eafd2593674b6890418a50eadf69425071b824e4 build: Add NX workaround for RV64 (Wladimir J. van der Laan)
f6e42256fe8900ed90f9644906b77f97e1600952 build: Allow export of environ symbols (Wladimir J. van der Laan)
Pull request description:
This export was introduced in #17270 which added
```
//! Necessary on some platforms
extern char** environ;
```
This should (finally) make the gitian build pass again (fix issue #17525.).
Built on top of #17538 which should be merged first.
Top commit has no ACKs.
Tree-SHA512: 5c2054d52d0957aec3dc945b76d8e219187d22dc03889e7a88fb76049bf8e4a3e9f4da00dd1e9dd0351211f8e70d1a1b8ad7244f0348dab698e9d14b9d0c0bd4
c516c3a770e93dcd283dc4a9275cba88221d0e3a [contrib] Support ARM and RISC-V symbol check (Chun Kuan Lee)
Pull request description:
Solve the TODO in the gitian-descripter
Tree-SHA512: 8115e2958af3dde43d9d9d05f0b1b1b93b1c2aa513e771a3e4e1342a5d78af2b0e40c0bbb7e9a0d15954897317e6f5a0d80996239af3b376d5ddd527f73428ae
# Conflicts:
# contrib/devtools/symbol-check.py
# contrib/gitian-descriptors/gitian-linux.yml
0c55d8b58186ba69fffc147cd02b174450dac578 depends: qt: Patch to remove dep on libX11 (Carl Dong)
222e6cc52075cf6f866ce4a2e5900f0d6358f903 gitignore: Actually pay attention to depends patches (Carl Dong)
65f8da08df601ac98bad6f638392343fd564c0b9 symbol-check: Disallow libX11-*.so.* shared libraries (Carl Dong)
924569914e6079763fd1692bed372ded2c63d685 depends: libXext isn't needed by anyone (Carl Dong)
689d3b4a030675b6de87a55463a8e155843293fb build-aux: Remove check for x11-xcb (Carl Dong)
aa53cb7a2f04a59a4722c662e67b7a6ec04e32b5 depends: libX11: Make package headers-only (Carl Dong)
9a01ab04e1125b37618266d7fd1c3a6e3bb7e3f8 depends: qt: Explicitly stop using Xlib/libX11 (Carl Dong)
1ec30b8fbe4a162d6e2e6a9711d83f1bafd9b645 depends: xproto is only directly needed by libXau (Carl Dong)
Pull request description:
Related to: #16150
We noticed that we could build QT without using XLib/libX11 as a library. XLib/libX11's headers are still used, and a minimal `configure.ac` has been added to eliminate overly-enthusiastic configure-time dependencies that aren't actually required to obtain the headers.
This also means that we eliminate XLib/libX11 as required shared libraries at runtime, which is desirable.
See commit messages for more details.
---
Reviewers: I am least sure about the minimal `configure.ac`, as I'm not too familiar with the autoconf syntax. Any improvements w/re robustness would be welcome.
ACKs for top commit:
theuni:
ACK 0c55d8b58186ba69fffc147cd02b174450dac578
fanquake:
ACK 0c55d8b58186ba69fffc147cd02b174450dac578
Tree-SHA512: 41f653a0f91bc0e0faac49713c0c6dfd8cb605f9c4e34eb75a790dd808ebf3e5c160f1dd40bc8fbc911ee718ea319313b526d63733c98ff62d8dffecb58caa01
* Trivial Dashification
* Tweak getnetworkinfo and dumpwallet help text
We don't have RBF and Segwit
* CopyrightHolders should also check for missing "Dash Core" copyright
78214588d Use for-loop instead of list comprehension (practicalswift)
823979436 Use the variable name _ for unused return values (practicalswift)
2e6080bbf Remove unused variables and/or function calls (practicalswift)
9b94054b7 Avoid reference to undefined name: stderr does not exist, sys.stderr does (practicalswift)
51cb6b822 Use print(...) instead of undefined printf(...) (practicalswift)
25cd520fc Use sys.exit(...) instead of exit(...): exit(...) should not be used in programs (practicalswift)
Pull request description:
Python cleanups:
* Avoid reference to undefined name: `stderr` does not exist, `sys.stderr` does
* Use `print(...)` instead of undefined `printf(...)`
* Avoid redefinition of variable (`tx`) in list comprehension
* Remove unused variables and/or function calls
