Commit Graph

230 Commits

Author SHA1 Message Date
Kittywhiskers Van Gogh
07bd5977e5 partial bitcoin#23511: require glibc 2.18+ 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
d37f30ce46 merge bitcoin#20476: Add test for ELF symbol-check 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
f62fd6f51f merge bitcoin#22244: Correctly extract symbol versions in symbol-check 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
29c885c9f7 merge bitcoin#20434: Parse ELF directly for symbol and security checks 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
ef69317b59 merge bitcoin#19525: add -Wl,-z,separate-code to hardening flags 2023-01-18 19:02:39 -06:00
UdjinM6
498e8c5017 chore: run copyright_header.py update 2023-01-13 00:49:04 +03:00
UdjinM6
a86b891d20 chore: update copyright_header.py 2023-01-13 00:49:04 +03:00
Kittywhiskers Van Gogh
816edc4e4f build: add exclusions to linting scripts and filters 2022-12-01 00:51:08 +05:30
Kittywhiskers Van Gogh
305abe91f9
build/depends: commit dashpay/bls-signatures@66ee820f to source tree as vendored (#5077)
* Squashed 'src/dashbls/' content from commit 66ee820fbc

git-subtree-dir: src/dashbls
git-subtree-split: 66ee820fbc9e3b97370db8c164904af48327a124

* build: stop tracking build-system generated relic_conf.h.in

* build: add support for building bls-signatures from local subtree

* build: add exclusions to linting scripts and filters

* build: drop bls-signatures (bls-dash) from depends
2022-11-22 11:34:46 -06:00
UdjinM6
815cd1d906 more of 17863/21376 2022-10-03 16:08:31 -04:00
Wladimir J. van der Laan
7fb31bc434 Merge #17863: scripts: Add MACHO dylib checks to symbol-check.py
c491368d8cfddf3a5b6d574f10ed67492fcecbed scripts: add MACHO dylib checking to symbol-check.py (fanquake)
76bf97213f4b153dd3ccf1314088a73c4804601d scripts: fix check-symbols & check-security argument passing (fanquake)

Pull request description:

  Based on #17857.

  This adds dynamic library checks for MACHO executables to symbol-check.py. The script has been modified to function more like `security-check.py`. The error output is now also slightly different. i.e:
  ```bash
  # Linux x86
  bitcoin-cli: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4
  bitcoin-cli: export of symbol vtable for std::basic_ios<char, std::char_traits<char> > not allowed
  bitcoin-cli: NEEDED library libstdc++.so.6 is not allowed
  bitcoin-cli: failed IMPORTED_SYMBOLS EXPORTED_SYMBOLS LIBRARY_DEPENDENCIES

  # RISCV (skips exported symbols checks)
  bitcoin-tx: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4
  bitcoin-tx: NEEDED library libstdc++.so.6 is not allowed
  bitcoin-tx: failed IMPORTED_SYMBOLS LIBRARY_DEPENDENCIES

  # macOS
  Checking macOS dynamic libraries...
  libboost_filesystem.dylib is not in ALLOWED_LIBRARIES!
  bitcoind: failed DYNAMIC_LIBRARIES
  ```

  Compared to `v0.19.0.1` the macOS allowed dylibs has been slimmed down somewhat:
  ```diff
   src/qt/bitcoin-qt:
   /usr/lib/libSystem.B.dylib
  -/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
   /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
   /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
   /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
   /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
   /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
   /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
  -/System/Library/Frameworks/Security.framework/Versions/A/Security
  -/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
   /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
  -/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
  -/System/Library/Frameworks/AGL.framework/Versions/A/AGL
   /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
   /usr/lib/libc++.1.dylib
  -/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
   /System/Library/Frameworks/CoreText.framework/Versions/A/CoreText
   /System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO
   /usr/lib/libobjc.A.dylib
  ```

ACKs for top commit:
  laanwj:
    ACK c491368d8cfddf3a5b6d574f10ed67492fcecbed

Tree-SHA512: f8624e4964e80b3e0d34e8d3cc33f3107938f3ef7a01c07828f09b902b5ea31a53c50f9be03576e1896ed832cf2c399e03a7943a4f537a1e1c705f3804aed979
2022-10-03 16:08:31 -04:00
MarcoFalke
2353920662
Merge #16878: Fix non-deterministic coverage of test DoS_mapOrphans
4455949d6f0218b40d33d7fe6de6555f8f62192f Make test DoS_mapOrphans deterministic (David Reikher)

Pull request description:

  This pull request proposes a solution to make the test `DoS_mapOrphans` in denialofservice_tests.cpp have deterministic coverage.

  The `RandomOrphan` function in denialofservice_tests.cpp and the implicitly called function `ecdsa_signature_parse_der_lax` in pubkey.cpp were causing the non-deterministic test coverage.

  In the former, if a random orphan was selected the index of which is bigger than the max. orphan index in `mapOrphanTransactions`, the last orphan was returned from `RandomOrphan`. If the random number generated was never large enough, this condition would not be fulfilled and the corresponding branch wouldn't run. The proposed solution is to force one of the 50 dependant orphans to depend on the last orphan in `mapOrphanTransactions` using the newly introduced function `OrphanByIndex` (and passing it a large uint256), forcing this branch to run at least once.

  In the latter, if values for ECDSA `R` or `S` (or both) had no leading zeros, some code would not be executed. The solution was to find a constant signature that would be comprised of `R` and `S` values with leading zeros and calling `CPubKey::Verify` at the end of the test with this signature forcing this code to always run at least once at the end even if it hadn't throughout the test.

  To test that the coverage is (at least highly likely) deterministic, I ran

  `contrib/devtools/test_deterministic_coverage.sh denialofservice_tests/DoS_mapOrphans 1000`

  and the result was deterministic coverage across 1000 runs.

