d3b4a030675b6de87a55463a8e155843293fb build-aux: Remove check for x11-xcb (Carl Dong)
aa53cb7a2f04a59a4722c662e67b7a6ec04e32b5 depends: libX11: Make package headers-only (Carl Dong)
9a01ab04e1125b37618266d7fd1c3a6e3bb7e3f8 depends: qt: Explicitly stop using Xlib/libX11 (Carl Dong)
1ec30b8fbe4a162d6e2e6a9711d83f1bafd9b645 depends: xproto is only directly needed by libXau (Carl Dong)

Pull request description:

  Related to: #16150

  We noticed that we could build QT without using XLib/libX11 as a library. XLib/libX11's headers are still used, and a minimal `configure.ac` has been added to eliminate overly-enthusiastic configure-time dependencies that aren't actually required to obtain the headers.

  This also means that we eliminate XLib/libX11 as required shared libraries at runtime, which is desirable.

  See commit messages for more details.

  ---

  Reviewers: I am least sure about the minimal `configure.ac`, as I'm not too familiar with the autoconf syntax. Any improvements w/re robustness would be welcome.

ACKs for top commit:
  theuni:
    ACK 0c55d8b58186ba69fffc147cd02b174450dac578
  fanquake:
    ACK 0c55d8b58186ba69fffc147cd02b174450dac578

Tree-SHA512: 41f653a0f91bc0e0faac49713c0c6dfd8cb605f9c4e34eb75a790dd808ebf3e5c160f1dd40bc8fbc911ee718ea319313b526d63733c98ff62d8dffecb58caa01
2021-02-18 16:24:11 +01:00
UdjinM6
469d6aa737
Some Dashification (#3513)
* Trivial Dashification

* Tweak getnetworkinfo and dumpwallet help text

We don't have RBF and Segwit

* CopyrightHolders should also check for missing "Dash Core" copyright
2020-06-11 11:39:04 +03:00
UdjinM6
0b15551e3d
More of 10680 2020-01-10 10:34:02 -06:00
MarcoFalke
561ec27683 Merge #10781: Python cleanups
78214588d Use for-loop instead of list comprehension (practicalswift)
823979436 Use the variable name _ for unused return values (practicalswift)
2e6080bbf Remove unused variables and/or function calls (practicalswift)
9b94054b7 Avoid reference to undefined name: stderr does not exist, sys.stderr does (practicalswift)
51cb6b822 Use print(...) instead of undefined printf(...) (practicalswift)
25cd520fc Use sys.exit(...) instead of exit(...): exit(...) should not be used in programs (practicalswift)

Pull request description:

  Python cleanups:
  * Avoid reference to undefined name: `stderr` does not exist, `sys.stderr` does
  * Use `print(...)` instead of undefined `printf(...)`
  * Avoid redefinition of variable (`tx`) in list comprehension
  * Remove unused variables and/or function calls
  * Use `sys.exit(...)` instead of `exit(...)`: [`exit(...)` should not be used in programs](https://github.com/bitcoin/bitcoin/pull/10753#discussion_r125935027)

Tree-SHA512: 1238dfbc1d20f7edadea5e5406a589f293065638f6234809f0d5b6ba746dffe3d276bc5884c7af388a6c798c61a8759faaccf57f381225644754c0f61914eb4b
2020-01-02 22:01:29 -06:00
Alexander Block
c09f57bd78 Backport move to Ubuntu Bionic and GCC7 in Gitian builds (#2225)
* Add stdin, stdout, stderr to ignored export list

* Merge #13171: Change gitian-descriptors to use bionic instead

c1afe3232fa10e290fb355cf37ea4c7bc1084065 Change gitian-descriptors to use bionic instead (Chun Kuan Lee)

Pull request description:

  I have tested this with Ubuntu Bionic host with lxc 3.0.0, the gitian-build for Windows and MacOSX work fine, but there is an issue about it for Linux. Failed at check-symbol:
  ```
  test/test_bitcoin: symbol __divmoddi4 from unsupported version GCC_7.0.0
  test/test_bitcoin: symbol log2f from unsupported version GLIBC_2.27
  qt/bitcoin-qt: symbol __divmoddi4 from unsupported version GCC_7.0.0
  qt/bitcoin-qt: symbol log2f from unsupported version GLIBC_2.27
  ```
  I think this should be fixed in `./configure --enable-glibc-back-compat`

  Should not be merged before #13177 devrandom/gitian-builder#178

  Close #12511

Tree-SHA512: 257d75d5b6864e105279f7a7b992fbbd7903cdbe3300b66dacec0a783d267707d9dbbfe0e64a36983ca1eca50a2a5e1cdb222b6d3745ccc3e5fc5636c88b581f