* Use `sys.exit(...)` instead of `exit(...)`: [`exit(...)` should not be used in programs](https://github.com/bitcoin/bitcoin/pull/10753#discussion_r125935027)
Tree-SHA512: 1238dfbc1d20f7edadea5e5406a589f293065638f6234809f0d5b6ba746dffe3d276bc5884c7af388a6c798c61a8759faaccf57f381225644754c0f61914eb4b
* Add stdin, stdout, stderr to ignored export list
* Merge #13171: Change gitian-descriptors to use bionic instead
c1afe3232fa10e290fb355cf37ea4c7bc1084065 Change gitian-descriptors to use bionic instead (Chun Kuan Lee)
Pull request description:
I have tested this with Ubuntu Bionic host with lxc 3.0.0, the gitian-build for Windows and MacOSX work fine, but there is an issue about it for Linux. Failed at check-symbol:
```
test/test_bitcoin: symbol __divmoddi4 from unsupported version GCC_7.0.0
test/test_bitcoin: symbol log2f from unsupported version GLIBC_2.27
qt/bitcoin-qt: symbol __divmoddi4 from unsupported version GCC_7.0.0
qt/bitcoin-qt: symbol log2f from unsupported version GLIBC_2.27
```
I think this should be fixed in `./configure --enable-glibc-back-compat`
Should not be merged before #13177devrandom/gitian-builder#178Close#12511
Tree-SHA512: 257d75d5b6864e105279f7a7b992fbbd7903cdbe3300b66dacec0a783d267707d9dbbfe0e64a36983ca1eca50a2a5e1cdb222b6d3745ccc3e5fc5636c88b581f
* Use IN6ADDR_ANY_INIT instead of in6addr_any
This is the same fix as fc6a9f2ab1
Couldn't backport the original commit as we are missing some refactorings.
* Merge #11881: Remove Python2 support
1874058 Make base58 python contrib code work with python3 (Evan Klitzke)
bc6fdf2 Change all python files to use Python3 (John Newbery)
Pull request description:
Following discussion here: https://github.com/bitcoin/bitcoin/pull/11843#issuecomment-351033742
It's easier for maintainers if all python tools/scripts support only a single version of Python. There are only a few scripts that aren't explicitly python3 at this point, so this PR changes those remaining scripts to explicitly require python3.
Tree-SHA512: 5d38eef6e0fc7d8515e23a1f4c75e8b4160fd0fe23cba52a1f41689b114e54a9e503e0724829e8b41982ef98f2d113df80d9e238213b74f09ceaed0344a19e24
* Merge #12829: Python3 fixup
f50975b [contrib] fixup symbol-check.py Python3 support (John Newbery)
5de2b18 [contrib] fixup security-check.py Python3 support (John Newbery)
Pull request description:
security-check.py and symbol-check.py were broken by #11881. Fix them.
Tree-SHA512: 86de3d6dc3292b1ae4cc04c2d7d7dbbf39c9270551d7b224b8d8b19e3184c30c897dbf823200403706d06bb405c0decad5cfd690cb2c0312992a235a4ffcf6bf
- fix parsing of BIND_NOW with older readelf
- add _IO_stdin_used to ignored exports
For details see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109
- add check-symbols and check-security make targets
These are not added to the default checks because some of them depend on
release-build configs.
- always link librt for glibc back-compat builds
glibc absorbed clock_gettime in 2.17. librt (its previous location) is safe to
link in anyway for back-compat.
Fixes#7420
- add security/symbol checks to gitian
Github-Pull: #7424
Rebased-From: cd27bf51e0475813ba5bf3d3eaf78ea8ce872118a81c87fafc
Perform the following ELF security checks:
- PIE: Check for position independent executable (PIE), allowing for address space randomization
- NX: Check that no sections are writable and executable (including the stack)
- RELRO: Check for read-only relocations, binding at startup
- Canary: Check for use of stack canary
Also add a check to symbol-check.py that checks that only the subset of
allowed libraries is imported (to avoid incompatibilities).
Add a script to check that the (Linux) executables produced by gitian
only contain allowed gcc, glibc and libstdc++ version symbols. This
makes sure they are still compatible with the minimum supported Linux
distribution versions.