  Also - removed denialofservice_tests test entry from the list of non-deterministic tests in the coverage script.

ACKs for top commit:
  MarcoFalke:
    ACK 4455949d6f0218b40d33d7fe6de6555f8f62192f

Tree-SHA512: 987eb1f94b80d5bec4d4944e91ef43b9b8603055750362d4b4665b7f011be27045808aa9f4c6ccf8ae009b61405f9a1b8671d65a843c3328e5b8acce1f1c00a6
2022-09-03 10:43:14 -05:00
Wladimir J. van der Laan
33c473a8e3
Merge #18796: scripts: security-check.py refactors
eacedfb0230978748cbcfb13817fed7e7c756ba7 scripts: add additional type annotations to security-check.py (fanquake)
83d063e9541cc9ea41ea86919eb9435c73efb14e scripts: add run_command to security-check.py (fanquake)
13f606b4f940e5820ff21ea62fc27a5a91774b05 scripts: remove NONFATAL from security-check.py (fanquake)
061acf62a15ad3dbb9f055b7c2569b9832ed623a scripts: no-longer check for 32 bit windows in security-check.py (fanquake)

Pull request description:

  * Remove 32-bit Windows checks.
  * Remove NONFATAL checking. Added in #8249, however unused since #13764.
  * Add `run_command` to de-duplicate all of the subprocess calls. Mentioned in #18713.
  * Add additional type annotations.
  * Print stderr when there is an issue running a command.

ACKs for top commit:
  laanwj:
    ACK eacedfb0230978748cbcfb13817fed7e7c756ba7

Tree-SHA512: 69a7ccfdf346ee202b3e8f940634c5daed1d2b5a5d15ac9800252866ba3284ec66e391a66a0b341f5a4e5e8482fe1b614d4671e8e766112ff059405081184a85
2022-06-18 22:14:03 -07:00
fanquake
f7a94b58d4
Merge #18629: scripts: add PE .reloc section check to security-check.py
3e38023af724a76972d39cbccfb0bba4c54a0323 scripts: add PE .reloc section check to security-check.py (fanquake)

Pull request description:

  The `ld` in binutils has historically had a few issues with PE binaries, there's a good summary in this [thread](https://sourceware.org/bugzilla/show_bug.cgi?id=19011).

  One issue in particular was `ld` stripping the `.reloc` section out of PE binaries, even though it's required for functioning ASLR. This was [reported by a Tor developer in 2014](https://sourceware.org/bugzilla/show_bug.cgi?id=17321) and they have been patching their [own binutils](https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/binutils) ever since. However their patch only made it into binutils at the [start of this year](https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=dc9bd8c92af67947db44b3cb428c050259b15cd0). It adds an `--enable-reloc-section` flag, which is turned on by default if you are using `--dynamic-base`. In the mean time this issue has also been worked around by other projects, such as FFmpeg, see [this commit](91b668acd6).

  I have checked our recent supported Windows release binaries, and they do contain a `.reloc` section. From what I understand, we are using all the right compile/linker flags, including `-pie` & `-fPIE`, and have never run into the crashing/entrypoint issues that other projects might have seen.

  One other thing worth noting here, it how Debian/Ubuntu patch the binutils that they distribute, because that's what we end up using in our gitian builds.

  In the binutils-mingw-w64 in Bionic (18.04), which we currently use in gitian, PE hardening options/security flags are enabled by default. See the [changelog](https://changelogs.ubuntu.com/changelogs/pool/universe/b/binutils-mingw-w64/binutils-mingw-w64_8ubuntu1/changelog) and the [relevant commit](452b3013b8).

  However in Focal (20.04), this has now been reversed. PE hardening options are no-longer the default. See the [changelog](https://changelogs.ubuntu.com/changelogs/pool/universe/b/binutils-mingw-w64/binutils-mingw-w64_8.8/changelog) and [relevant commit](7bd8b2fbc2), which cites same .reloc issue mentioned here.

  Given that we explicitly specify/opt-in to everything that we want to use, the defaults aren't necessarily an issue for us. However I think it highlights the importance of continuing to be explicit about what we want, and not falling-back or relying on upstream.

  This was also prompted by the possibility of us doing link time garbage collection, see #18579 & #18605. It seemed some sanity checks would be worthwhile in-case the linker goes haywire while garbage collecting.

  I think Guix is going to bring great benefits when dealing with these kinds of issues. Carl you might have something to say in that regard.

ACKs for top commit:
  dongcarl:
    ACK 3e38023af724a76972d39cbccfb0bba4c54a0323

Tree-SHA512: af14d63bdb334bde548dd7de3e0946556b7e2598d817b56eb4e75b3f56c705c26aa85dd9783134c4b6a7aeb7cb4de567eed996e94d533d31511f57ed332287da
2022-06-18 22:14:03 -07:00
fanquake
bd7b5a3ad4
Merge #18713: scripts: Add MACHO stack canary check to security-check.py
8334ee31f868f0f9baf0920d14d20174ed889dbe scripts: add MACHO LAZY_BINDINGS test to test-security-check.py (fanquake)
7b99c7454cdb74cd9cd7a5eedc2fb9d0a19df456 scripts: add MACHO Canary check to security-check.py (fanquake)

Pull request description:

  7b99c7454cdb74cd9cd7a5eedc2fb9d0a19df456 uses `otool -Iv` to check for `___stack_chk_fail` in the macOS binaries. Similar to the [ELF check](https://github.com/bitcoin/bitcoin/blob/master/contrib/devtools/security-check.py#L105). Note that looking for a triple underscore prefixed function (as opposed to two for ELF) is correct for the macOS binaries. i.e:
  ```bash
  otool -Iv bitcoind | grep chk
  0x00000001006715b8   509 ___memcpy_chk
  0x00000001006715be   510 ___snprintf_chk
  0x00000001006715c4   511 ___sprintf_chk
  0x00000001006715ca   512 ___stack_chk_fail
  0x00000001006715d6   517 ___vsnprintf_chk
  0x0000000100787898   513 ___stack_chk_guard
  ```

  8334ee31f868f0f9baf0920d14d20174ed889dbe is a follow up to #18295 and adds test cases to `test-security-check.py` that for some reason I didn't add at the time. I'll sort out #18434 so that we can run these tests in the CI.

