* lint: Skip shell linting if gawk is not installed
* lint: Skip Gitian descriptor scripts checking if jq is not installed
* ci: Install gawk and jq
`yq` requires `jq`
* Fix shellcheck warnings
bd3f5a90ecd6de40516141b23b0861dbba0b31b6 build: remove mingw linker workaround from win gitian descriptor (fanquake)
Pull request description:
This workaround was added as part of the switch to gitian building using Ubuntu 14.04 (#6900).
However, it should no longer be required, as we have switched to Bionic (#13171) and that
has a far newer version of binutils.
Original discussion: https://github.com/bitcoin/bitcoin/pull/6900
binutils patch: https://sourceware.org/bugzilla/show_bug.cgi?id=16192
ACKs for top commit:
MarcoFalke:
ACK bd3f5a90ecd6de40516141b23b0861dbba0b31b6
theuni:
ACK bd3f5a90ecd6de40516141b23b0861dbba0b31b6
laanwj:
ACK bd3f5a90ecd6de40516141b23b0861dbba0b31b6
Tree-SHA512: 01a5789994decf8cdedf7aaa0a449d2100a77e2e6b422d6b9dd5a4ac3e2e0b538c3d43aae4a1c3713614782f3c6b09d8d8bb21c20e86ce3c1734183dedd02d0c
b8705a091565d4373e0e8ad4aa764cfd906708db Set 'distro' explicitly (Hennadii Stepanov)
Pull request description:
The [gitian-builder](https://github.com/devrandom/gitian-builder) implicitly uses `ubuntu` as a default distro.
[bin/gbuild#L237](81edd2fc8e/bin/gbuild (L237)):
```ruby
distro = build_desc["distro"] || "ubuntu"
```
This PR sets a gitian building distro explicitly in description files.
Tree-SHA512: d2a692047f3466a5c637433610854d1100fe68a78fb03b4a81c70911fa14b0228d9cf25bcf115930aab9cc8c5063dacaf79bcd151f1c3f6fee6419389aefcb8b
fa193dc8e6f3b96fa2dba2f1c1668f7720fed320 doc: Remove win32 from the release process (MarcoFalke)
faf666f8148eeb305a9c4f78459aff2c7268016b Remove Windows 32 bit build (MarcoFalke)
Pull request description:
The Windows 32 bit build has been removed from https://bitcoincore.org/en/download/, so unless there are complaints, we don't need to build it even
ACKs for commit fa193d:
fanquake:
utACK fa193dc8e6
Tree-SHA512: d6f2976a2e0c407698f720b00ac23ec4056626de4eff8621f4c5581120af0460afd1bdef72329cc0e7d92afca48d94ae5fce6777cb36bfabb60b8034ff08fd88
530d02addbfea01ab24a2acd17af456a1e7b798a build: pass -fno-ident in Windows gitian descriptor (fanquake)
Pull request description:
`-fno-ident` prevents compilers from emitting compiler name and version number information that can needlessly bloat binaries.
For example, in the `v0.19.0.1` Windows release binaries, there are > 1000 GCC compiler version strings embedded:
```bash
# GCC: (GNU) 7.3-posix 20180312... & GCC: (GNU) 6.3.0 20170415.......
strings bitcoind.exe | rg GCC | wc -l
1021
```
They end up collected in the end of the`.rdata` section, and cannot be removed by `strip`. i.e:
```bash
objdump --section=.rdata --full-contents bitcoind.exe
...
cfcc00 00000000 00000000 00000000 00000000 ................
cfcc10 00000000 00000000 00000000 00000000 ................
cfcc20 4743433a 2028474e 55292036 2e332e30 GCC: (GNU) 6.3.0
cfcc30 20323031 37303431 35000000 00000000 20170415.......
cfcc40 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p
cfcc50 6f736978 20323031 38303331 32000000 osix 20180312...
cfcc60 4743433a 2028474e 55292037 2e332d70 GCC: (GNU) 7.3-p
cfcc70 6f736978 20323031 38303331 32000000 osix 20180312...
```
The flag is available for [Clang](https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-qn) and [GCC](https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fno-ident).
