Commit Graph

1174 Commits

Author SHA1 Message Date
fanquake
0b78348aa1 Merge #21271: guix: Explicitly set umask in build container
d98f4593cf00ab2973f8113e30506861b24383bc guix: Explicitly set umask in build container (Carl Dong)

Pull request description:

  Opened as a separate PR to fix non-reproducibility found through testing here: https://github.com/bitcoin/bitcoin/pull/21089#issuecomment-783549633

  Many thanks to everyone who helped find this!

ACKs for top commit:
  laanwj:
    ACK d98f4593cf00ab2973f8113e30506861b24383bc
  fanquake:
    ACK d98f4593cf00ab2973f8113e30506861b24383bc - I'm seeing matching hashes.

Tree-SHA512: ea339c3902f2f4dea32e8ef5cc675a1df0679530881260ae999aaaf7339d5b12c46e01e58677cbb079f33e573ad105e2b443a835f3e944ef8e943a25f83027f1
2023-03-26 16:50:26 -05:00
fanquake
12a586e35a Merge #21078: guix: only download sources for hosts being built
a6a1b106dcc4350e420c461171c47e4934087175 guix: only download sources for hosts being built (fanquake)

Pull request description:

  For example, if a user is only interested in building for Linux, this saves downloading the macOS compiler and additional dependencies, which is meaningful on a slow/poor connection. This will result in a few additional `make` invocations, for the Linux hosts, however this is low overhead, and time-wise irrelevant in terms of the overall build.

ACKs for top commit:
  laanwj:
    Code review ACK a6a1b106dcc4350e420c461171c47e4934087175

Tree-SHA512: 34c916ae6f69fed0d5845690b39111a8bee37208fd727176f375cf5eb4860f512abe12bde2680d697c859b4d50a3bc5688ddca7c2f28f9968fcf358753cf3f6d
2023-03-26 16:50:26 -05:00
fanquake
9c8f5f71dc partial Merge #21089: guix: Add support for powerpc64{,le}
95990b9f3278360b63e79d6975af4ab5009c66ba guix: Update conservative space requirements (Carl Dong)
5e6df1132656995ce5b9ce279d5a9808ea52ab32 guix: Add support for powerpc64{,le} (Carl Dong)

Pull request description:

  ```
  The new time-machine commit contains a few small changes that make the
  powerpc cross-toolchain work.
  ```

  See this compare to review my custom patches to Guix: 7d6bd44da5...6c9d16db96

ACKs for top commit:
  fanquake:
    ACK 95990b9f3278360b63e79d6975af4ab5009c66ba

Tree-SHA512: 464b0fb93d65962d8c27499293edb618d13d18f40d44e3eed96935e86d430666dfb1c5b8a30f99ffdfd17b44514ad88e358977390b689a2e3831d521f6f7b86a
2023-03-26 16:50:26 -05:00
Wladimir J. van der Laan
cd0d7d2991 Merge #21088: guix: Jump forwards in time-machine and adapt
d02076b8852d8faae95cee6e3de434460c07412a guix: Jump forwards in time-machine and adapt (Carl Dong)
f8ca8c5c28d3050b780e67d47a50ac65fc2dc3ad guix: Supply --keep-failed for debugging (Carl Dong)

Pull request description:

  ```
  The new time-machine commit is Guix v1.2.0 with a yet-unupstreamed patch
  for NSIS.

  A few important changes:

  1. Guix switched back from using CPATH to C{,PLUS}_INCLUDE_PATH as the
     way to indicate #include search paths.
  2. GCC's library is now split into a separate output, whereas before it
     was included in the default output. This means that our gcc toolchain
     packages need to propagate that output.
  3. A few package versions were bumped
  ```

  See this compare to review my custom patches to Guix: https://github.com/dongcarl/guix/compare/version-1.2.0...7d6bd44da57926e0d4af25eba723a61c82beef98

ACKs for top commit:
  laanwj:
    ACK d02076b8852d8faae95cee6e3de434460c07412a

Tree-SHA512: 896d5bf1b6e5fda2f0106013c568c119bbbb86cb31a8c0a22432bada9b7da51678b96374bf8fd7c15353698ba47ac9dd39874d40c39001281471db7c78bf1705
2023-03-26 16:50:26 -05:00
fanquake
2f3b44289c Merge #21087: guix: Passthrough BASE_CACHE into container
901f54321b386258a1682423160bfdfa35ea4c39 guix: Passthrough BASE_CACHE into container (Carl Dong)

Pull request description:

  This allows depends-built packages to be cached.

ACKs for top commit:
  MarcoFalke:
    Approach ACK 901f54321b386258a1682423160bfdfa35ea4c39
  fanquake:
    ACK 901f54321b386258a1682423160bfdfa35ea4c39

Tree-SHA512: 464815f41fc081d7956bec84380668834b6ee6751c7a3d56daad6e1fc91e582de4bbdd1a89f399b1136f2adc4d9941517cfe4db694f0ee5bf59bf2f44fc6fda0
2023-03-26 16:50:26 -05:00
Wladimir J. van der Laan
0cce5d13b6 Merge #21163: doc: Guix is shipped in Debian and Ubuntu
fa051c23860bcdcc871db5ad6b51b8d9ca88da35 doc: Guix is shipped in Debian and Ubuntu (MarcoFalke)

Pull request description:

ACKs for top commit:
  practicalswift:
    ACK fa051c23860bcdcc871db5ad6b51b8d9ca88da35 🚀

Tree-SHA512: f72f546cfc20cf1cc0c26c2306ac06416ada87661596fe811b497cce646aa286dc4aee832145bf838b13fbd3c5f064519eb8c0b4525eb562f2f04f20e2876ffc
2023-03-26 16:50:26 -05:00
fanquake
89ff5e3ef8 Merge #21116: build: Disable --disable-fuzz-binary for gitian/guix builds
cb151b797aeabb376d37ef058aee34c06d36d487 build: Disable --disable-fuzz-binary for guix builds (Hennadii Stepanov)
fd7caae35fd3f83175247a79f7573e374779a851 build: Disable --disable-fuzz-binary for gitian builds (Hennadii Stepanov)

Pull request description:

  Fuzz binary is not shipped to users.
  This PR saves hundreds MB of the disk space for containers.

ACKs for top commit:
  MarcoFalke:
    review ACK cb151b797aeabb376d37ef058aee34c06d36d487
  fanquake:
    ACK cb151b797aeabb376d37ef058aee34c06d36d487

Tree-SHA512: 858e3816576c307b47915bb05de79a28029beaef8835c01f1bd6a764a0cf7f7f63ef8c2dc2c5944cb36cc9f4788d9b0590b8a5dda96940167252ba371cdbd078
2023-03-26 16:50:26 -05:00
fanquake
a6e7dda55b Merge #17920: guix: Build support for macOS
f1694757ddbcb3635213b085e864851e285c8c12 guix: Fix typo (Carl Dong)
771c4b98a8693eee642f2b118b3193fe6e022291 guix: README: Add darwin HOSTS entry (Carl Dong)
8dbf18cb1d3260d34ba822ceb12e67b1f124ea13 guix: Check for macOS SDK before building anything (Carl Dong)
34b23f597ec52efb795d72e9e5620712d0010edd guix: Set ZERO_AR_DATE for darwin build determinism (Carl Dong)
f3835dc6a3732dcd4afbb5987f84dc27f2bf55af build: Make xorrisofs reproducible with -volume_date (Carl Dong)
c9eb4cf3a0f81bfd72f06fd43b5610f0a4f5e804 guix: Add support for darwin builds (Carl Dong)
37fe73a092b08fe9d7ce636a1021429de6cda757 build: Add var printing target to src/Makefile.am (Carl Dong)

Pull request description:

  This PR brings our Guix builds on par with Gitian in terms of supported architectures.

  Reviewers: if you run a build, please submit:

  ```
  find output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
  ```

  So that we can compare hashes and ensure reproducibility!

ACKs for top commit:
  fanquake:
    ACK f1694757ddbcb3635213b085e864851e285c8c12 - I think we can make some small usability improvements, but this is ok to merge now.

Tree-SHA512: 4af2b71654a9736467dcc681d10601c6eee37800d7847011a50585455b67b55d61742ca5604585f310a2fd75335b674e5e27dfb5169cb2f26e112aa4c411d8be
2023-03-26 16:50:26 -05:00
fanquake
1c79710e65 Merge #20937: guix: Make nsis reproducible by respecting SOURCE-DATE-EPOCH
1fca9811e1331ac5dae8188f6178cc37da4929a7 lint: Skip whitespace lint for guix patches (Carl Dong)
a91c46c57d88fc399432afab7bb0fb14c3e490a7 guix: Make nsis reproducible by respecting SOURCE-DATE-EPOCH (Carl Dong)

Pull request description:

  ```
  When building nsis, if VERSION is not specified, it defaults to
  cvs_version which is non-deterministic as it includes the current date.

  This patches nsis to default to SOURCE_DATE_EPOCH if it exists so that
  nsis is reproducible.

  Upstream change: https://github.com/kichik/nsis/pull/13
  ```

  Sidenote: also a good demonstration of how Guix allows us to flexibly patch our tools!

  Note to reviewers: if you want to compare hashes, please build after Jan 16th 2021 without my substitute server enabled!

ACKs for top commit:
  fanquake:
    ACK 1fca9811e1331ac5dae8188f6178cc37da4929a7

Tree-SHA512: b800e0ce5f73827ad353739effb9167ec3a6bdb362c725ae20dd3f025ce78660f85c70ce1d75cd0896facf1e8fe38a9e058459ed13dec71ab3a2fe41e20eaa5d
2023-03-26 16:50:26 -05:00
fanquake
d4d19b539b Merge #20619: guix: Quality of life improvements
570e43fe72e13e0a82e25f7145704f62b2c2cc52 guix: Print build params inside/outside of container (Carl Dong)
2f9d1fdde66f4713351905ec73487e5288d20f8f guix: Move DISTSRC determination to guix-build.sh (Carl Dong)
0b7cd07bb56baa112ffa596fb23a905871031a36 guix: Move OUTDIR determination+creation to guix-build.sh (Carl Dong)
d27ff8b86aa66acec63b5713912bd4ad9470e66f guix: Add more sanity checks to guix-build.sh (Carl Dong)
57f95331464f097261c63fd1b6040536c58a03fa guix: Add section headings to guix-build.sh (Carl Dong)
38b7b2ed72b1f0f57bd9800c7fbb7b7c98a20ed0 genbuild: Specify rev-parse length (Carl Dong)
036dc740da3239cdcc13e0f299ab95b456f7118b docs: Point to contrib/guix/README.md in doc/guix.md (Carl Dong)
34f0fda2d31d2ada632ca1165b82aebdfd342efe guix: Small updates to README wording (Carl Dong)
402e3a5b1ed9de7057ce9955ea792ad1c2b9f2b5 guix: Update HOSTS README entry for new architectures (Carl Dong)
cfa7ceb21b14d1fa24c2541bf242a0ed539b9e1b guix: Remove README development environment section (Carl Dong)
93b6a8544a03d13733ca2ef769f76df587ad86c8 guix: Add ADDITIONAL_GUIX_{COMMON,TIMEMACHINE}_FLAGS options (Carl Dong)
0f31e24703e25698d2d41fb54e30ec75a4a80943 guix: Add SUBSTITUTE_URLS option (Carl Dong)
444fcfca907d46cfeb52001599966cce25bdf54e guix: Make guix honor MAX_JOBS setting (Carl Dong)

Pull request description:

  After live-demo-ing a Guix build (which completed successfully!) on achow101's stream, I realized there were a few quality of life improvements which can be made to improve the user experience of our Guix build process. Here are a few of them.