ACKs for top commit:
  practicalswift:
    ACK 8334ee31f868f0f9baf0920d14d20174ed889dbe: Mitigations are important. Important things are worth asserting :)
  jonasschnelli:
    utACK 8334ee31f868f0f9baf0920d14d20174ed889dbe.

Tree-SHA512: 1aa5ded34bbd187eddb112b27278deb328bfc21ac82316b20fab6ad894f223b239a76b53dab0ac1770d194c1760fcc40d4da91ec09959ba4fc8eadedb173936a
2022-06-18 22:14:03 -07:00
fanquake
67ceda1b5a
Merge #18295: scripts: add MACHO lazy bindings check to security-check.py
5ca90f8b598978437340bb8467f527b9edfb2bbf scripts: add MACHO lazy bindings check to security-check.py (fanquake)

Pull request description:

  This is a slightly belated follow up to #17686 and some discussion with Cory. It's not entirely clear if we should make this change due to the way the macOS dynamic loader appears to work. However I'm opening this for some discussion. Also related to #17768.

  #### Issue:
  [`LD64`](https://opensource.apple.com/source/ld64/) doesn't set the [MH_BINDATLOAD](https://opensource.apple.com/source/xnu/xnu-6153.11.26/EXTERNAL_HEADERS/mach-o/loader.h.auto.html) bit in the header of MACHO executables, when building with `-bind_at_load`. This is in contradiction to the [documentation](https://opensource.apple.com/source/ld64/ld64-450.3/doc/man/man1/ld.1.auto.html):
  ```bash
  -bind_at_load
       Sets a bit in the mach header of the resulting binary which tells dyld to
       bind all symbols when the binary is loaded, rather than lazily.
  ```

  The [`ld` in Apples cctools](https://opensource.apple.com/source/cctools/cctools-927.0.2/ld/layout.c.auto.html) does set the bit, however the [cctools-port](https://github.com/tpoechtrager/cctools-port/) that we use for release builds, bundles `LD64`.

  However; even if the linker hasn't set that bit, the dynamic loader ([`dyld`](https://opensource.apple.com/source/dyld/)) doesn't seem to ever check for it, and from what I understand, it looks at a different part of the header when determining whether to lazily load symbols.

  Note that our release binaries are currently working as expected, and no lazy loading occurs.

  #### Example:

  Using a small program, we can observe the behaviour of the dynamic loader.

  Conducted using:
  ```bash
  clang++ --version
  Apple clang version 11.0.0 (clang-1100.0.33.17)
  Target: x86_64-apple-darwin18.7.0

  ld -v
  @(#)PROGRAM:ld  PROJECT:ld64-530
  BUILD 18:57:17 Dec 13 2019
  LTO support using: LLVM version 11.0.0, (clang-1100.0.33.17) (static support for 23, runtime is 23)
  TAPI support using: Apple TAPI version 11.0.0 (tapi-1100.0.11)
  ```

  ```cpp
  #include <iostream>
  int main() {
  	std::cout << "Hello World!\n";
  	return 0;
  }
  ```

  Compile and check the MACHO header:
  ```bash
  clang++ test.cpp -o test
  otool -vh test
  ...
  Mach header
        magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
  MH_MAGIC_64  X86_64        ALL LIB64     EXECUTE    16       1424   NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE

  # Run and dump dynamic loader bindings:
  DYLD_PRINT_BINDINGS=1 DYLD_PRINT_TO_FILE=no_bind.txt ./test
  Hello World!
  ```

  Recompile with `-bind_at_load`. Note still no `BINDATLOAD` flag:
  ```bash
  clang++ test.cpp -o test -Wl,-bind_at_load
  otool -vh test
  Mach header
        magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
  MH_MAGIC_64  X86_64        ALL LIB64     EXECUTE    16       1424   NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE
  ...
  DYLD_PRINT_BINDINGS=1 DYLD_PRINT_TO_FILE=bind.txt ./test
  Hello World!
  ```

  If we diff the outputs, you can see that `dyld` doesn't perform any lazy bindings when the binary is compiled with `-bind_at_load`, even if the `BINDATLOAD` flag is not set:
  ```diff
  @@ -1,11 +1,27 @@
  +dyld: bind: test:0x103EDF030 = libc++.1.dylib:__ZNKSt3__16locale9use_facetERNS0_2idE, *0x103EDF030 = 0x7FFF70C9FA58
  +dyld: bind: test:0x103EDF038 = libc++.1.dylib:__ZNKSt3__18ios_base6getlocEv, *0x103EDF038 = 0x7FFF70CA12C2
  +dyld: bind: test:0x103EDF068 = libc++.1.dylib:__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryC1ERS3_, *0x103EDF068 = 0x7FFF70CA12B6
  +dyld: bind: test:0x103EDF070 = libc++.1.dylib:__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryD1Ev, *0x103EDF070 = 0x7FFF70CA1528
  +dyld: bind: test:0x103EDF080 = libc++.1.dylib:__ZNSt3__16localeD1Ev, *0x103EDF080 = 0x7FFF70C9FAE6
  <trim>
  -dyld: lazy bind: test:0x10D4AC0C8 = libsystem_platform.dylib:_strlen, *0x10D4AC0C8 = 0x7FFF73C5C6E0
  -dyld: lazy bind: test:0x10D4AC068 = libc++.1.dylib:__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryC1ERS3_, *0x10D4AC068 = 0x7FFF70CA12B6
  -dyld: lazy bind: test:0x10D4AC038 = libc++.1.dylib:__ZNKSt3__18ios_base6getlocEv, *0x10D4AC038 = 0x7FFF70CA12C2
  -dyld: lazy bind: test:0x10D4AC030 = libc++.1.dylib:__ZNKSt3__16locale9use_facetERNS0_2idE, *0x10D4AC030 = 0x7FFF70C9FA58
  -dyld: lazy bind: test:0x10D4AC080 = libc++.1.dylib:__ZNSt3__16localeD1Ev, *0x10D4AC080 = 0x7FFF70C9FAE6
  -dyld: lazy bind: test:0x10D4AC070 = libc++.1.dylib:__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryD1Ev, *0x10D4AC070 = 0x7FFF70CA1528
  ```