Relevant code in [GCC](https://github.com/gcc-mirror/gcc/blob/master/gcc/toplev.c#L565-L578):
```c
/* Attach a special .ident directive to the end of the file to identify
the version of GCC which compiled this code. The format of the .ident
string is patterned after the ones produced by native SVR4 compilers. */
if (!flag_no_ident)
{
const char *pkg_version = "(GNU) ";
char *ident_str;
if (strcmp ("(GCC) ", pkgversion_string))
pkg_version = pkgversion_string;
ident_str = ACONCAT (("GCC: ", pkg_version, version_string, NULL));
targetm.asm_out.output_ident (ident_str);
}
```
ACKs for top commit:
practicalswift:
ACK 530d02addbfea01ab24a2acd17af456a1e7b798a
laanwj:
ACK 530d02addbfea01ab24a2acd17af456a1e7b798a
Tree-SHA512: b3b28f43ec483dee28d1df8548fe72425bf00e750701825c256395f6aa7b23256eb27609b51779b86aed108b6eaa3912181a9d8282e23eebf9cee7784f9fabe0
32da92bdf6bb55d6d312b0f85797d439cc942db5 gitian: Improve error handling (Wladimir J. van der Laan)
Pull request description:
Improve error handling in gitian builds:
- Set fail-on-error and pipefail flag, this causes a command to fail when either of the pipe stages fails, not only when the last of the stages fails, so this improves error detection.
- Also use `xargs` instead of `find -exec`, because `find` will not propagate errors in the executed command, but `xargs` will.
This will avoid some issues like #15541 where non-determinism is silently introduced due to errors caused by environment conditions (such as lack of disk space in that case).
Tree-SHA512: d5d3f22ce2d04a75e5c25e935744327c3adc704c2d303133f2918113573a564dff3d3243d5569a2b93ee7eb0e97f8e1b1ba81767e966af9015ea711a14091035
* build: Add cmake as depends package (cmake.mk)
The bls-signatures library requires cmake 3.14
* depends: Update chia_bls to version 1.0.0 of dashpay/bls-signatures
* depends: Rename package chia_bls to bls-dash
* depends: Disable blspy/tests/benchmarks build for chia_bls
Note: Building with tests would require the following:
depends: Fix macOS build for versions < 10.12
Seems like older versions of macOS pretend to support c++17 std libs but do not have/have issues with uncaught_exceptions. "Catch", the testing framework used in the bls lib wants those by default but setting `DCATCH_CONFIG_NO_CPP17_UNCAUGHT_EXCEPTIONS` disables them which should be just fine to do in all cases here.
---
depends/packages/chia_bls.mk | 2 ++
1 file changed, 2 insertions(+)
diff --git a/depends/packages/chia_bls.mk b/depends/packages/chia_bls.mk
index e79a85844f..25749b74ab 100644
--- a/depends/packages/chia_bls.mk
+++ b/depends/packages/chia_bls.mk
@@ -28,6 +28,8 @@ define $(package)_set_vars
$(package)_config_opts_darwin+= -DCMAKE_AR="$(host_prefix)/native/bin/$($(package)_ar)"
$(package)_config_opts_darwin+= -DCMAKE_RANLIB="$(host_prefix)/native/bin/$($(package)_ranlib)"
endif
+
+ $(package)_cppflags+= -DCATCH_CONFIG_NO_CPP17_UNCAUGHT_EXCEPTIONS
endef
define $(package)_config_cmds
--
* depends: Drop obsolete variable
* bls: Integrate the upgraded version into the codebase
* depends: Pre-fetch relic to fix gitian
Can fetch apt packages only when building with lxc
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
4452829 gitian: quick hack to fix version string in releases (Cory Fields)
Pull request description:
Credit: @luke-jr
Release version strings were broken in Gitian by #7522. This is a minimal fix suitable for 0.15.
After this, we should fix up version handling for good so that gitian packages the correct string in the release tarball, so that git is not required to get the tag name.
Tree-SHA512: fa609a744c46306b0809f08fed6e96eff41b13e82f3e213711e4abef370558b64a68972f283a038330882cb6c40b32547fbb0f89b8058cc2c6025bff134473c3
* Remove use of -rdynamic
This causes check-symbols to fail horribly and also turned out to be not
required when using libbacktrace. It was only required when using
"backtrace()" from "<execinfo.h>"
* Remove spurious ], from configure.ac
* Add -DENABLE_STACKTRACES=1 to CMakeLists.txt
* Remove unused method my_backtrace_simple_callback
* Use fs::path().filename() instead of basename()
* Add static g_exeFileName and g_exeFileBaseName
* Use .exe.dbg file when available
* Use uint64_t instead of uintptr_t
* Implement GetBaseAddress() for unix and win32
* Implement unified crash_info and use it everywhere before printing crash info
* Print a serialized version of crash_info when there is no debug info
* Implement "-printcrashinfo" command line option
* Compile stacktrace support unconditionally and only make crash hooks conditional
This also renames the --enable-stacktraces option to --enable-crash-hooks
* Enable crash hooks in win/linux Gitian builds
* Try to load .debug file on MacOS and enable crash hooks for osx Gitian builds
* Check for dsymutil and if it needs --flat
* Create .debug files in osx Gitian build
* Handle review comments
* Also print crash description when no stacktrace is available
* Unconditionally add -g1 debug information
Instead of making it dependent on "--enable-crash-hooks". We will need the
debug info every time now, even in release builds.