  Notable changes:
  1. When `MAX_JOBS` is specified, both `guix time-machine` and `guix environment` will now build up to `MAX_JOBS` packages at a time when creating the build environment
  2. The instructions for using substitutes were incorrect, and has now been replaced with a `SUBSTITUTE_URLS` environment variable, which works well with shell's IFS splitting rules
  3. New `ADDITIONAL_GUIX_{COMMON,TIMEMACHINE}_FLAGS` options, for more granular customization of the build process.
  4. README cleanup

ACKs for top commit:
  fanquake:
    ACK 570e43fe72e13e0a82e25f7145704f62b2c2cc52 - lets move this forward.

Tree-SHA512: 4e8ab560522ade5efb5e8736aec0fb1a3f19ae9deb586c1ab87020816876f3f466a950b3f8c04d9fa1d072ae5ee780038c5c9063577049bdd9db17978e11c328
2023-03-26 16:50:26 -05:00
Wladimir J. van der Laan
de430e69aa Merge #20318: build: Ensure source tarball has leading directory name
faa2f06f5eaf8578873495f44603ee74d7a1abf4 scripted-diff: [build] Ensure source tarball has leading directory name (MarcoFalke)

Pull request description:

  This has been fixed in 0.20, so it needs to be fixed on master as well to avoid a regression

  #18945

ACKs for top commit:
  laanwj:
    ACK faa2f06f5eaf8578873495f44603ee74d7a1abf4
  hebasto:
    ACK faa2f06f5eaf8578873495f44603ee74d7a1abf4, tested gitian builds only.
  promag:
    ACK faa2f06f5eaf8578873495f44603ee74d7a1abf4.

Tree-SHA512: e3b025c29c45b025002abc35262bb5d771f6cbd807f1c256c477c243685e93cd43ad9f642b38e3cf218590912abe6ea0ddfec3bfbef36f99080aad74ed6cc0af
2023-03-26 16:50:26 -05:00
fanquake
a3ceaea97e Merge #18958: guix: Make V=1 more powerful for debugging
f852761aec81ed23c7b9e4546c08d1ef303f2507 guix: Add clarifying documentation for V env var (Carl Dong)
85f4a4b0822e3aa10310c4623eff719f301e9263 guix: Make V=1 more powerful for debugging (Carl Dong)

Pull request description:

  ```
  - Print commands in both unexpanded and expanded forms
  - Set VERBOSE=1 for CMake
  ```

  Ping MarcoFalke hopefully you use `V=1` already for the Guix builds on DrahtBot?

ACKs for top commit:
  fanquake:
    ACK f852761aec81ed23c7b9e4546c08d1ef303f2507. Ran a Windows Guix build and compared the output from master and this PR when using `V=1`. i.e `HOSTS=x86_64-w64-mingw32 PATH="/root/.config/guix/current/bin${PATH:+:}$PATH" V=1 ./contrib/guix/guix-build.sh`.

Tree-SHA512: 8bc466fa7b869618bbd5a0a91c6b23d4785009289f8dfb93b0349317463a9ab9ece128c72436e02a0819722a63e703100aed15807867a716fda891292fcb9d9d
2023-03-26 16:50:26 -05:00
PastaPastaPasta
bc20ef6bf5
ci: resolve gitian automation failures on dashevo repo (#5267)
## Issue being fixed or feature implemented
Automation in private dashevo GitHub was failing due to the branch
trying to be built not having the automation be the newer tagged based
system. as such, if you simply tag a commit from the dashpay repo and
try to build it using automation, the build would fail. This should
resolve the issue. Recommended to BP so that we don't have this issue
when building v19.x branch builds

## What was done?


## How Has This Been Tested?
Creating a docker image should now be as simple pushing a branch and tag
to dashevo/dash; start the automation on branch develop with tag
previously specified

## Breaking Changes


## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation

**For repository code-owners and collaborators only**
- [x] I have assigned this pull request to a milestone
2023-03-23 09:51:05 -05:00
Konstantin Akimov
e3a211a8a4
chrore: bump version in gitian to 19 (#5220)
Name of some files in gitian's build contains "18" instead 19.

## Issue being fixed or feature implemented


## What was done?
Version bumped in gitian's related configs

## How Has This Been Tested?
Will be tested with next RC of v19

## Breaking Changes
No breaking changes


## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have made corresponding changes to the documentation
@PastaPastaPasta may you update release TODO checklist, please?
- [x] I have assigned this pull request to a milestone
2023-02-27 23:11:07 -06:00
fanquake
700d46b26d Merge #18741: guix: Make source tarball using git-archive
bfe1ba2f5b36056e0c41edf8206b93d3d83098df rel-builds: Specify core.abbrev for git-rev-parse (Carl Dong)
27e63e01cce368d67092de8f0c736927d6f6aa69 build: Accomodate makensis v2.x (Carl Dong)
1f2c39a30e0f82046c7aecddfda3eb99cb536816 guix: Remove logical cores requirement (Carl Dong)
a4f6ffa71e335d4b2a6bf525b7f416968f9cd9f7 lint: Also enable source statements for non-gitian (Carl Dong)
d256f91cb1b0d6ff5170106b99b0266cbe51f5a2 rel-builds: Directly deploy win installer to OUTDIR (Carl Dong)
fa791da02f9684e3fd554b687fb692ae6a23d65a nsis: Specify OutFile path only once (Carl Dong)
14701604d0904bc5bbf1c67de08f8ee6d3215523 guix: Expose GIT_COMMON_DIR in container as readonly (Carl Dong)
f5a6ac4f48b18f93050d77bcb23f9cf45ec34647 guix: Make source tarball using git-archive (Carl Dong)
395c1137f630dc495ffb2752a23bc1dfd470ee53 gitian: Limit sourced script to just assignments (Carl Dong)

Pull request description:

  Based on: #18556
  Related: https://github.com/bitcoin/bitcoin/pull/17595#discussion_r399728721

ACKs for top commit:
  fanquake:
    ACK bfe1ba2f5b36056e0c41edf8206b93d3d83098df - I agree with Carl, and am going to merge this. I'd like for Linux Guix builds to be working again, and we can rebase #18818.

Tree-SHA512: c87ada7e3de17ca0b692a91029b86573442ded5780fc081c214773f6b374a0cdbeaf6f6898c36669c2e247ee32aa7f82defb1180f8decac52c65f0c140f18674
2023-02-20 09:09:23 -06:00
fanquake
87de9c8f5c Merge #17929: build: add linker optimisation flags to gitian & guix (Linux)
f2b5b0a3b48f9241971c14238040048f8b630811 build: add linker optimization flags to guix (fanquake)
b8b050a8d642e38c81d1e451750c2c8db92fee5e build: add linker optimization flags to gitian descriptors (fanquake)

Pull request description:

  This PR adds `-Wl,O2` to our gitian and guix LDFLAGS. This makes the linker perform certain optimisations (and is different from LTO).

  Any -O argument will enable optimizations in GNU ld. We can use -O2 here, as this matches our compile flags. Note that this would also enable additional optimizations if using the lld or gold linkers, when compared to -O0.

  A nice writeup + diagrams of some of these optimizations is  available here: http://lwn.net/Articles/192624/.

  #### master
  ```bash
  # bitcoind
  Histogram for `.gnu.hash' bucket list length (total of 3 buckets)
   Length  Number     % of total  Coverage
        0  1          ( 33.3%)       0.0%
        1  0          (  0.0%)       0.0%
        2  1          ( 33.3%)      40.0%
        3  1          ( 33.3%)     100.0%
  ```
  ```bash
  # bitcoin-qt
  Histogram for `.gnu.hash' bucket list length (total of 3 buckets)
   Length  Number     % of total  Coverage
        0  0          (  0.0%)       0.0%
        1  1          ( 33.3%)      10.0%
        2  0          (  0.0%)      10.0%
        3  0          (  0.0%)      10.0%
        4  1          ( 33.3%)      50.0%
        5  1          ( 33.3%)     100.0%
  ```

  #### this PR:
  ```bash
  # bitcoind
  Histogram for `.gnu.hash' bucket list length (total of 8 buckets)
   Length  Number     % of total  Coverage
        0  3          ( 37.5%)       0.0%
        1  5          ( 62.5%)     100.0%
  ```
  ```bash
  # bitcoin-qt
  Histogram for `.gnu.hash' bucket list length (total of 19 buckets)
   Length  Number     % of total  Coverage
        0  9          ( 47.4%)       0.0%
        1  10         ( 52.6%)     100.0%
  ```

  #### GNU ld -O

  > If level is a numeric values greater than zero ld optimizes the output. This might take significantly longer and therefore probably should only be enabled for the final binary. At the moment this option only affects ELF shared library generation. Future releases of the linker may make more use of this option. Also currently there is no difference in the linker’s behaviour for different non-zero values of this option. Again this may change with future releases.

  #### lld -O

  > Optimize output file size

ACKs for top commit:
  dongcarl:
    ACK f2b5b0a3b48f9241971c14238040048f8b630811
  laanwj:
    ACK f2b5b0a3b48f9241971c14238040048f8b630811

Tree-SHA512: e53f3a4338317dbec65d3a93b57b5a6204aabdf9ac82d99447847a3c8627facc53c58c2cf947376f13edd979fc8129a80f18d9ebeccd191a576c83f1dad5c513
2023-02-20 09:09:23 -06:00
fanquake
dff599acff Merge #17595: guix: Enable building for x86_64-w64-mingw32 target
a35e3235891d35daa167116cc70340140e883f06 guix: Appease travis. (Carl Dong)
0b66d22da5f53640e22f05adf880782c613e6d0f guix: Use gcc-9 for mingw-w64 instead of 8 (Carl Dong)
ba0b99bdd613ba7f17c6247ece3001e1b44759a3 guix: Don't set MINGW_HAS_SECURE_API CFLAG in depends (Carl Dong)
93439a71eda49fb69f1e82966a23a946733aa6fa guix: Bump to upstream commit with mingw-w64 changes (Carl Dong)
35a96792dda9e78165b1598aeac7b2ab759e7be5 guix: Check mingw symbols, improve SSP fix docs (Carl Dong)
449d8fe25bbe25daacfc67aa89ca32b0a3254c5a guix: Expand on INT trap message (Carl Dong)
3f1f03c67a8e9edf487f08d272adb18b0a3942c8 guix: Spelling fixes (Carl Dong)
ff821dd2a1c600488d11e7d9a20e9179ecc9144b guix: Reinstate make-ssp-fixed-gcc (Carl Dong)
360a9e0ad50a36ec79a1a160dbed3966689fd41c guix: Bump time-machine for mingw-w64 patches (Carl Dong)
93e41b7e3b54c17fd1b4c61ee95fc0dc2827e954 guix: Use gcc-8 for mingw-w64 instead of 7 (Carl Dong)
ef4f7e4c45c60a69406134122f091c77c6ef740f guix: Set the well-known timezone env var (Carl Dong)
acf4b3b3b5accf60a19441a0298ef27001b78e72 guix: Make x86_64-w64-mingw32 builds reproducible (Carl Dong)
c4cce00eac691625b78b92f7dba0b7f57def19e5 guix: Remove dead links from README. (Carl Dong)
df953a4c9a6143f45864757b706c88b6fa70545a guix: Appease shellcheck. (Carl Dong)
91897c95e191d293eb27d8af15cbeafc5b8f3895 guix: Improve guix-build.sh documentation (Carl Dong)
570d769c6c59b9f6d1a2b95b2ed60432cb33b3ba guix: Build support for Windows (Carl Dong)

Pull request description:

  ~~Based on: https://github.com/bitcoin/bitcoin/pull/16519~~
  Based on: #17933 (Time Machines are... shall we say... superior 😁)

  This PR allows us to perform Guix builds for the `x86_64-w64-mingw32` target. We do this _without_ splitting up the build script like we do in Gitian by using this newfangled alien technology called `case` statements. (This is WIP and might be changed to `if` statements soon)