  Note: `dyld` also has a `DYLD_BIND_AT_LAUNCH=1` environment variable, that when set, will force any lazy bindings to be non-lazy:
  ```bash
  dyld: forced lazy bind: test:0x10BEC8068 = libc++.1.dylib:__ZNSt3__113basic_ostream
  ```

  #### Thoughts:
  After looking at the dyld source, I can't find any checks for `MH_BINDATLOAD`. You can see the flags it does check for, such as MH_PIE or MH_BIND_TO_WEAK [here](https://opensource.apple.com/source/dyld/dyld-732.8/src/ImageLoaderMachO.cpp.auto.html).

  It seems that the lazy binding of any symbols depends on whether or not [lazy_bind_size](https://opensource.apple.com/source/xnu/xnu-6153.11.26/EXTERNAL_HEADERS/mach-o/loader.h.auto.html) from the `LC_DYLD_INFO_ONLY` load command is > 0. Which was mentioned in [#17686](https://github.com/bitcoin/bitcoin/pull/17686#issue-350216254).

  #### Changes:
  This PR is one of [Corys commits](7b6ba26178), that I've rebased and modified to make build. I've also included an addition to the `security-check.py` script to check for the flag.

  However, given the above, I'm not entirely sure this patch is the correct approach. If the linker no-longer inserts it, and the dynamic loader doesn't look for it, there might be little benefit to setting it. Or, maybe this is an oversight from Apple and needs some upstream discussion. Looking for some thoughts / Concept ACK/NACK.

  One alternate approach we could take is to drop the patch and modify security-check.py to look for `lazy_bind_size` == 0 in the `LC_DYLD_INFO_ONLY` load command, using `otool -l`.

ACKs for top commit:
  theuni:
    ACK 5ca90f8b598978437340bb8467f527b9edfb2bbf

Tree-SHA512: 444022ea9d19ed74dd06dc2ab3857a9c23fbc2f6475364e8552d761b712d684b3a7114d144f20de42328d1a99403b48667ba96885121392affb2e05b834b6e1c
2022-06-18 22:14:02 -07:00
Wladimir J. van der Laan
3c4982205c
Merge #18415: scripts: add MACHO tests to test-security-check.py
7142d50ac33e0ad7d24e49e04c1fc7e3e769ed46 scripts: rename test_64bit_PE to test_PE (fanquake)
edaca2dd123cef958699c07ab248cf0ffc71af07 scripts: add MACHO NX check to security-check.py (fanquake)
1a4e9f32efcc5f6a74290446dc58784fd85c7b31 scripts: add MACHO tests to test-security-check.py (fanquake)

Pull request description:

  Adds tests for the MACHO checks in security-check.py:
  ac579ada7e/contrib/devtools/security-check.py (L212-L214)

  I'm planning on following up with more checks in security-check.py, and corresponding tests in test-security-check.py.

  Note that you'll probably have to be on macOS to run them. You can run just this suite with `python3 test-security-check.py TestSecurityChecks.test_MACHO`.

ACKs for top commit:
  laanwj:
    ACK 7142d50ac33e0ad7d24e49e04c1fc7e3e769ed46

Tree-SHA512: ace3ca9f6df5d4fedd5988938fb7dc7563ec7dc587aa275f780b5f51e9b8d7d6f7768e0a1e05ce438510a07b8640aba92c76847b30c2990f46c66b78a0acf960
2022-06-18 22:14:02 -07:00
Wladimir J. van der Laan
a25ee06cc1 Merge #17787: scripts: add MACHO PIE check to security-check.py
7c9e821c4e6cb186208ead9c8df616d1f393a49a scripts: add MACHO NOUNDEFS check to security-check.py (fanquake)
4ca92dc6d3f3e487d63286d8871d1829b3d279ff scripts: add MACHO PIE check to security-check.py (fanquake)

Pull request description:

  This uses `otool -vh` to print the mach header and look for the `PIE` flag:
  ```bash
  otool -vh src/bitcoind
  Mach header
        magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
  MH_MAGIC_64  X86_64        ALL LIB64     EXECUTE    24       2544   NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE
  ```

  From [`mach-o/loader.h`](https://opensource.apple.com/source/cctools/cctools-927.0.2/include/mach-o/loader.h.auto.html):
  ```c
  #define	MH_PIE 0x200000			/* When this bit is set, the OS will
  					   load the main executable at a
  					   random address.  Only used in
  					   MH_EXECUTE filetypes. */
  ```

ACKs for top commit:
  laanwj:
    code review ACK 7c9e821c4e6cb186208ead9c8df616d1f393a49a

Tree-SHA512: 5ba2f60440d0e31c70371a355c91ca4f723d80f7287d04e2098bf5b11892cc74216ff8f1454603c4db9675d4f7983614843b992b8dcfca0309aadf2aa7ab2e4b
2022-06-08 12:36:52 +07:00
PastaPastaPasta
d64b7229cd
chore: bump copyrights (#4873)
* chore: bump copyright in configure.ac