* Put MacOS debug info into dSYM symbols instead of plain .debug files
* Implement MacOS specific GetBaseAddress
ed1fcdc Bugfix: Detect genbuild.sh in repo correctly (Luke Dashjr)
e98e3dd Bugfix: Only use git for build info if the repository is actually the right one (Luke Dashjr)
Tree-SHA512: 510d7ec8cfeff4e8e0c7ac53631eb32c7acaada7017e7f8cc2e6f60d86afe1cd131870582e01022f961c85a783a130bcb8fef971f8b110070c9c02afda020726
09fe2d9 release: update docs to show basic codesigning procedure (Cory Fields)
f642753 release: create a bundle for the new signing script (Cory Fields)
0068361 release: add win detached sig creator and our cert chain (Cory Fields)
Tree-SHA512: 032ad84697c70faaf857b9187f548282722cffca95d658e36413dc048ff02d9183253373254ffcc1158afb71140753f35abfc9fc8781ea5329c04d13c98759c0
The cache can become quite large and uncompressing/recompressing it is slow.
Better to let ccache handle compression as it will then only perform it
on files which are actually used.
* Add stdin, stdout, stderr to ignored export list
* Merge #13171: Change gitian-descriptors to use bionic instead
c1afe3232fa10e290fb355cf37ea4c7bc1084065 Change gitian-descriptors to use bionic instead (Chun Kuan Lee)
Pull request description:
I have tested this with Ubuntu Bionic host with lxc 3.0.0, the gitian-build for Windows and MacOSX work fine, but there is an issue about it for Linux. Failed at check-symbol:
```
test/test_bitcoin: symbol __divmoddi4 from unsupported version GCC_7.0.0
test/test_bitcoin: symbol log2f from unsupported version GLIBC_2.27
qt/bitcoin-qt: symbol __divmoddi4 from unsupported version GCC_7.0.0
qt/bitcoin-qt: symbol log2f from unsupported version GLIBC_2.27
```
I think this should be fixed in `./configure --enable-glibc-back-compat`
Should not be merged before #13177devrandom/gitian-builder#178Close#12511
Tree-SHA512: 257d75d5b6864e105279f7a7b992fbbd7903cdbe3300b66dacec0a783d267707d9dbbfe0e64a36983ca1eca50a2a5e1cdb222b6d3745ccc3e5fc5636c88b581f
* Use IN6ADDR_ANY_INIT instead of in6addr_any
This is the same fix as fc6a9f2ab1
Couldn't backport the original commit as we are missing some refactorings.
* Use subdirectory for depends cache in gitian builds
* Make timestamps of wrappers deterministic
* Use ccache in gitian builds
* Upgrade ccache to latest version (3.4.2)
* Build the branch that belongs to the Jenkins build instead of develop
We mostly switched to python3, so we should also install it in gitian
builds. Especially the osx build needs as it otherwise fails due to
missing setuptools.
The -debug tarballs/zips contain detached debugging symbols. To use them, place
in the same dir as the target binary, and invoke gdb as usual.
Also, because the debug symbols add a substantial space requirement, the build
dirs are now deleted when they're no longer needed.
This removes the following executables from the binary gitian release:
- test_bitcoin-qt[.exe]
- bench_bitcoin[.exe]
@jonasschnelli and me discussed this on IRC a few days ago - unlike the
normal `bitcoin_tests` which is useful to see if it is safe to run
bitcoin on a certain OS/environment combination, there is no good reason
to include these. Better to leave them out to reduce the download
size.
Sizes from the 0.12 release:
```
2.4M bitcoin-0.12.0/bin/bench_bitcoin.exe
22M bitcoin-0.12.0/bin/test_bitcoin-qt.exe
```
- fix parsing of BIND_NOW with older readelf
- add _IO_stdin_used to ignored exports
For details see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109
- add check-symbols and check-security make targets
These are not added to the default checks because some of them depend on
release-build configs.
- always link librt for glibc back-compat builds
glibc absorbed clock_gettime in 2.17. librt (its previous location) is safe to
link in anyway for back-compat.
Fixes#7420
- add security/symbol checks to gitian
Github-Pull: #7424
Rebased-From: cd27bf51e0475813ba5bf3d3eaf78ea8ce872118a81c87fafc
These are changes I needed to get gitian building to work with Debian
8.2, which is the version we tell to use.
- Set up NAT, so that container can access network beyond host
- Remove explicit cgroup setup - these are mounted automatically now
- gitian: Need `ca-certificates` and `python` for LXC builds
Github-Pull: #7060
Rebased-From: 99fda26de03b468a0e60
Common sentiment is that the miniupnpc codebase likely contains further
vulnerabilities.
I'd prefer to get rid of the dependency completely, but a compromise for
now is to at least disable it by default.