ACKs for top commit:
  fanquake:
    ACK a35e3235891d35daa167116cc70340140e883f06 2/3

Tree-SHA512: c471951c23eb2cda919a71285d8b8f2580cb20f09d5db17b53e13dbd8813e01b3e7a83ea848e4913fd0f2bc12c6c133c5f76b54e65c0d89fed4dfd2e0be19875
2023-02-20 09:09:23 -06:00
fanquake
355a735e78 Merge #18320: guix: Remove now-unnecessary gcc make flag
0ae42a16c766a7ecb8711bfad6f22b8581ea0258 guix: Remove now-unnecessary gcc make flag (Carl Dong)

Pull request description:

  ```
  Previously, Guix would produce a gcc which did not know to use the SSP
  function from glibc, and required a gcc make flag for it to do so, in my
  attempt to fix it upstream I realized that this is no longer the case.

  This can be verified by performing a Guix build and doing

    readelf -s ... | grep __stack_chk

  to check that symbols are coming from glibc, and doing

    readelf -d ... | grep NEEDED | grep ssp

  to see that libssp.so is not being depended on
  ```

ACKs for top commit:
  fanquake:
    ACK 0ae42a16c766a7ecb8711bfad6f22b8581ea0258 - ran a Guix build (hashes below) and checked all the linux binaries:

Tree-SHA512: 701b91e7c323b12a29af9539cb2656d10ce0a93af573a02e57f0b7fea05a6e1819798536eadb24d0a17e7f35b503f5e863fee5e7409db1b8a3973c4375e49d4e
2023-02-20 09:09:23 -06:00
fanquake
1f9f160d24 Merge #18104: build: Skip i686 build by default in guix and gitian
fae9084ac5b10f94bdee54853d307838c4254e9c build: Skip i686 build by default in guix and gitian (MarcoFalke)
fa55a2554c2661b8f2a759044d5ac85c9979d9ca depends: Remove reference to win32 (MarcoFalke)

Pull request description:

  Closes #17504

  Now that we no longer provide downloads for i686 on our website (https://bitcoincore.org/en/download/), there is no need to build them by default.

  i686 can still be built in depends (tested by ci/travis) and in guix/gitian by setting the appropriate `HOSTS`.

ACKs for top commit:
  practicalswift:
    ACK fae9084ac5b10f94bdee54853d307838c4254e9c -- patch looks correct
  dongcarl:
    ACK fae9084ac5b10f94bdee54853d307838c4254e9c patch looks correct
  laanwj:
    Code review ACK fae9084ac5b10f94bdee54853d307838c4254e9c
  hebasto:
    ACK fae9084ac5b10f94bdee54853d307838c4254e9c, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: b000c19a2cd2a596a52028fa298c4022c24cfdfc1bdb3795a90916d0a00a32e4dd22278db93790b6a11724e08ea8451f4f05c77bc40d1664518e11a8c82d6e29
2023-02-20 09:09:23 -06:00
fanquake
359c0fd62b Merge #17933: guix: Pin Guix using guix time-machine
88c83636d5a56bd9551577139786bdd3e74852c2 guix: Update documentation for time-machine (Carl Dong)
e6050884fdabfa6e51e6afce2041d91e60a5adec guix: Pin Guix using `guix time-machine` (Carl Dong)

Pull request description:

  An alternative to #16519, pinning our version of Guix and eliminating a `guix pull` and changing the default Guix profile of builders.

  I think this method might be superior, as it:
  - Eliminates the possibility of future changes to the `guix environment` command line interface breaking our builds
  - Eliminates the need to set up a separate channel repo

  It is a more general pinning solution than #16519.

  -----

  The reason why I didn't originally propose this is because `guix time-machine` is a recent addition to Guix, only available since `f675f8dec73d02e319e607559ed2316c299ae8c7`

ACKs for top commit:
  fanquake:
    ACK 88c83636d5a56bd9551577139786bdd3e74852c2

Tree-SHA512: 85e03b0987ffa86da73e02801e1cd8b7622698d70c4ba4e60561611be1e9717d661c2811a59b3e137b1b8eef2d0ba37c313867d035ebc89c3bd06a23a078064a
2023-02-20 09:09:23 -06:00
MarcoFalke
8a293adb88 partial Merge #17351: doc: Fix some misspellings
ac831339cbfa65b1f7576c53b5d9a94841db9868 doc: Fix some misspellings (randymcmillan)

Pull request description:

  Here is a more thorough lint-spelling update.
  This PR takes care of easy to fix spelling errors to clean up the linting stages.
  There are misspellings coded into the functional tests.
  That is a whole separate job within itself.

ACKs for top commit:
  practicalswift:
    ACK ac831339cbfa65b1f7576c53b5d9a94841db9868 -- diff looks correct

Tree-SHA512: d8fad83fed083715655f148263ddeffc6752c8007d568fcf3dc2c418ccd5db70089ce3ccfd3994fcbd78043171402eb9cca5bdd5125287e22c42ea305aaa6e9d
2023-02-20 09:09:23 -06:00
fanquake
9eb0995a88 Merge #16810: guix: Remove ssp spec file hack
0065ead5ebdad9f743d89ee2558c93253a597967 contrib: guix: Remove ssp spec file hack (Carl Dong)
0093a5869a30797ccb139d0cb5a0427d3f3c2d94 contrib: guix: More robust search paths, add checks (Carl Dong)

Pull request description:

  See commit messages for more details

ACKs for top commit:
  fanquake:
    ACK 0065ead5ebdad9f743d89ee2558c93253a597967

Tree-SHA512: fde04005fb31cd4b75b80da4936a7c394f63f0b3bdcc33c20c99e05604a63efd9c850a8d097030ff0bf4b4e83f1a9997fc4621ce291ebcecd8397893447600a7
2023-02-20 09:09:23 -06:00
Wladimir J. van der Laan
aec7441ac2 Merge #15277: contrib: Enable building in Guix containers
751549b52a9a4cd27389d807ae67f02bbb39cd7f contrib: guix: Additional clarifications re: substitutes (Carl Dong)
cd3e947f50db7cfe05c05b368c25742193729a62 contrib: guix: Various improvements. (Carl Dong)
8dff3e48a9e03299468ed3b342642f01f70da9db contrib: guix: Clarify SOURCE_DATE_EPOCH. (Carl Dong)
3e80ec3ea9691c7c89173de922a113e643fe976b contrib: Add deterministic Guix builds. (Carl Dong)

Pull request description:

  ~~**This post is kept updated as this project progresses. Use this [latest update link](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-497303718) to see what's new.**~~

  Please read the `README.md`.

  -----

  ### Guix Introduction

  This PR enables building bitcoin in Guix containers. [Guix](https://www.gnu.org/software/guix/manual/en/html_node/Features.html) is a transactional package manager much like Nix, but unlike Nix, it has more of a focus on [bootstrappability](https://www.gnu.org/software/guix/manual/en/html_node/Bootstrapping.html) and [reproducibility](https://www.gnu.org/software/guix/blog/tags/reproducible-builds/) which are attractive for security-sensitive projects like bitcoin.

  ### Guix Build Walkthrough

  Please read the `README.md`.

  [Old instructions no. 4](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-497303718)

  [Old instructions no. 3](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-493827011)

  [Old instructions no. 2](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-471658439)

  <details>
  <summary>Old instructions no. 1</summary>
  In this PR, we define a Guix [manifest](https://www.gnu.org/software/guix/manual/en/html_node/Invoking-guix-package.html#profile_002dmanifest) in `contrib/guix/manifest.scm`, which declares what packages we want in our environment.

  We can then invoke
  ```
  guix environment --manifest=contrib/guix/manifest.scm --container --pure --no-grafts --no-substitutes
  ```
  To have Guix:
  1. Build an environment containing the packages we defined in our `contrib/guix/manifest.scm` manifest from the Guix bootstrap binaries (see [bootstrappability](https://www.gnu.org/software/guix/manual/en/html_node/Bootstrapping.html) for more details).
  2. Start a container with that environment that has no network access, and no access to the host's filesystem except to the `pwd` that it was started in.
  3. Drop you into a shell in that container.

  > Note: if you don't want to wait hours for Guix to build the entire world from scratch, you can eliminate the `--no-substitutes` option to have Guix download from available binary sources. Note that this convenience doesn't necessarily compromise your security, as you can check that a package was built correctly after the fact using `guix build --check <packagename>`

  Therefore, we can perform a build of bitcoin much like in Gitian by invoking the following:

  ```
  make -C depends -j"$(nproc)" download && \
      cat contrib/guix/build.sh | guix environment --manifest=contrib/guix/manifest.scm --container --pure --no-grafts --no-substitutes
  ```

  We don't include `make -C depends -j"$(nproc)" download` inside `contrib/guix/build.sh` because `contrib/guix/build.sh` is run inside the container, which has no network access (which is a good thing).
  </details>

  ### Rationale

  I believe that this represents a substantial improvement for the "supply chain security" of bitcoin because:

  1. We no longer have to rely on Ubuntu for our build environment for our releases ([oh the horror](72bd4ab867/contrib/gitian-descriptors/gitian-linux.yml (L10))), because Guix builds everything about the container, we can perform this on almost any Linux distro/system.
  2. It is now much easier to determine what trusted binaries are in our supply chain, and even make a nice visualization! (see [bootstrappability](https://www.gnu.org/software/guix/manual/en/html_node/Bootstrapping.html)).
  3. There is active effort among Guix folks to minimize the number of trusted binaries even further. OriansJ's [stage0](https://github.com/oriansj/stage0), and janneke's [Mes](https://www.gnu.org/software/mes/) all aim to achieve [reduced binary boostrap](http://joyofsource.com/reduced-binary-seed-bootstrap.html) for Guix. In fact, I believe if OriansJ gets his way, we will end up some day with only a single trusted binary: hex0 (a ~500 byte self-hosting hex assembler).

  ### Steps to Completion

  - [x] Successfully build bitcoin inside the Guix environment
  - [x] Make `check-symbols` pass
  - [x] Do the above but without nasty hacks
  - [x] Solve some of the more innocuous hacks
  - [ ] Make it cross-compile (HELP WANTED HERE)
    - [x] Linux
      - [x] x86_64-linux-gnu
      - [x] i686-linux-gnu
      - [x] aarch64-linux-gnu
      - [x] arm-linux-gnueabihf
      - [x] riscv64-linux-gnu
    - [ ] OS X
      - [ ] x86_64-apple-darwin14
    - [ ] Windows
      - [ ] x86_64-w64-mingw32
  - [ ] Maybe make importer for depends syntax
  - [ ] Document build process for future releases
  - [ ] Extra: Pin the revision of Guix that we build with with Guix [inferiors](https://www.gnu.org/software/guix/manual/en/html_node/Inferiors.html)

  ### Help Wanted

  [Old content no. 3](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-483318210)

  [Old content no. 2](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-471658439)

  <details>
  <summary>Old content no. 1</summary>
  As of now, the command described above to perform a build of bitcoin a lot like Gitian works, but fails at the `check-symbols` stage. This is because a few dynamic libraries are linked in that shouldn't be.