* chore: bump copyright via copyright_header.py

ran command `python3 contrib/devtools/copyright_header.py update .`
2022-06-08 02:36:46 +03:00
Kittywhiskers Van Gogh
3ba8431900 merge bitcoin#16899: UTXO snapshot creation (dumptxoutset)
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-05-23 10:38:33 +05:30
PastaPastaPasta
b421cfacae
perf: enable more multi-threading and caching in linters (#4807)
* perf: enable more multi-threading and caching in linters

20s -> 6s

* ci: add multiprocess to ci dockerfile

* Update test/lint/lint-cppcheck-dash.sh

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2022-04-27 21:14:40 +03:00
UdjinM6
c6e724bf21 partial bitcoin#22244: Add xkb version to symbol-check 2022-04-26 20:37:20 +05:30
Kittywhiskers Van Gogh
1763f727b5 merge bitcoin#21376: Qt 5.12.10 2022-04-26 00:54:10 +05:30
UdjinM6
89f606a927
trivial: add some missing dashifications (#4772) 2022-04-19 09:09:42 +03:00
MarcoFalke
6270a09847
Merge #17691: doc: Add missed copyright headers
fac86ac7b3ceac2f884412c7a9f4bd5bab5e3916 scripted-diff: Add missed copyright headers (Hennadii Stepanov)
6fde9d5e47fc9a1042b3fb68031eab5bf55e508d script: Update EXLUDE list in copyright_header.py (Hennadii Stepanov)
1998152f15fd2b0e83f5068c375a34feaf73db8c script: Add empty line after C++ copyright (Hennadii Stepanov)
071f2fc204f542c5a287ca8835115a2ee0bf2f50 script: Add ability to insert copyright to *.sh (Hennadii Stepanov)

Pull request description:

  This PR improves `contrib/devtools/copyright_header.py` script and adds copyright headers to the files in `src` and `test` directories with two exceptions:
  - [`src/reverse_iterator.h`](https://github.com/bitcoin/bitcoin/blob/master/src/reverse_iterator.h) (added to exceptions)
  - [`src/test/fuzz/FuzzedDataProvider.h`](https://github.com/bitcoin/bitcoin/blob/master/src/test/fuzz/FuzzedDataProvider.h) (added to exceptions)

  On master 5622d8f3156a293e61d0964c33d4b21d8c9fd5e0:
  ```
  $ ./contrib/devtools/copyright_header.py report . | grep zero
    25 with zero copyrights
  ```

  With this PR:
  ```
  $ ./contrib/devtools/copyright_header.py report . | grep zero
     2 with zero copyrights
  ```

  ~I am uncertain about our copyright policy with `build_msvc` and `contrib` directories content, so they are out of scope of this PR.~

ACKs for top commit:
  MarcoFalke:
    ACK fac86ac7b3ceac2f884412c7a9f4bd5bab5e3916

Tree-SHA512: d7832c4a7a1a3b7806119775b40ec35d7982f49ff0e6199b8cee4c0e0a36e68d51728b6ee9924b1c161df4bc6105bd93391b79d42914357fa522f499cb113fa8
2022-04-02 09:19:20 +05:30
MarcoFalke
54de28adce Merge #15354: doc: Add missing bitcoin-wallet tool manpages
fa1e281547 doc: Add missing wallet-tool manpages (MarcoFalke)
fa0fe3b8a4 contrib: Add missing wallet tool to gen-manpages.sh (MarcoFalke)

Pull request description:

Tree-SHA512: 8c5c7e98f634cb1c8b43ecc9a15f22df2f572f5d752fb20f09910fb0d31e74df8144c1833f54bb44ad53cb5ca166f7e896317951899d4b0aa05bd3262f66835c
2022-03-04 23:38:32 -05:00
PastaPastaPasta
06998263bb
Optimize linters (#4637)
* optimize: somehow optimize circular-dependencies.py

Signed-off-by: pasta <pasta@dashboost.org>

* optimize: use parallel if available to lint in parallel

Signed-off-by: pasta <pasta@dashboost.org>

* suggestions

* more suggestions

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2021-12-30 19:34:36 +03:00
fanquake
ffe950bbc7
partial merge #16327: scripts and tools: Update ShellCheck linter
1ac454a3844b9b8389de0f660fa9455c0efa7140 Enable ShellCheck rules (Hennadii Stepanov)

Pull request description:

  Enable some simple ShellCheck rules.

  Note for reviewers: `bash` and `shellcheck` on macOS are different from ones on Ubuntu.
  For local tests the latest `shellcheck` version 0.6.0 should be used (see #15166).

ACKs for top commit:
  practicalswift:
    utACK 1ac454a3844b9b8389de0f660fa9455c0efa7140
  dongcarl:
    utACK 1ac454a
  fanquake:
    ACK 1ac454a3844b9b8389de0f660fa9455c0efa7140

Tree-SHA512: 8d0a3a5c09fe1a0c22120178f5e6b80f81f746f8c3356b7701ff301c117acb2edea8fe08f08fb54ed73f94b1617515fb239fa28e7ab4121f74872e6494b6f20e
2021-12-03 18:13:01 +03:00
Kittywhiskers Van Gogh
2c98320c1a merge bitcoin#15288: Remove wallet -> node global function calls 2021-11-14 15:32:37 +05:30
Wladimir J. van der Laan
f4cac953c3
Merge #14903: tests: Handle ImportError explicitly, improve comparisons against None
c9ba253f4f5d675d7736d24c1167229d0898ef1a Add E711 to flake8 check (Daniel Ingram)
17b55202dae8d6e21d2490de89b345c55f7694c0 Compare to None with is/is not (Daniel Ingram)
1b89074ae27ce123adbeed57343deaef13c14f81 Change '== None' to 'is None' (Daniel Ingram)
16d293772365d57cc1a279d5ad0fa6f44b12ed54 Handle exception as ImportError (Daniel Ingram)