* Use IN6ADDR_ANY_INIT instead of in6addr_any

This is the same fix as fc6a9f2ab1
Couldn't backport the original commit as we are missing some refactorings.
2018-08-13 23:21:42 +03:00
Alexander Block
7cf9572c26 Backport Bitcoin #11881: Remove Python2 support (#2224)
* Merge #11881: Remove Python2 support

1874058 Make base58 python contrib code work with python3 (Evan Klitzke)
bc6fdf2 Change all python files to use Python3 (John Newbery)

Pull request description:

  Following discussion here: https://github.com/bitcoin/bitcoin/pull/11843#issuecomment-351033742

  It's easier for maintainers if all python tools/scripts support only a single version of Python. There are only a few scripts that aren't explicitly python3 at this point, so this PR changes those remaining scripts to explicitly require python3.

Tree-SHA512: 5d38eef6e0fc7d8515e23a1f4c75e8b4160fd0fe23cba52a1f41689b114e54a9e503e0724829e8b41982ef98f2d113df80d9e238213b74f09ceaed0344a19e24

* Merge #12829: Python3 fixup

f50975b [contrib] fixup symbol-check.py Python3 support (John Newbery)
5de2b18 [contrib] fixup security-check.py Python3 support (John Newbery)

Pull request description:

  security-check.py and symbol-check.py were broken by #11881. Fix them.

Tree-SHA512: 86de3d6dc3292b1ae4cc04c2d7d7dbbf39c9270551d7b224b8d8b19e3184c30c897dbf823200403706d06bb405c0decad5cfd690cb2c0312992a235a4ffcf6bf
2018-08-13 19:07:52 +03:00
MarcoFalke
bc659c3e6e Merge #8270: Tests: Use portable #! in python scripts (/usr/bin/env)
7b01ce2 Favour python over python2 as per PR #7723 (Matthew King)
873e81f Use portable #! in python scripts (/usr/bin/env) (Matthew King)
2018-01-08 18:04:55 +01:00
Wladimir J. van der Laan
a9a209f586 Merge #7723: build: python 3 compatibility
18f05c7 build: python 3 compatibility (Wladimir J. van der Laan)
2017-12-19 13:18:30 +01:00
Cory Fields
aa26ee0101
release: Add security/export checks to gitian and fix current failures
- fix parsing of BIND_NOW with older readelf
- add _IO_stdin_used to ignored exports

For details see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109

- add check-symbols and check-security make targets

These are not added to the default checks because some of them depend on
release-build configs.

- always link librt for glibc back-compat builds

glibc absorbed clock_gettime in 2.17. librt (its previous location) is safe to
link in anyway for back-compat.

Fixes #7420

- add security/symbol checks to gitian

Github-Pull: #7424
Rebased-From: cd27bf51e0 475813ba5b f3d3eaf78e a8ce872118 a81c87fafc
2016-01-27 11:33:33 +01:00
Wladimir J. van der Laan
9f251b7a9d devtools: add libraries for bitcoin-qt to symbol check
Forgot to add these.
Also add a short description for each required library.
2015-11-16 16:39:23 +01:00
Wladimir J. van der Laan
579b863cd7 devtools: Add security-check.py
Perform the following ELF security checks:

- PIE: Check for position independent executable (PIE), allowing for address space randomization
- NX: Check that no sections are writable and executable (including the stack)
- RELRO: Check for read-only relocations, binding at startup
- Canary: Check for use of stack canary

Also add a check to symbol-check.py that checks that only the subset of
allowed libraries is imported (to avoid incompatibilities).
2015-10-22 03:35:38 +02:00
Michael Ford
78253fcbad Remove references to X11 licence 2014-12-16 15:56:50 +08:00
Wladimir J. van der Laan
27116e87cc
devtools: Exclude default exports from symbol-checker script
See discussion in #4663.
2014-08-17 10:07:46 +02:00
Wladimir J. van der Laan
202c95c216 devtools: have symbol check script check for exported symbols
After last commit, our executables should export no symbols anymore.  To
make sure that this stays the case, verify this in the symbol checker
script.
2014-04-30 15:30:39 +02:00
Wladimir J. van der Laan
74fc254c2b devtools: add script to check symbols from Linux gitian executables
Add a script to check that the (Linux) executables produced by gitian
only contain allowed gcc, glibc and libstdc++ version symbols.  This
makes sure they are still compatible with the minimum supported Linux
distribution versions.
2014-04-25 12:19:37 +02:00