  Here's what `ldd src/bitcoind` looks like when built in a Guix container:
  ```
  	linux-vdso.so.1 (0x00007ffcc2d90000)
  	libdl.so.2 => /gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/libdl.so.2 (0x00007fb7eda09000)
  	librt.so.1 => /gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/librt.so.1 (0x00007fb7ed9ff000)
  	libstdc++.so.6 => /gnu/store/4sqps8dczv3g7rwbdibfz6rf5jlk7w90-gcc-5.5.0-lib/lib/libstdc++.so.6 (0x00007fb7ed87c000)
  	libpthread.so.0 => /gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/libpthread.so.0 (0x00007fb7ed85b000)
  	libm.so.6 => /gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/libm.so.6 (0x00007fb7ed6da000)
  	libgcc_s.so.1 => /gnu/store/4sqps8dczv3g7rwbdibfz6rf5jlk7w90-gcc-5.5.0-lib/lib/libgcc_s.so.1 (0x00007fb7ed6bf000)
  	libc.so.6 => /gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/libc.so.6 (0x00007fb7ed506000)
  	/gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007fb7ee3a0000)
  ```

  And here's what it looks in one of our releases:
  ```
  	linux-vdso.so.1 (0x00007ffff52cd000)
  	libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007f87726b4000)
  	librt.so.1 => /usr/lib/librt.so.1 (0x00007f87726aa000)
  	libm.so.6 => /usr/lib/libm.so.6 (0x00007f8772525000)
  	libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x00007f877250b000)
  	libc.so.6 => /usr/lib/libc.so.6 (0x00007f8772347000)
  	/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007f8773392000)
  ```

  ~~I suspect it is because my script does not apply the gitian-input patches [described in the release process](https://github.com/bitcoin/bitcoin/blob/master/doc/release-process.md#fetch-and-create-inputs-first-time-or-when-dependency-versions-change) but there is no description as to how these patches are applied.~~ It might also be something else entirely.

  Edit: It is something else. It appears that the gitian inputs are only used by [`gitian-win-signer.yml`](d6e700e40f/contrib/gitian-descriptors/gitian-win-signer.yml (L14))
  </details>

  ### How to Help

  1. Install Guix on your distro either [from source](https://www.gnu.org/software/guix/manual/en/html_node/Requirements.html) or perform a [binary installation](https://www.gnu.org/software/guix/manual/en/html_node/Binary-Installation.html#Binary-Installation)
  2. Try out my branch and the command described above!

ACKs for top commit:
  MarcoFalke:
    Thanks for the replies. ACK 751549b52a9a4cd27389d807ae67f02bbb39cd7f
  laanwj:
    ACK 751549b52a9a4cd27389d807ae67f02bbb39cd7f

Tree-SHA512: 50e6ab58c6bda9a67125b6271daf7eff0ca57d0efa8941ed3cd951e5bf78b31552fc5e537b1e1bcf2d3cc918c63adf19d685aa117a0f851024dc67e697890a8d
2023-02-20 09:09:23 -06:00
Kittywhiskers Van Gogh
f42288c984 partial bitcoin#19077: Add sqlite as an alternative wallet database and use it for new descriptor wallets 2023-02-07 10:53:33 -06:00
MarcoFalke
405ab79e29
Merge #18879: valgrind: remove outdated suppressions
d7120f7f78cda5ed1ab91f83e9b546de68dbee47 valgrind : remove duplicate BCLog::Logger suppression (fanquake)
708e3c7e85a666d5b8da8638a819c0f3973fcca4 valgrind: remove rest_blockhash_by_height suppression (fanquake)

Pull request description:

  708e3c7e85: `Suppress rest_blockhash_by_height` should no longer be needed after #18785.

  d7120f7f78 : Removes a duplicate `Suppress BCLog::Logger::StartLogging()` suppression that was added in #17770.

ACKs for top commit:
  MarcoFalke:
    ACK d7120f7f78cda5ed1ab91f83e9b546de68dbee47
  practicalswift:
    ACK d7120f7f78cda5ed1ab91f83e9b546de68dbee47 -- patch looks correct and valgrind Travis job is happy

Tree-SHA512: 45f5b9fa64bf83cada3cd9ad33c245f660376d5b29f51a2531d83133940090df945f5ef26c5847d6ec024ffab9528d55573c5cf9ca5e73795f9abfc971b3d29b
2023-01-23 12:22:30 -06:00
MarcoFalke
a8820d894f Merge #19474: doc: Use precise permission flags where possible
fab558612278909df93bdf88f5727b04f13aef0f doc: Use precise permission flags where possible (MarcoFalke)

Pull request description:

  Instead of mentioning the all-encompassing `-whitelist*` settings, change the docs to mention the exact permission flag that will influence the behaviour.

  This is needed because in the future, the too-broad `-whitelist*` settings (they either include *all* permission flags or apply to *all* peers) might be deprecated to require the permission flags to be enumerated.

  Alternatively, in the future there could be an RPC to set the net permission flags on an existing connection, in which case the `-whitelist*` terminology is of no help.

ACKs for top commit:
  jnewbery:
    reACK fab558612278909df93bdf88f5727b04f13aef0f
  fjahr:
    Code review ACK fab558612278909df93bdf88f5727b04f13aef0f
  jonatack:
    ACK fab558612278909df93bdf88f5727b04f13aef0f

Tree-SHA512: c7dea3e577d90103bb2b0ffab7b7c8640b388932a3a880f69e2b70747fc9213dc1f437085671fd54c902ec2a578458b8a2fae6dbe076642fb88efbf9fa9e679c
2023-01-19 23:37:39 -06:00
Kittywhiskers Van Gogh
07bd5977e5 partial bitcoin#23511: require glibc 2.18+ 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
d37f30ce46 merge bitcoin#20476: Add test for ELF symbol-check 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
f62fd6f51f merge bitcoin#22244: Correctly extract symbol versions in symbol-check 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
29c885c9f7 merge bitcoin#20434: Parse ELF directly for symbol and security checks 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
ef69317b59 merge bitcoin#19525: add -Wl,-z,separate-code to hardening flags 2023-01-18 19:02:39 -06:00
UdjinM6
828fac4c14 chore: add missing copyrights via copyright_header.py insert 2023-01-13 00:49:04 +03:00
UdjinM6
498e8c5017 chore: run copyright_header.py update 2023-01-13 00:49:04 +03:00
UdjinM6
a86b891d20 chore: update copyright_header.py 2023-01-13 00:49:04 +03:00
Kittywhiskers Van Gogh
816edc4e4f build: add exclusions to linting scripts and filters 2022-12-01 00:51:08 +05:30
Kittywhiskers Van Gogh
305abe91f9
build/depends: commit dashpay/bls-signatures@66ee820f to source tree as vendored (#5077)
* Squashed 'src/dashbls/' content from commit 66ee820fbc

git-subtree-dir: src/dashbls
git-subtree-split: 66ee820fbc9e3b97370db8c164904af48327a124

* build: stop tracking build-system generated relic_conf.h.in

* build: add support for building bls-signatures from local subtree

* build: add exclusions to linting scripts and filters

* build: drop bls-signatures (bls-dash) from depends
2022-11-22 11:34:46 -06:00
PastaPastaPasta
ad88fab80d
test/refactor: upgrade to cppcheck 2.9 and fix warnings (#5049)
* refactor: resolve warnings thrown by cppcheck 2.9

* test: upgrade cppcheck to version 2.9
2022-10-18 13:24:00 +03:00
Wladimir J. van der Laan
8c6fb5622d Merge #17823: scripts: Read suspicious hosts from a file instead of hardcoding
e1c582cbaa4c094d204da34c3b1fdd0d4c557519 contrib: makeseeds: Read suspicious hosts from a file instead of hardcoding (Sanjay K)

Pull request description:

  referring to: https://github.com/bitcoin/bitcoin/issues/17020
  good first issue: reading SUSPICIOUS_HOSTS from a file.
  I haven't changed the base hosts that were included in the original source, just made it readable from a file.

ACKs for top commit:
  practicalswift:
    ACK e1c582cbaa4c094d204da34c3b1fdd0d4c557519 -- diff looks correct

Tree-SHA512: 18684abc1c02cf52d63f6f6ecd98df01a9574a7c470524c37e152296504e2e3ffbabd6f3208214b62031512aeb809a6d37446af82c9f480ff14ce4c42c98e7c2
2022-10-17 15:41:14 -05:00
UdjinM6
815cd1d906 more of 17863/21376 2022-10-03 16:08:31 -04:00
MarcoFalke
2f33d861e7 Merge #17770: test: bump test timeouts so that functional tests run in valgrind
2d23082cbe4641175d752a5969f67cdadf1afcea bump test timeouts so that functional tests run in valgrind (Micky Yun Chan)

Pull request description:

  ci/tests: Bump timeouts so all functional tests run on travis in valgrind #17763

Top commit has no ACKs.

Tree-SHA512: 5a8c6e2ea02b715facfcb58c761577be15ae58c45a61654beb98c2c2653361196c2eec521bcae4a9a1bab8e409d6807de771ef4c46d3d05996ae47a22d499d54
2022-10-03 16:08:31 -04:00
Wladimir J. van der Laan
7fb31bc434 Merge #17863: scripts: Add MACHO dylib checks to symbol-check.py
c491368d8cfddf3a5b6d574f10ed67492fcecbed scripts: add MACHO dylib checking to symbol-check.py (fanquake)
76bf97213f4b153dd3ccf1314088a73c4804601d scripts: fix check-symbols & check-security argument passing (fanquake)

Pull request description:

  Based on #17857.

  This adds dynamic library checks for MACHO executables to symbol-check.py. The script has been modified to function more like `security-check.py`. The error output is now also slightly different. i.e:
  ```bash
  # Linux x86
  bitcoin-cli: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4
  bitcoin-cli: export of symbol vtable for std::basic_ios<char, std::char_traits<char> > not allowed
  bitcoin-cli: NEEDED library libstdc++.so.6 is not allowed
  bitcoin-cli: failed IMPORTED_SYMBOLS EXPORTED_SYMBOLS LIBRARY_DEPENDENCIES

  # RISCV (skips exported symbols checks)
  bitcoin-tx: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4
  bitcoin-tx: NEEDED library libstdc++.so.6 is not allowed
  bitcoin-tx: failed IMPORTED_SYMBOLS LIBRARY_DEPENDENCIES

  # macOS
  Checking macOS dynamic libraries...
  libboost_filesystem.dylib is not in ALLOWED_LIBRARIES!
  bitcoind: failed DYNAMIC_LIBRARIES
  ```

  Compared to `v0.19.0.1` the macOS allowed dylibs has been slimmed down somewhat:
  ```diff
   src/qt/bitcoin-qt:
   /usr/lib/libSystem.B.dylib
  -/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
   /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
   /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
   /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
   /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
   /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
   /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
  -/System/Library/Frameworks/Security.framework/Versions/A/Security
  -/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
   /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
  -/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
  -/System/Library/Frameworks/AGL.framework/Versions/A/AGL
   /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
   /usr/lib/libc++.1.dylib
  -/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
   /System/Library/Frameworks/CoreText.framework/Versions/A/CoreText
   /System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO
   /usr/lib/libobjc.A.dylib
  ```

ACKs for top commit:
  laanwj:
    ACK c491368d8cfddf3a5b6d574f10ed67492fcecbed

Tree-SHA512: f8624e4964e80b3e0d34e8d3cc33f3107938f3ef7a01c07828f09b902b5ea31a53c50f9be03576e1896ed832cf2c399e03a7943a4f537a1e1c705f3804aed979
2022-10-03 16:08:31 -04:00
MarcoFalke
2353920662
Merge #16878: Fix non-deterministic coverage of test DoS_mapOrphans
4455949d6f0218b40d33d7fe6de6555f8f62192f Make test DoS_mapOrphans deterministic (David Reikher)

Pull request description:

  This pull request proposes a solution to make the test `DoS_mapOrphans` in denialofservice_tests.cpp have deterministic coverage.

  The `RandomOrphan` function in denialofservice_tests.cpp and the implicitly called function `ecdsa_signature_parse_der_lax` in pubkey.cpp were causing the non-deterministic test coverage.