Pull request description:

Tree-SHA512: aa5875ea3d9ac47ac898545ff023b511042cd377ea0c4594074daae119f3d4f3fc295721aad94a732a907086ecb32bce19a8eed38adf479f12663c4e8944f721
2021-10-08 19:13:52 +05:30
MarcoFalke
60b3c5a64e
Merge #15257: Scripts and tools: Bump flake8 to 3.7.8
3d0a82cff8cbb809876e82dbe62d14d2adc07d94 devtools: Accomodate block-style copyright blocks (Ben Woosley)
0ef0e51fe4bb592e67255776b5a0ba04679fb8c4 lint: Bump flake8 to 3.7.8 (Ben Woosley)
838920704ad90a71cf288b700052503db8abb17e lint: Disable flake8 W504 warning (Ben Woosley)
b21680baf5391a602b295b9d7d0ef66553661cb9 test/contrib: Fix invalid escapes in regex strings (Ben Woosley)

Pull request description:

  This is a second go at #15221, fixing new lints in:
  W504 line break after binary operator
  W605 invalid escape sequence
  F841 local variable 'e' is assigned to but never used

  This time around:
  * One commit per rule, for easier review
  * I went with the PEP-8 style of breaking before binary operators
  * I looked into the raw regex newline issue, and found that raw strings with newlines embedded do work appropriately. E.g. run `re.match(r" \n ", " \n ")` to check this for yourself. `re.MULTILINE` exists to modify `^` and `$` in multiline scenarios, but  all of these searches are per-line.

ACKs for top commit:
  practicalswift:
    ACK 3d0a82cff8cbb809876e82dbe62d14d2adc07d94 -- diff looks correct

Tree-SHA512: bea0c144cadd72e4adf2e9a4b4ee0535dd91a8e694206924cf8a389dc9253f364a717edfe9abda88108fbb67fda19b9e823f46822d7303c0aaa72e48909a6105
2021-10-05 20:34:01 +03:00
MarcoFalke
b184989b4d Merge #17569: build: Allow export of environ symbols and work around rv64 toolchain issue
eafd2593674b6890418a50eadf69425071b824e4 build: Add NX workaround for RV64 (Wladimir J. van der Laan)
f6e42256fe8900ed90f9644906b77f97e1600952 build: Allow export of environ symbols (Wladimir J. van der Laan)

Pull request description:

  This export was introduced in #17270 which added
  ```
  //! Necessary on some platforms
  extern char** environ;
  ```
  This should (finally) make the gitian build pass again (fix issue #17525.).

  Built on top of #17538 which should be merged first.

Top commit has no ACKs.

Tree-SHA512: 5c2054d52d0957aec3dc945b76d8e219187d22dc03889e7a88fb76049bf8e4a3e9f4da00dd1e9dd0351211f8e70d1a1b8ad7244f0348dab698e9d14b9d0c0bd4
2021-09-14 14:30:13 -04:00
MarcoFalke
ede3de195d
Merge #16223: devtools: Fetch and display ACKs at sign-off time in github-merge
0e01e4522e devtools: Fetch and display ACKs at sign-off time in github-merge (Wladimir J. van der Laan)

Pull request description:

  - Fetch the ACKs only at sign-off time. This makes sure that any last-minute ACKs are included (fixes #16200)
  - Show a list of ACKs that will be included and their author before signing off, and warn if there are none

  ![1](https://user-images.githubusercontent.com/126646/59605250-ad070980-910e-11e9-9f9a-d789c7f06ebb.png)
  ![2](https://user-images.githubusercontent.com/126646/59605255-b1332700-910e-11e9-80a5-d1e244f48264.png)

  There's a slight change to the merge commit format—before it was
  ```
      ACKs for commit 88884c:
  (list of ACKs, could be empty)
  ```
  now it is
  ```
  ACKs for top commit:
        jnewbery:
          ACK 5ebc6b0eb
      ... (list of ACKs cannot be empty)
  ```
  or
  ```
  Top commit has no ACKs.
  ```
  I don't think there's a reason to have the abbreviated commit ID there, after all the full commit id is already in the beginning of the merge commit message, and at least the abbreviated one is in every single ACK message.

ACKs for commit 0e01e4:
  fanquake:
    ACK 0e01e4522e0f9e2e994f80fc61f40d61a4a70d79

Tree-SHA512: 8576de016137d71cfc101747e9bb6779c13e0953cf2babee7afc9972bf2bd46f6912be4982b54fa5abf4d91e98e8fdae6b4ca3eef7d6892b7a5f04a7017b6882
2021-09-12 14:15:11 -04:00
Wladimir J. van der Laan
7e5260568f
Merge #15838: scripts and tools: Fetch missing review comments in github-merge.py
942ff2054b41fe3f78f1b3d88cfd032bc95fd62f contrib: gh-merge: Use pagination to fetch all review comments (nkostoulas)

Pull request description:

  Use GitHub API pagination to do multiple requests if required.

  Tested with some PRs that have a large number of comments.

  For issue #15816

ACKs for commit 942ff2:
  MarcoFalke:
    utACK 942ff2054b41fe3f78f1b3d88cfd032bc95fd62f
  laanwj:
    utACK 942ff2054b41fe3f78f1b3d88cfd032bc95fd62f

Tree-SHA512: cf0dcdc40212a7c5cfcd1afe873e068399bc6499fd2e32207c5516595c93e5cb478178b04185ce21c3de0312621e05fda268411e59864d51046fb7a049989f42
2021-09-12 14:15:08 -04:00
Wladimir J. van der Laan
0bb6e9000e
Merge #15643: contrib: gh-merge: Include ACKs in merge commit
fa1c073154c6a39dca878f5c9a37abee8af0fd30 contrib: gh-merge: Include review comments in merge commit (MarcoFalke)

Pull request description:

  This includes all up-to-date ACKs in the merge commit for reference

Tree-SHA512: 32c9352d884f9ecf94940f50f2921fc9fc026083c120f54d0651a41814872e852aee8d0c4ad5bcd03292329f05d76fcb7bac11741e1dd3bf417211a186005afb
2021-09-10 20:54:54 -04:00
Wladimir J. van der Laan
07a7fda225
Merge #15939: gitian: Remove Windows 32 bit build
fa193dc8e6f3b96fa2dba2f1c1668f7720fed320 doc: Remove win32 from the release process (MarcoFalke)
faf666f8148eeb305a9c4f78459aff2c7268016b Remove Windows 32 bit build (MarcoFalke)

Pull request description:

  The Windows 32 bit build has been removed from https://bitcoincore.org/en/download/, so unless there are complaints, we don't need to build it even

ACKs for commit fa193d:
  fanquake:
    utACK fa193dc8e6

Tree-SHA512: d6f2976a2e0c407698f720b00ac23ec4056626de4eff8621f4c5581120af0460afd1bdef72329cc0e7d92afca48d94ae5fce6777cb36bfabb60b8034ff08fd88
2021-09-02 22:27:58 +03:00
PastaPastaPasta
b483948627
Merge pull request #4255 from kittywhiskers/darwinqol
build: gitian, linting and macOS-specific QoL improvements (part 1)
2021-09-01 19:51:48 -04:00
PastaPastaPasta
bbc8623245
Merge pull request #4356 from kittywhiskers/depends
merge bitcoin#18820, #19764, #13686, #17538, #18405: zmq backports, boost depends split
2021-08-31 15:31:38 -04:00
Kittywhiskers Van Gogh
0b13db2ac5 merge #14954: Require python 3.5 2021-08-31 11:16:12 +05:30
Kittywhiskers Van Gogh
dc0e918126 merge bitcoin#17538: Bump minimum libc to 2.17 for release binaries 2021-08-28 11:52:01 +05:30
Wladimir J. van der Laan
6e81d04ecc Merge #15165: contrib: Allow use of github API authentication in github-merge
f1bd219a5b318e4bea361e1247a233e4f251f517 contrib: Allow use of github API authentication in github-merge (Wladimir J. van der Laan)
a4c5bbfcd3a12f310b26cccc78ded32dd3f32ebb contrib: Add support for http[s] URLs in github-merge (Wladimir J. van der Laan)
059a3cffdfa596aa3adaace3f57fa86fdd3f80fc contrib: Detailed reporting for http errors in github-merge (Wladimir J. van der Laan)

Pull request description:

  Three commits I had locally for `github-merge.py`:

  -  *Detailed reporting for http errors in github-merge*: Print detailed error, this makes it easier to diagnose github API issues.
  - *Add support for http[s] URLs in github-merge*: Sometimes it can be useful to use github-merge with read-only access (say, for reviewing and testing from untrusted VMs).
  - *Allow use of github API authentication in github-merge*: The API request limit for unauthenticated requests is quite low. I started running into rate limiting errors. The limit for authenticated requests is much higher. This patch adds an optional configuration setting `user.ghtoken` that, when set, is used to authenticate requests to the API.

Tree-SHA512: ca8ae1874a787263e49d915d7cf31c0c0f50aba229c9440265bf1fda69f7e00641d1492512b93d76c17ff1766859283d640d37770acb120898736ad97efbd5c2
2021-08-24 19:14:50 -04:00
Kittywhiskers Van Gogh
fc8952aa19
build: add libgmp detection, make immer a package (#4311)
* build: detect the presence of libgmp before generating Makefile

* depends: add arximboldi/immer@v0.6.2 as a package and add detection

* depends: remove immer from source tree, build using package only

* Drop immer refs from tools

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2021-08-10 22:35:55 +03:00
MarcoFalke
a309982e82 Merge #14947: scripts: Remove Python 2 import workarounds
4de11a3682 Remove Python 2 import workarounds (practicalswift)

Pull request description:

  Remove Python 2 import workarounds.

  As noted by @jnewbery in https://github.com/bitcoin/bitcoin/pull/14903#discussion_r241396925:

  > This exception handling is a vestige from when github-merge.py supported Python 2 and Python 3. We only support Python 3 now so we should be able to remove it entirely and just import from urllib.request.

Tree-SHA512: e0d21e6299dd62fb669ad95cbd3d19f7c803195fd336621aac72fd10ddc7431d90443831072a2e1eb2fc880d1d88eb7c3e2ead3da59f545f6db07d349af98fb3
2021-08-03 18:39:42 -03:00
UdjinM6
95f89eec56
Fix more spelling errors 2021-07-19 12:52:03 -05:00
UdjinM6
f11c1bc1f8
Ignore immer in code coverage checks, lint-whitespace.sh and copyright_header.py scripts (#4268) 2021-07-19 12:32:29 +03:00
MarcoFalke
9ff78a0644 Merge #21481: doc: Tell howto install clang-format on Debian/Ubuntu
ea76f4ac7d6e8c268d301d7ae6c8d4d8d804d55f Doc: Tell howto install clang-format on Debian/Ubuntu (wodry)

Pull request description:

  Because only macOS wasy mentioned, I was unsure if this would be a macOS specific tool. I guess Linux is more used than Mac, so Linux guide should be there, too.

ACKs for top commit:
  hebasto:
    ACK ea76f4ac7d6e8c268d301d7ae6c8d4d8d804d55f, every system upgrade via clean installation I do the same.