  In the former, if a random orphan was selected the index of which is bigger than the max. orphan index in `mapOrphanTransactions`, the last orphan was returned from `RandomOrphan`. If the random number generated was never large enough, this condition would not be fulfilled and the corresponding branch wouldn't run. The proposed solution is to force one of the 50 dependant orphans to depend on the last orphan in `mapOrphanTransactions` using the newly introduced function `OrphanByIndex` (and passing it a large uint256), forcing this branch to run at least once.

  In the latter, if values for ECDSA `R` or `S` (or both) had no leading zeros, some code would not be executed. The solution was to find a constant signature that would be comprised of `R` and `S` values with leading zeros and calling `CPubKey::Verify` at the end of the test with this signature forcing this code to always run at least once at the end even if it hadn't throughout the test.

  To test that the coverage is (at least highly likely) deterministic, I ran

  `contrib/devtools/test_deterministic_coverage.sh denialofservice_tests/DoS_mapOrphans 1000`

  and the result was deterministic coverage across 1000 runs.

  Also - removed denialofservice_tests test entry from the list of non-deterministic tests in the coverage script.

ACKs for top commit:
  MarcoFalke:
    ACK 4455949d6f0218b40d33d7fe6de6555f8f62192f

Tree-SHA512: 987eb1f94b80d5bec4d4944e91ef43b9b8603055750362d4b4665b7f011be27045808aa9f4c6ccf8ae009b61405f9a1b8671d65a843c3328e5b8acce1f1c00a6
2022-09-03 10:43:14 -05:00
UdjinM6
ea957a73a0
Merge pull request #4845 from Munkybooty/backports-0.20-pr3
Backports 0.20 pr3
2022-08-29 12:41:20 +03:00
MarcoFalke
2b035a75f2 Merge #17455: tests: Update valgrind suppressions
d604b4cc8c112a38976c4662cbdc3217a0e5b370 tests: Update valgrind suppressions (practicalswift)

Pull request description:

  Update `valgrind` suppressions.

  To test this PR:

  ```
  $ valgrind --suppressions=contrib/valgrind.supp src/test/test_bitcoin
  $ valgrind --suppressions=contrib/valgrind.supp src/bench/bench_bitcoin -evals=1 \
        -scaling=0.0
  ```

Top commit has no ACKs.

Tree-SHA512: 79cb318b5b9171e74d0bd0b89cc688ad4531b134182b06c2942c46058c19b45723c391b781e8ccd157a14fbf6a14588764c7728c5506c73ae237dde9f44db2f6
2022-08-24 14:29:45 -04:00
Kittywhiskers Van Gogh
6699b0228f
docker: fix gitian support, optimize container layer count and improve script consistency (#4983)
* contrib: set the working directory to /src/dash to allow for cloning gitian dependencies

* contrib: place the home directory inside /home instead of root

* contrib: add notes about sharing ccache across the network

* contrib: chown based on the (u/g)id env vars instead of the associated username

* contrib: reduce layer count by reducing run invocations

* contrib: develop container cleanup and maintenance

- add apt-cacher-ng, gpg, lsb-release, screen as a package dependencies
- reorder packages in alphabetical order
- correct documentation
- create and add user to the docker group to satisfy Gitian's needs
- reduce the number of RUN calls to reduce layer count
2022-08-22 22:42:36 +03:00
UdjinM6
8a9d0c5fe8
Merge pull request #4978 from UdjinM6/bp_macos_sig
backport: macos code signing
2022-08-17 19:19:02 +03:00
UdjinM6
00335a0282
bump signapple to the latest commit used in bitcoin atm
see 7a0b129c41/contrib/guix/manifest.scm (L502)
2022-08-17 18:35:47 +03:00
fanquake
6b615cfc67
Partial merge bitcoin/bitcoin#22190: Use latest signapple commit
683d197970a533690ca1bd4d06d021900e87cb8b Use latest signapple commit (Andrew Chow)

Pull request description:

  Update gitian and guix to use the same latest signapple commit.

  Also changed guix to use the actual repo. The changes from the fork were incorporated upstream.

ACKs for top commit:
  fanquake:
    ACK 683d197970a533690ca1bd4d06d021900e87cb8b - sanity checked that the updated package is built:

Tree-SHA512: a4981f8bbe33e6c5654632bc9b9f6f2f1e675741a19ac7296205e370f1e64a747101ecb632e0cc82a0134e4c2e9ce47b3f7b4d8c8f75f0f06dd069c078303759
2022-08-17 18:30:46 +03:00
Wladimir J. van der Laan
c57de2596a
Merge #20880: gitian: Use custom MacOS code signing tool
2c403279e2f0f7c8c27c56d4e7b0573c59571f0a gitian: Remove codesign_allocate and pagestuff from MacOS build (Andrew Chow)
f55eed251488d70d5e2e3a2965a4f8ec0c476853 gitian: use signapple to create the MacOS code signature (Andrew Chow)
95b06d21852b28712db6c710e420a58bdc1a0944 gitian: use signapple to apply the MacOS code signature (Andrew Chow)
42bb1ea363286b088257cabccb686ef1887c1d3b gitian: install signapple in gitian-osx-signer.yml (Andrew Chow)

Pull request description:

  The MacOS code signing issues that were encountered during the 0.21.0 release cycle have shown that it is necessary for us to use a code signing tool for which the source code is available and modifiable by us. Given that there appears to not be such a tool available, I have written such a tool, [signapple](https://github.com/achow101/signapple), that we can use. This tool is able to create a valid MacOS code signature, detach it in a way that we were doing previously, and attach it to the unsigned binary. This tool can also verify that the signature is correct.

  This PR implements the usage of that tool in the gitian build for the code signed MacOS binary. The code signer will use this tool to create the detached signature. Gitian builders will use this tool to apply the detached signature. The `gitian-osx-signer.yml` descriptor has been modified to install this tool so that the `detached-sig-apply.sh` script can use it. Additionally, the `codesign_allocate` and `pagestuff` tools are no longer necessary so they are no longer added to the tarball used in code signing. Lastly, both the `detached-sig-create.sh` and `detached-sig-apply.sh` scripts are made to be significantly less complex and to not do unexpected things such as unpacking an already unpacked tarball.

  The detached code signature that signapple creates is almost identical to that which we were previously creating. The only difference is that the cpu architecture name is included in the extension (e.g. we have `bitcoin-qt.x86_64sign` instead of `bitcoin-qt.sign`). This was done in order to support signing universal binaries which we may want to do in the future. However signapple can still apply existing code signatures as it will accept the `.sign` extension. If it is desired, it can be modified to produce signatures with just the `.sign` extension. However I do not think it is necessary to maintain compatibility with the old process.

ACKs for top commit:
  laanwj:
    Code review ACK 2c403279e2f0f7c8c27c56d4e7b0573c59571f0a

Tree-SHA512: 2a0e01e9133f8859b9de26e7e8fe1d2610d2cbdee2845e6008b12c083c7e3622cbb2d9b83c50a269e2c3074ab95914a8225d3cd4108017f58b77a62bf10951e0
2022-08-17 18:30:05 +03:00
UdjinM6
fc01d76fa9
fix(gitian): Fetch tags while cloning the repo via gbuild (#4976)
Should fix version numbers for releases/candidates
2022-08-17 17:37:07 +03:00
PastaPastaPasta
f83d857e36
Merge pull request #4478 from kittywhiskers/undashify
revert #3036, #2911, #1879, #1432: revert dashification of filenames
2022-08-11 12:34:55 -04:00
PastaPastaPasta
afbc817220
refactor/chore: update cppcheck to 2.8 with needed refactoring (#4926)
* refactor/chore: update cppcheck to 2.8 with needed refactoring

* use probably invalid index for default

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>

* trivial: rename skContributions -> m_sk_contributions and skContributions2 -> skContributions

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-08-11 02:05:44 +03:00
Konstantin Akimov
137c4fc84c
Update hard coded seeds for v18.0.0-rc12 (#4953)
Mainnet: 1716101
    Testnet: 774784
2022-08-11 01:57:13 +03:00
Kittywhiskers Van Gogh
c587212f8c partial revert dash#2911: s/dash-config/bitcoin-config/g 2022-08-09 14:16:28 +05:30
PastaPastaPasta
6c0a63360f
Merge pull request #4882 from kittywhiskers/xliff_update
backport: bitcoin#21694 (Use XLIFF file to provide more context to Transifex)
2022-07-13 08:27:34 -04:00
PastaPastaPasta
d89de3a2fa
Merge pull request #4866 from Munkybooty/backports-0.20-pr4
Backports 0.20 pr4
2022-06-30 10:08:59 -05:00
Wladimir J. van der Laan
33c473a8e3
Merge #18796: scripts: security-check.py refactors
eacedfb0230978748cbcfb13817fed7e7c756ba7 scripts: add additional type annotations to security-check.py (fanquake)
83d063e9541cc9ea41ea86919eb9435c73efb14e scripts: add run_command to security-check.py (fanquake)
13f606b4f940e5820ff21ea62fc27a5a91774b05 scripts: remove NONFATAL from security-check.py (fanquake)
061acf62a15ad3dbb9f055b7c2569b9832ed623a scripts: no-longer check for 32 bit windows in security-check.py (fanquake)

Pull request description:

  * Remove 32-bit Windows checks.
  * Remove NONFATAL checking. Added in #8249, however unused since #13764.
  * Add `run_command` to de-duplicate all of the subprocess calls. Mentioned in #18713.
  * Add additional type annotations.
  * Print stderr when there is an issue running a command.

ACKs for top commit:
  laanwj:
    ACK eacedfb0230978748cbcfb13817fed7e7c756ba7

Tree-SHA512: 69a7ccfdf346ee202b3e8f940634c5daed1d2b5a5d15ac9800252866ba3284ec66e391a66a0b341f5a4e5e8482fe1b614d4671e8e766112ff059405081184a85
2022-06-18 22:14:03 -07:00
fanquake
f7a94b58d4
Merge #18629: scripts: add PE .reloc section check to security-check.py
3e38023af724a76972d39cbccfb0bba4c54a0323 scripts: add PE .reloc section check to security-check.py (fanquake)

Pull request description:

  The `ld` in binutils has historically had a few issues with PE binaries, there's a good summary in this [thread](https://sourceware.org/bugzilla/show_bug.cgi?id=19011).

  One issue in particular was `ld` stripping the `.reloc` section out of PE binaries, even though it's required for functioning ASLR. This was [reported by a Tor developer in 2014](https://sourceware.org/bugzilla/show_bug.cgi?id=17321) and they have been patching their [own binutils](https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/binutils) ever since. However their patch only made it into binutils at the [start of this year](https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=dc9bd8c92af67947db44b3cb428c050259b15cd0). It adds an `--enable-reloc-section` flag, which is turned on by default if you are using `--dynamic-base`. In the mean time this issue has also been worked around by other projects, such as FFmpeg, see [this commit](91b668acd6).

  I have checked our recent supported Windows release binaries, and they do contain a `.reloc` section. From what I understand, we are using all the right compile/linker flags, including `-pie` & `-fPIE`, and have never run into the crashing/entrypoint issues that other projects might have seen.

  One other thing worth noting here, it how Debian/Ubuntu patch the binutils that they distribute, because that's what we end up using in our gitian builds.

  In the binutils-mingw-w64 in Bionic (18.04), which we currently use in gitian, PE hardening options/security flags are enabled by default. See the [changelog](https://changelogs.ubuntu.com/changelogs/pool/universe/b/binutils-mingw-w64/binutils-mingw-w64_8ubuntu1/changelog) and the [relevant commit](452b3013b8).

  However in Focal (20.04), this has now been reversed. PE hardening options are no-longer the default. See the [changelog](https://changelogs.ubuntu.com/changelogs/pool/universe/b/binutils-mingw-w64/binutils-mingw-w64_8.8/changelog) and [relevant commit](7bd8b2fbc2), which cites same .reloc issue mentioned here.

  Given that we explicitly specify/opt-in to everything that we want to use, the defaults aren't necessarily an issue for us. However I think it highlights the importance of continuing to be explicit about what we want, and not falling-back or relying on upstream.

  This was also prompted by the possibility of us doing link time garbage collection, see #18579 & #18605. It seemed some sanity checks would be worthwhile in-case the linker goes haywire while garbage collecting.

  I think Guix is going to bring great benefits when dealing with these kinds of issues. Carl you might have something to say in that regard.

ACKs for top commit:
  dongcarl:
    ACK 3e38023af724a76972d39cbccfb0bba4c54a0323

Tree-SHA512: af14d63bdb334bde548dd7de3e0946556b7e2598d817b56eb4e75b3f56c705c26aa85dd9783134c4b6a7aeb7cb4de567eed996e94d533d31511f57ed332287da
2022-06-18 22:14:03 -07:00
fanquake
bd7b5a3ad4
Merge #18713: scripts: Add MACHO stack canary check to security-check.py
8334ee31f868f0f9baf0920d14d20174ed889dbe scripts: add MACHO LAZY_BINDINGS test to test-security-check.py (fanquake)
7b99c7454cdb74cd9cd7a5eedc2fb9d0a19df456 scripts: add MACHO Canary check to security-check.py (fanquake)

Pull request description:

  7b99c7454cdb74cd9cd7a5eedc2fb9d0a19df456 uses `otool -Iv` to check for `___stack_chk_fail` in the macOS binaries. Similar to the [ELF check](https://github.com/bitcoin/bitcoin/blob/master/contrib/devtools/security-check.py#L105). Note that looking for a triple underscore prefixed function (as opposed to two for ELF) is correct for the macOS binaries. i.e:
  ```bash
  otool -Iv bitcoind | grep chk
  0x00000001006715b8   509 ___memcpy_chk
  0x00000001006715be   510 ___snprintf_chk
  0x00000001006715c4   511 ___sprintf_chk
  0x00000001006715ca   512 ___stack_chk_fail
  0x00000001006715d6   517 ___vsnprintf_chk
  0x0000000100787898   513 ___stack_chk_guard
  ```

  8334ee31f868f0f9baf0920d14d20174ed889dbe is a follow up to #18295 and adds test cases to `test-security-check.py` that for some reason I didn't add at the time. I'll sort out #18434 so that we can run these tests in the CI.

ACKs for top commit:
  practicalswift:
    ACK 8334ee31f868f0f9baf0920d14d20174ed889dbe: Mitigations are important. Important things are worth asserting :)
  jonasschnelli:
    utACK 8334ee31f868f0f9baf0920d14d20174ed889dbe.

Tree-SHA512: 1aa5ded34bbd187eddb112b27278deb328bfc21ac82316b20fab6ad894f223b239a76b53dab0ac1770d194c1760fcc40d4da91ec09959ba4fc8eadedb173936a
2022-06-18 22:14:03 -07:00
fanquake
67ceda1b5a
Merge #18295: scripts: add MACHO lazy bindings check to security-check.py
5ca90f8b598978437340bb8467f527b9edfb2bbf scripts: add MACHO lazy bindings check to security-check.py (fanquake)

Pull request description:

  This is a slightly belated follow up to #17686 and some discussion with Cory. It's not entirely clear if we should make this change due to the way the macOS dynamic loader appears to work. However I'm opening this for some discussion. Also related to #17768.

  #### Issue:
  [`LD64`](https://opensource.apple.com/source/ld64/) doesn't set the [MH_BINDATLOAD](https://opensource.apple.com/source/xnu/xnu-6153.11.26/EXTERNAL_HEADERS/mach-o/loader.h.auto.html) bit in the header of MACHO executables, when building with `-bind_at_load`. This is in contradiction to the [documentation](https://opensource.apple.com/source/ld64/ld64-450.3/doc/man/man1/ld.1.auto.html):
  ```bash
  -bind_at_load
       Sets a bit in the mach header of the resulting binary which tells dyld to
       bind all symbols when the binary is loaded, rather than lazily.
  ```

  The [`ld` in Apples cctools](https://opensource.apple.com/source/cctools/cctools-927.0.2/ld/layout.c.auto.html) does set the bit, however the [cctools-port](https://github.com/tpoechtrager/cctools-port/) that we use for release builds, bundles `LD64`.

  However; even if the linker hasn't set that bit, the dynamic loader ([`dyld`](https://opensource.apple.com/source/dyld/)) doesn't seem to ever check for it, and from what I understand, it looks at a different part of the header when determining whether to lazily load symbols.

  Note that our release binaries are currently working as expected, and no lazy loading occurs.

  #### Example:

  Using a small program, we can observe the behaviour of the dynamic loader.

  Conducted using:
  ```bash
  clang++ --version
  Apple clang version 11.0.0 (clang-1100.0.33.17)
  Target: x86_64-apple-darwin18.7.0

  ld -v
  @(#)PROGRAM:ld  PROJECT:ld64-530
  BUILD 18:57:17 Dec 13 2019
  LTO support using: LLVM version 11.0.0, (clang-1100.0.33.17) (static support for 23, runtime is 23)
  TAPI support using: Apple TAPI version 11.0.0 (tapi-1100.0.11)
  ```

  ```cpp
  #include <iostream>
  int main() {
  	std::cout << "Hello World!\n";
  	return 0;
  }
  ```

  Compile and check the MACHO header:
  ```bash
  clang++ test.cpp -o test
  otool -vh test
  ...
  Mach header
        magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
  MH_MAGIC_64  X86_64        ALL LIB64     EXECUTE    16       1424   NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE

  # Run and dump dynamic loader bindings:
  DYLD_PRINT_BINDINGS=1 DYLD_PRINT_TO_FILE=no_bind.txt ./test
  Hello World!
  ```

  Recompile with `-bind_at_load`. Note still no `BINDATLOAD` flag:
  ```bash
  clang++ test.cpp -o test -Wl,-bind_at_load
  otool -vh test
  Mach header
        magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
  MH_MAGIC_64  X86_64        ALL LIB64     EXECUTE    16       1424   NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE
  ...
  DYLD_PRINT_BINDINGS=1 DYLD_PRINT_TO_FILE=bind.txt ./test
  Hello World!
  ```

  If we diff the outputs, you can see that `dyld` doesn't perform any lazy bindings when the binary is compiled with `-bind_at_load`, even if the `BINDATLOAD` flag is not set:
  ```diff
  @@ -1,11 +1,27 @@
  +dyld: bind: test:0x103EDF030 = libc++.1.dylib:__ZNKSt3__16locale9use_facetERNS0_2idE, *0x103EDF030 = 0x7FFF70C9FA58
  +dyld: bind: test:0x103EDF038 = libc++.1.dylib:__ZNKSt3__18ios_base6getlocEv, *0x103EDF038 = 0x7FFF70CA12C2
  +dyld: bind: test:0x103EDF068 = libc++.1.dylib:__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryC1ERS3_, *0x103EDF068 = 0x7FFF70CA12B6
  +dyld: bind: test:0x103EDF070 = libc++.1.dylib:__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryD1Ev, *0x103EDF070 = 0x7FFF70CA1528
  +dyld: bind: test:0x103EDF080 = libc++.1.dylib:__ZNSt3__16localeD1Ev, *0x103EDF080 = 0x7FFF70C9FAE6
  <trim>
  -dyld: lazy bind: test:0x10D4AC0C8 = libsystem_platform.dylib:_strlen, *0x10D4AC0C8 = 0x7FFF73C5C6E0
  -dyld: lazy bind: test:0x10D4AC068 = libc++.1.dylib:__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryC1ERS3_, *0x10D4AC068 = 0x7FFF70CA12B6
  -dyld: lazy bind: test:0x10D4AC038 = libc++.1.dylib:__ZNKSt3__18ios_base6getlocEv, *0x10D4AC038 = 0x7FFF70CA12C2
  -dyld: lazy bind: test:0x10D4AC030 = libc++.1.dylib:__ZNKSt3__16locale9use_facetERNS0_2idE, *0x10D4AC030 = 0x7FFF70C9FA58
  -dyld: lazy bind: test:0x10D4AC080 = libc++.1.dylib:__ZNSt3__16localeD1Ev, *0x10D4AC080 = 0x7FFF70C9FAE6
  -dyld: lazy bind: test:0x10D4AC070 = libc++.1.dylib:__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryD1Ev, *0x10D4AC070 = 0x7FFF70CA1528
  ```

  Note: `dyld` also has a `DYLD_BIND_AT_LAUNCH=1` environment variable, that when set, will force any lazy bindings to be non-lazy:
  ```bash
  dyld: forced lazy bind: test:0x10BEC8068 = libc++.1.dylib:__ZNSt3__113basic_ostream
  ```

  #### Thoughts:
  After looking at the dyld source, I can't find any checks for `MH_BINDATLOAD`. You can see the flags it does check for, such as MH_PIE or MH_BIND_TO_WEAK [here](https://opensource.apple.com/source/dyld/dyld-732.8/src/ImageLoaderMachO.cpp.auto.html).

  It seems that the lazy binding of any symbols depends on whether or not [lazy_bind_size](https://opensource.apple.com/source/xnu/xnu-6153.11.26/EXTERNAL_HEADERS/mach-o/loader.h.auto.html) from the `LC_DYLD_INFO_ONLY` load command is > 0. Which was mentioned in [#17686](https://github.com/bitcoin/bitcoin/pull/17686#issue-350216254).

  #### Changes:
  This PR is one of [Corys commits](7b6ba26178), that I've rebased and modified to make build. I've also included an addition to the `security-check.py` script to check for the flag.

  However, given the above, I'm not entirely sure this patch is the correct approach. If the linker no-longer inserts it, and the dynamic loader doesn't look for it, there might be little benefit to setting it. Or, maybe this is an oversight from Apple and needs some upstream discussion. Looking for some thoughts / Concept ACK/NACK.

  One alternate approach we could take is to drop the patch and modify security-check.py to look for `lazy_bind_size` == 0 in the `LC_DYLD_INFO_ONLY` load command, using `otool -l`.

ACKs for top commit:
  theuni:
    ACK 5ca90f8b598978437340bb8467f527b9edfb2bbf

Tree-SHA512: 444022ea9d19ed74dd06dc2ab3857a9c23fbc2f6475364e8552d761b712d684b3a7114d144f20de42328d1a99403b48667ba96885121392affb2e05b834b6e1c
2022-06-18 22:14:02 -07:00
Wladimir J. van der Laan
3c4982205c
Merge #18415: scripts: add MACHO tests to test-security-check.py
7142d50ac33e0ad7d24e49e04c1fc7e3e769ed46 scripts: rename test_64bit_PE to test_PE (fanquake)
edaca2dd123cef958699c07ab248cf0ffc71af07 scripts: add MACHO NX check to security-check.py (fanquake)
1a4e9f32efcc5f6a74290446dc58784fd85c7b31 scripts: add MACHO tests to test-security-check.py (fanquake)

Pull request description:

  Adds tests for the MACHO checks in security-check.py:
  ac579ada7e/contrib/devtools/security-check.py (L212-L214)

  I'm planning on following up with more checks in security-check.py, and corresponding tests in test-security-check.py.

  Note that you'll probably have to be on macOS to run them. You can run just this suite with `python3 test-security-check.py TestSecurityChecks.test_MACHO`.