Tree-SHA512: 75c28540e8815cb41f4cf92784b6349978988b679e4deef9ae77ede951f93516ca13ec7b313ab72865b01273e115b49ed2b67cdcd68015af1b643a6186b190dd
2021-07-15 19:39:10 -05:00
Kittywhiskers Van Gogh
da33c9619c
partial merge #17398: Update leveldb to 1.22+ (#4230)
* Update to leveldb upstream using subtree merge

* Import crc32c using subtree merge as as 'src/crc32c'

* build: Update build system for new leveldb

Upstream leveldb switched build systems, which means we need to define
a few different values.

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>

* doc: Add crc32c subtree to developer notes

* test: Add crc32c to subtree check linter

* test: Add crc32c exception to various linters and generation scripts

* build: Add LCOV exception for crc32c

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>

* build: CRC32C build system integration

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2021-07-15 15:42:55 -05:00
UdjinM6
07e7be34d2
Merge pull request #4250 from PastaPastaPasta/backport-triv-pr11
backport: 'trivial' pr11
2021-07-15 20:34:04 +03:00
fanquake
9a4636d57d Merge #18010: test: rename test suite name "tx_validationcache_tests" to match filename
b3c4d9bac6910f6c28f6008c5ca7064a315fd2a5 test: rename test suite name "tx_validationcache_tests" to match filename (Sebastian Falbesoner)

Pull request description:

  Quoting `src/test/README.md`, '`Adding test cases`':

  >     "The file naming convention is `<source_filename>_tests.cpp`
  >      and such files should wrap their tests in a test suite
  >      called `<source_filename>_tests`."

  Currently the unit test source file `txvalidationcache_tests.cpp` contains a unit test suite with the name `tx_validationcache_tests`, which is fixed by this PR. The following shell script shows that this is the only mismatch and for all other unit test source files the test suite names are correct:

  ```
   #!/bin/bash
   shopt -s globstar
   for test_full_filename in **/*_tests.cpp; do
       test_name_file=`basename $test_full_filename .cpp`
       test_name_suite=`sed -n "s/^.*TEST_SUITE(\(.*_tests\).*$/\1/p" $test_full_filename`
       if [ $test_name_file != $test_name_suite ]; then
           echo "TestFilename: $test_name_file != TestSuitname: $test_name_suite"
       fi
   done
  ```

ACKs for top commit:
  practicalswift:
    ACK b3c4d9bac6910f6c28f6008c5ca7064a315fd2a5 -- expected naming is better than unexpected naming :)
  kristapsk:
    ACK b3c4d9bac6910f6c28f6008c5ca7064a315fd2a5

Tree-SHA512: 29d409b1eb22057ee2cc407508e2580d2bc03f412401df11b8ecf77be5ada6bda8f7d2cb5338c5e079490fa12242c1fd6230a09e47252c1b0d9fe535a828ca4c
2021-07-15 11:07:36 -05:00
fanquake
824107ecfb
Merge #17545: build: remove libanl.so.1 from ALLOWED_LIBRARIES
ec89d2882a591f6af5aad57ab8638250d9dc1add build: remove libanl.so.1 from ALLOWED_LIBRARIES (fanquake)

Pull request description:

  It should no longer be needed after: 10ae7a7b23.

  Symbol checker output for the `0.19.0.1` gitian built Linux binaries:
  ```bash
  aarch64  arm  i686-pc  risvc  symbol-check.py  x86_64
  root@557096f567b5:/test# find aarch64/ -type f -executable | xargs python3 symbol-check.py
  ['libpthread.so.0', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-aarch64.so.1']
  ['libpthread.so.0', 'libfontconfig.so.1', 'libfreetype.so.6', 'libxcb.so.1', 'libdl.so.2', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-aarch64.so.1']
  root@557096f567b5:/test# find arm -type f -executable | xargs python3 symbol-check.py
  ['libpthread.so.0', 'librt.so.1', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-armhf.so.3']
  ['libpthread.so.0', 'librt.so.1', 'libfontconfig.so.1', 'libfreetype.so.6', 'libxcb.so.1', 'libdl.so.2', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-armhf.so.3']
  root@557096f567b5:/test# find i686-pc -type f -executable | xargs python3 symbol-check.py
  ['libpthread.so.0', 'librt.so.1', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux.so.2']
  ['libpthread.so.0', 'librt.so.1', 'libfontconfig.so.1', 'libfreetype.so.6', 'libxcb.so.1', 'libdl.so.2', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux.so.2']
  root@557096f567b5:/test# find risvc/ -type f -executable | xargs python3 symbol-check.py
  ['libpthread.so.0', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-riscv64-lp64d.so.1']
  ['libpthread.so.0', 'libfontconfig.so.1', 'libfreetype.so.6', 'libxcb.so.1', 'libdl.so.2', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-riscv64-lp64d.so.1', 'libatomic.so.1']
  root@557096f567b5:/test# find x86_64/ -type f -executable | xargs python3 symbol-check.py
  ['libpthread.so.0', 'librt.so.1', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-x86-64.so.2']
  ['libpthread.so.0', 'librt.so.1', 'libfontconfig.so.1', 'libfreetype.so.6', 'libxcb.so.1', 'libdl.so.2', 'libm.so.6', 'libgcc_s.so.1', 'libc.so.6', 'ld-linux-x86-64.so.2']
  ```

ACKs for top commit:
  laanwj:
    ACK, good catch ec89d2882a591f6af5aad57ab8638250d9dc1add

Tree-SHA512: 6bc118da190a5c37d26f0dfad5d4661add2ef15525668efb93425423bddbddabf3d7d8809464e79691f517fbe2aab241678652b3dc55ec3f452cf0dcbc26057c
2021-07-14 18:43:47 -05:00