ACKs for top commit:
  laanwj:
    ACK 7142d50ac33e0ad7d24e49e04c1fc7e3e769ed46

Tree-SHA512: ace3ca9f6df5d4fedd5988938fb7dc7563ec7dc587aa275f780b5f51e9b8d7d6f7768e0a1e05ce438510a07b8640aba92c76847b30c2990f46c66b78a0acf960
2022-06-18 22:14:02 -07:00
fanquake
1ff571fc2c Merge #17515: Remove straggling OpenSSL references from doc and build
ea3c7e585c382998212fd7f41114462a8168a734 test: Remove libssl-dev packages from CI scripts (Wladimir J. van der Laan)
7ea55264b9d60325bc7a5c15d78e9063de145970 test: remove lsan suppression for libcrypto (Wladimir J. van der Laan)
2d7066527a456f8e1f4f603fe104b0bd9d864559 build: remove libcrypto as internal dependency in libbitcoinconsensus.pc (Wladimir J. van der Laan)
278751ea11f2cfe68b0c98f504f65586720cb5a4 doc: Remove ssl as a required dependency from build-unix (Wladimir J. van der Laan)

Pull request description:

  Some doc and build cleanups following #17265.

  I intentionally left the libssl-dev install in `gitian-win-signer.yml`, as it's necessary for the ossl signer.

ACKs for top commit:
  MarcoFalke:
    ACK ea3c7e585c382998212fd7f41114462a8168a734 🗯
  jamesob:
    ACK ea3c7e585c
  practicalswift:
    ACK ea3c7e585c382998212fd7f41114462a8168a734 - nice!
  fanquake:
    ACK ea3c7e585c382998212fd7f41114462a8168a734 - thanks.

Tree-SHA512: 67ea35bdd6d6e512d69e6734713534c88cae033a2ed695677ea15c3e3d5ff570374e342775c88e60877fa43a19047853e7b2a433e2c9a4349a5c423726a7457e
2022-06-16 01:34:30 -04:00
Kittywhiskers Van Gogh
32b3c2d98a ci: add text extraction dependency to permit running translation routines 2022-06-11 21:03:04 +05:30
Wladimir J. van der Laan
a25ee06cc1 Merge #17787: scripts: add MACHO PIE check to security-check.py
7c9e821c4e6cb186208ead9c8df616d1f393a49a scripts: add MACHO NOUNDEFS check to security-check.py (fanquake)
4ca92dc6d3f3e487d63286d8871d1829b3d279ff scripts: add MACHO PIE check to security-check.py (fanquake)

Pull request description:

  This uses `otool -vh` to print the mach header and look for the `PIE` flag:
  ```bash
  otool -vh src/bitcoind
  Mach header
        magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
  MH_MAGIC_64  X86_64        ALL LIB64     EXECUTE    24       2544   NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE
  ```

  From [`mach-o/loader.h`](https://opensource.apple.com/source/cctools/cctools-927.0.2/include/mach-o/loader.h.auto.html):
  ```c
  #define	MH_PIE 0x200000			/* When this bit is set, the OS will
  					   load the main executable at a
  					   random address.  Only used in
  					   MH_EXECUTE filetypes. */
  ```

ACKs for top commit:
  laanwj:
    code review ACK 7c9e821c4e6cb186208ead9c8df616d1f393a49a

Tree-SHA512: 5ba2f60440d0e31c70371a355c91ca4f723d80f7287d04e2098bf5b11892cc74216ff8f1454603c4db9675d4f7983614843b992b8dcfca0309aadf2aa7ab2e4b
2022-06-08 12:36:52 +07:00
PastaPastaPasta
d64b7229cd
chore: bump copyrights (#4873)
* chore: bump copyright in configure.ac

* chore: bump copyright via copyright_header.py

ran command `python3 contrib/devtools/copyright_header.py update .`
2022-06-08 02:36:46 +03:00
PastaPastaPasta
875305a901
Merge pull request #4839 from Munkybooty/backports-0.20-pr2
backport: v0.20 pr2
2022-06-01 13:53:54 -05:00
Wladimir J. van der Laan
37ef9bb465 Merge #17282: contrib: remove accounts from bash completion
dd94cc46e4377b14515be24894fd1cb42e233151 contrib: remove accounts from bash completion (fanquake)

Pull request description:

  Also removes `setgenerate`.

ACKs for top commit:
  jonasschnelli:
    utACK dd94cc46e4377b14515be24894fd1cb42e233151

Tree-SHA512: 218aa06841f4a347bb083c7f408c07fe80df7a30f7ce7a1126ec95971a9b66aff7c3c049d269da2c15f629bbde80e8c303bf6562bd5c1a36a6f6fd61ce9133e2
2022-05-31 12:06:32 -04:00
Kittywhiskers Van Gogh
3ba8431900 merge bitcoin#16899: UTXO snapshot creation (dumptxoutset)
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-05-23 10:38:33 +05:30
strophy
ff2f768114
ci: fix docker context (#4816) 2022-04-28 11:35:50 -05:00
MarcoFalke
a3a7a22268
Merge #20223: build: Drop the leading 0 from the version number
8f7b93047581c67f2133cdb8c7845471de66c30f Drop the leading 0 from the version number (Andrew Chow)

Pull request description:

  Removes the leading 0 from the version number. The minor version, which we had been using as the major version, is now the major version. The revision, which we had been using as the minor version, is now the minor version. The revision number is dropped. The build number is promoted to being part of the version number. This also avoids issues where it was accidentally not included in the version number.

  The CLIENT_VERSION remains the same format as previous as previously, as the Major version was 0 so it never actually got included in it.

  The user agent string formatter is updated to follow this new versioning.

  ***

  Honestly I'm just tired of all of the people asking for "1.0" that maybe this'll shut them up. Skip the whole 1.0 thing and go straight to version 22.0!

  Also, this means that the terminology we commonly use lines up with how the variables are named. So major versions are actually bumping the major version number, etc.

ACKs for top commit:
  jnewbery:
    Code review ACK 8f7b930475
  MarcoFalke:
    review ACK 8f7b93047581c67f2133cdb8c7845471de66c30f 🎻

Tree-SHA512: b5c3fae14d4c0a9c0ab3b1db7c949ecc0ac3537646306b13d98dd0efc17c489cdd16d43f0a24aaa28e9c4a92ea360500e05480a335b03f9fb308010cdd93a436
2022-04-28 13:47:53 +03:00
PastaPastaPasta
b421cfacae
perf: enable more multi-threading and caching in linters (#4807)
* perf: enable more multi-threading and caching in linters

20s -> 6s

* ci: add multiprocess to ci dockerfile

* Update test/lint/lint-cppcheck-dash.sh

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-04-27 21:14:40 +03:00
UdjinM6
c6e724bf21 partial bitcoin#22244: Add xkb version to symbol-check 2022-04-26 20:37:20 +05:30
Kittywhiskers Van Gogh
7b69a4cb42 merge bitcoin#21654: Make Qt rcc output always deterministic 2022-04-26 20:36:54 +05:30
Kittywhiskers Van Gogh
b9b9473f55 merge bitcoin#21655: No longer need to set QT_RCC_TEST=1 for determinism 2022-04-26 20:36:54 +05:30
Kittywhiskers Van Gogh
1763f727b5 merge bitcoin#21376: Qt 5.12.10 2022-04-26 00:54:10 +05:30
Kittywhiskers Van Gogh
43152b2b35
merge #17165: Remove BIP70 support (#4023)
* compat: remove bswap_* check on macOS

This was originally added in #9366 to fix the gui build, as
Protobuf would also define these macros. Now that we're no-longer
using Protobuf, remove the additional check.

* build: skip building OpenSSL lib_ssl

* build: remove OpenSSL from Qt build

More info available from:
https://doc.qt.io/qt-5/ssl.html#enabling-and-disabling-ssl-support

* build: remove EVP_MD_CTX_new detection

This was added in #9475 to fix LibreSSL compatibility for
BIP70, so is no longer required.

* build: remove SSL lib detection

* gui: update BIP70 support message

* build: remove BIP70 entries from macOS Info.plist

* gui: remove payment request file handling from OpenURI dialog

* gui: remove BIP70 Support

* build: remove protobuf from depends and contrib
2022-04-25 12:01:47 +03:00
ktechmidas
712f60dd21
Fix: Use github workspace for building image (#4775)
* Fix: Use github workspace for building image

* Fix: Ensure correct dir for docker-entrypoint.sh
2022-04-19 09:11:04 +03:00
UdjinM6
89f606a927
trivial: add some missing dashifications (#4772) 2022-04-19 09:09:42 +03:00
pasta
728699d2cc chore: bump version in gitian-descriptors and README.md 2022-04-16 07:59:23 -06:00
UdjinM6
903291788c
Merge pull request #4735 from kittywhiskers/translation
merge bitcoin#16244...18699: translation backports
2022-04-07 13:18:29 +03:00
UdjinM6
eb42d8eee4
Merge pull request #4749 from PastaPastaPasta/develop-trivial-2022-04-03-pr2
trivial backports 2022 04 03 pr2
2022-04-07 13:17:05 +03:00
Kittywhiskers Van Gogh
0f90ea72d3 merge bitcoin#15450: Create wallet menu option 2022-04-06 13:49:58 +05:30
W. J. van der Laan
6525ca37a7 Merge bitcoin/bitcoin#21709: doc: update reduce-memory.md and bitcoin.conf -maxconnections info
300234ab6698277fb261a87be72f89ef94d3697a doc: update bitcoin.conf maxconnections info (Jon Atack)
926827065ffa56b75e9261f63d49b924d4bced0f doc: update reduce-memory.md peer connections info (Jon Atack)

Pull request description:

  This patch updates the documentation in `doc/reduce-memory.md` and `share/examples/bitcoin.conf` regarding the peer connections limits and `-maxconnections`

ACKs for top commit:
  jarolrod:
    re-ACK 300234ab6698277fb261a87be72f89ef94d3697a
  laanwj:
    ACK 300234ab6698277fb261a87be72f89ef94d3697a
  prayank23:
    ACK 300234ab66

Tree-SHA512: 90f53626124afb50706e6a3b644bc7bb800bb7cf41ae7062c20c17b3d9bdf4a8d73b4cf188faec9113d772596f7e4bc36a4a69481cacb92cc55d5956181d0c31
2022-04-05 23:10:05 -05:00
fanquake
c841e6e66f Merge bitcoin/bitcoin#23598: contrib: Specify wb mode when creating mac sdk
655d52a0cd6b3df738dc9843e25a95b8930b4628 contrib: Specify wb mode when creating mac sdk (João Barbosa)

Pull request description:

  Fix the warning:
  ```
  ./contrib/macdeploy/gen-sdk:84: FutureWarning: GzipFile was opened for writing, but this will change in future Python releases.  Specify the mode argument for opening it for writing.
  ```

ACKs for top commit:
  fanquake:
    Tested ACK 655d52a0cd6b3df738dc9843e25a95b8930b4628 with Python 3.10.

Tree-SHA512: 095cd301f211531a8b8f50e7915fe13c7ab0b278fb23dc50a03625cfae9e2fd7a0d8c315fced4af3011552e3e455ce562b7f717a0ed096c4433ddcf24f22b2c9
2022-04-03 18:48:15 -05:00
PastaPastaPasta
e84bf45cef
Merge pull request #4744 from vijaydasmp/bp2003
Merge #17119,1683,17102,17134,17691,17992,18170,18382,16975,18472, 18486,17633,7833
2022-04-03 17:44:16 -05:00
PastaPastaPasta
279686f9ba
Merge pull request #4742 from vijaydasmp/bp2002
Merge #17154,16569,17351,13716,17084,18391,16821,17140
2022-04-03 17:33:44 -05:00
strophy
1fddc53f53
ci: build on-demand docker images for testing on devnets (#4667)
* ci: build alpha action

* ci: use self-hosted runner

* ci: build faster

* ci: multicore dash build

* chore: copy build, dockerize and push

* chore: dockerize build

* chore: remove unnecessary cachedir and checkout steps

* chore: disable qemu

* chore: remove buildx steps now included in AMI

* chore: move binaries in to place for second stage copy

* fix: runner using incorrect build driver

* chore: debug builder info

* chore: more detailed debug

* chore: install qemu and buildx in actions

* fix: indentation

* fix: remove debug code

* feat: multi-arch cross-compiling dockerfile

* chore: remove unnecessary docker layers

* chore: add debug output

* chore: dump context

* fix: use event inputs tag for docker_meta

* chore: dump context again

* fix: context reference syntax

* feat: attempt to use gitian builder

* chore: ff changes from other branches

* chore: disable macOS build

* Revert "chore: ff changes from other branches"

This reverts commit daece1c505.

* chore: restore GHA changes to fix incorrect merge

* chore: remove duplicate code

* chore: bump buildx version to latest

* chore: try to build without signing

* chore: setup tmate to find build

* chore: run tmate on failure

* fix: invalid path to binaries on copy

* chore: remove unnecessary GPG steps

* chore: replace strophy with dashpay

* fix: gha cache not providing speedup

* Update .github/workflows/release_alpha.yml

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-04-03 17:24:06 -05:00
Wladimir J. van der Laan
cca430ba9a
Merge #16569: Increase init file stop timeout
7fb7acfc206b4bf8c296d72b66f3bd4fe342fd87 Set init stop timeout to 10 min (setpill)

Pull request description:

  `bitcoind` can take a long time to flush its db cache to disk upon
  shutdown. Systemd sends a `SIGKILL` after a timeout, causing unclean
  shutdowns and triggering a long "Rolling forward" at the next startup.
  Disabling the timeout should prevent this from happening, and does not
  break systemd's `restart` logic.

  Addresses #13736.

ACKs for top commit:
  instagibbs:
    utACK 7fb7acfc20

Tree-SHA512: 16e0ce5a9ecf0628f8d93d68db3f5a78ab36021d9bede05a90c84f144db2e87e17707a6eb910cb7c018c265ce2c81d43de2988bd79e4a2d8554515db8fb5aa36
2022-04-02 16:30:52 +05:30
MarcoFalke
6270a09847
Merge #17691: doc: Add missed copyright headers
fac86ac7b3ceac2f884412c7a9f4bd5bab5e3916 scripted-diff: Add missed copyright headers (Hennadii Stepanov)
6fde9d5e47fc9a1042b3fb68031eab5bf55e508d script: Update EXLUDE list in copyright_header.py (Hennadii Stepanov)
1998152f15fd2b0e83f5068c375a34feaf73db8c script: Add empty line after C++ copyright (Hennadii Stepanov)
071f2fc204f542c5a287ca8835115a2ee0bf2f50 script: Add ability to insert copyright to *.sh (Hennadii Stepanov)

Pull request description:

  This PR improves `contrib/devtools/copyright_header.py` script and adds copyright headers to the files in `src` and `test` directories with two exceptions:
  - [`src/reverse_iterator.h`](https://github.com/bitcoin/bitcoin/blob/master/src/reverse_iterator.h) (added to exceptions)
  - [`src/test/fuzz/FuzzedDataProvider.h`](https://github.com/bitcoin/bitcoin/blob/master/src/test/fuzz/FuzzedDataProvider.h) (added to exceptions)

  On master 5622d8f3156a293e61d0964c33d4b21d8c9fd5e0:
  ```
  $ ./contrib/devtools/copyright_header.py report . | grep zero
    25 with zero copyrights
  ```

  With this PR:
  ```
  $ ./contrib/devtools/copyright_header.py report . | grep zero
     2 with zero copyrights
  ```

  ~I am uncertain about our copyright policy with `build_msvc` and `contrib` directories content, so they are out of scope of this PR.~

ACKs for top commit:
  MarcoFalke:
    ACK fac86ac7b3ceac2f884412c7a9f4bd5bab5e3916

Tree-SHA512: d7832c4a7a1a3b7806119775b40ec35d7982f49ff0e6199b8cee4c0e0a36e68d51728b6ee9924b1c161df4bc6105bd93391b79d42914357fa522f499cb113fa8
2022-04-02 09:19:20 +05:30
Kittywhiskers Van Gogh
8f14c3e2e2 fuzz: add gitlab build support, use clang 2022-03-17 19:23:55 +05:30
fanquake
d9ec960820 Merge bitcoin/bitcoin#22516: macdeploy: alternative info to download the macOS SDK
f8f772dc495f7d3ee02d75d42ee22ceb90c3a693 macdeploy: alternative info to download the macOS SDK (Antoine Poinsot)

Pull request description:

  The previous link wasn't accessible for me, this adds some instructions
  given to me by Hebasto on #bitcoin-core-builds as well as a shasum for
  the archive to quickly check the downloaded one is the right one before
  processing with the entire Guix build.

ACKs for top commit:
  fanquake:
    ACK f8f772dc495f7d3ee02d75d42ee22ceb90c3a693

Tree-SHA512: 620160b593ed8fa4ae4a748b8e72d67b93ff0ec9e6b8ef3c3ac5402c1c48ec0ac325a527b6278cdf84aaf51ba8194d4c366c412ffad141d0412add2710efcff5
2022-03-13 14:52:10 -05:00
Wladimir J. van der Laan
3d6cc69131 Merge #20333: build: remove native_biplist dependency
7087440894a9daa7de806c5aa42d83ad60759c65 depends: native_ds_store 1.3.0 (fanquake)

Pull request description:

  `ds_store` [now takes advantage](36fb607940) of Pythons ability to decode binary [plists](https://docs.python.org/3/library/plistlib.html) (since 3.4), so we can drop its biplist dependency.

  The call to `biplist.Data()` in `custom_dsstore.py` doesn't seem to do anything, and from what I can tell can just be removed. i.e:
  ```diff
  diff --git a/contrib/macdeploy/custom_dsstore.py b/contrib/macdeploy/custom_dsstore.py
  index dc1c1882d..e475bc6c3 100755
  --- a/contrib/macdeploy/custom_dsstore.py
  +++ b/contrib/macdeploy/custom_dsstore.py
  @@ -47,6 +47,7 @@ alias.volume.disk_image_alias.target.filename = package_name_ns + '.temp.dmg'
   alias.volume.disk_image_alias.target.carbon_path = 'Macintosh HD:Users:\x00bitcoinuser:\x00Documents:\x00bitcoin:\x00bitcoin:\x00' + package_name_ns + '.temp.dmg'
   alias.volume.disk_image_alias.target.posix_path = 'Users/bitcoinuser/Documents/bitcoin/bitcoin/' + package_name_ns + '.temp.dmg'
   alias.target.carbon_path = package_name_ns + ':.background:\x00background.tiff'
  +assert(biplist.Data(alias.to_bytes()) == alias.to_bytes())
   icvp['backgroundImageAlias'] = biplist.Data(alias.to_bytes())
   ds['.']['icvp'] = icvp
  ```

ACKs for top commit:
  laanwj:
    ACK 7087440894a9daa7de806c5aa42d83ad60759c65

Tree-SHA512: 8ba3cf561937efe4a3daae8b0cb4de3bf9e425b3a9244161b09d94ee2b1bd4c3e21315fa70e495b19a052aabdc1731b3b6f346b63272d72d2762ced83237d02f
2022-03-05 13:48:08 -06:00
MarcoFalke
54de28adce Merge #15354: doc: Add missing bitcoin-wallet tool manpages
fa1e281547 doc: Add missing wallet-tool manpages (MarcoFalke)
fa0fe3b8a4 contrib: Add missing wallet tool to gen-manpages.sh (MarcoFalke)

Pull request description:

Tree-SHA512: 8c5c7e98f634cb1c8b43ecc9a15f22df2f572f5d752fb20f09910fb0d31e74df8144c1833f54bb44ad53cb5ca166f7e896317951899d4b0aa05bd3262f66835c
2022-03-04 23:38:32 -05:00
fanquake
9509768939 Merge #16812: doc: Fix whitespace errs in .md files, bitcoin.conf, and Info.plist.in
6aab7649d30b19d136a27f1287fd2c8b00fb460c doc: Fix whitespace errs in .md files, bitcoin.conf, Info.plist.in, and find_bdb48.m4 (Jon Layton)

Pull request description:

  Although there is an existing `test/lint/lint-whitespace.sh` linter, it only prevents new errors from being introduced. This commit removes all existing whitespace errors from Core markdown files (skips `src/crypto/ctaes/`, `leveldb/`, and `doc/release-notes/`), `bitcoin.conf`, and `Info.plist.in`.

  Further formatting could be done on the markdown documents, but seeing as there several coexisting styles that break a few `markdownlint` rules, a first step would be to define and add a linter to Travis. For now, the small fix is made.

ACKs for top commit:
  fanquake:
    ACK 6aab7649d30b19d136a27f1287fd2c8b00fb460c - Thanks for following up. Hopefully we now never have to deal with whitespace again.

Tree-SHA512: 810cc31ae4364b2dedf85783e67315d7b4e11589e4b32c599606e1b1ba8de0663bcae9ddb1bd8c9762a3636a2d65bdcd64ec22d2e90943f374a0c9574b77ca23
2022-01-20 13:09:17 -05:00
PastaPastaPasta
098209704b
optimize: adjust ci dockerfile for faster building (#4641)
* optimize: adjust ci dockerfile for faster building

* remove old comment

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>

* remove unneeded semicolons

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>

* format: make each installed package it's own line to minimize conflicts

* sort the installed packages (and a fix)

Signed-off-by: Pasta <pasta@dashboost.org>

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2021-12-30 21:44:13 +03:00
PastaPastaPasta
06998263bb
Optimize linters (#4637)
* optimize: somehow optimize circular-dependencies.py

Signed-off-by: pasta <pasta@dashboost.org>

* optimize: use parallel if available to lint in parallel

Signed-off-by: pasta <pasta@dashboost.org>

* suggestions

* more suggestions

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2021-12-30 19:34:36 +03:00
PastaPastaPasta
f503a7edc1
refactor: Fix warnings from cppcheck (#4625)
* src/evo/evodb.cpp:57:29: warning: Assert statement calls a function which may have desired side effects: 'IsClean'. [assertWithSideEffect]

* src/llmq/quorums.cpp:635:37: note: Null pointer dereference

src/llmq/quorums.cpp:635:37: warning: Either the condition 'pFrom==nullptr' is redundant or there is possible null pointer dereference: pFrom. [nullPointerRedundantCheck]
src/llmq/quorums.cpp:636:81: note: Assuming that condition 'pFrom==nullptr' is not redundant

* fix a bunch of cppcheck warnings

* cppcheck: run on many more files. Enable all checks except a few ignored ones.

ignored
```
    "Consider using std::transform algorithm instead of a raw loop."
    "Consider using std::accumulate algorithm instead of a raw loop."
```

* ci: build specific version of cppcheck instead of install from apt

* ci: use cppcheck 2.4, remove commented out line, fix symlink

cppcheck 2.6 is latest, however causes issues
```
src/spork.cpp:135:51: warning: Analysis failed. If the code is valid then please report this failure. [cppcheckError]
```
cppcheck 2.5 appears to get into an infinite loop

* no need to check presence before insertion

* use if-init, remove redundant check

* remove redundant check

* don't remove cmake? fix macOs depends build?

* cppcheck: one per line, alphabetize

* remove duplicate cmake install
2021-12-29 00:54:50 +03:00
Munkybooty
926d4a774f
lint: Fix typos flagged by codespell (#4639) 2021-12-29 00:45:54 +03:00
Kittywhiskers Van Gogh
58e4cca82b docs: introduce documentation and usage for containers 2021-12-21 12:43:48 +05:30
Kittywhiskers Van Gogh
9bedfa9838 build: add dash minimal development environment container
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2021-12-21 12:43:37 +05:30