Commit Graph

14 Commits

Author SHA1 Message Date
Kittywhiskers Van Gogh
0a7b8bda4f merge bitcoin#25357: drop -z,noexecstack for PPC64 2023-06-29 12:31:03 -05:00
Kittywhiskers Van Gogh
9c5d657c54 merge bitcoin#26018: consistently use -ffile-prefix-map 2023-06-29 12:31:03 -05:00
Kittywhiskers Van Gogh
51675eef1d merge bitcoin#25558: Make windows cross architecture reproducible 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
cc1fcb0f44 merge bitcoin#25490: more cross arch reproducibility (x86_64 -> arm64) 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
fe4b87cabb merge bitcoin#25076: native GCC 10 toolchain for Linux builds 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
808367dd7c merge bitcoin#24842: fix GCC 10.3.0 + mingw-w64 setjmp/longjmp issues 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
edf48e4c38 merge bitcoin#24736: fix vmov alignment issues with gcc 10.3.0 & mingw-w64 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
1158ebb2e6 merge bitcoin#23778: Guix 1.4.0 & GCC 10.3 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
24a6642b6f partial bitcoin#22381: Test security-check sanity before performing them (with macOS)
excludes:
- d6ef3543ae16847d5a91fa9271acee9bd2164b32
2023-06-07 14:42:02 +05:30
Konstantin Akimov
559190fb27 docs: dashification of guix 2023-04-15 12:13:27 -05:00
fanquake
088342b617 partial Merge bitcoin/bitcoin#22405: build: remove --enable-glibc-back-compat from Guix build
797b3ed9090030f32fade81803b580562d4a90a3 script: remove gitian reference from symbol-check.py (fanquake)
15fc9a0299091bfeb3370f993ad95ff638f6ba8c guix: add additional documentation to patches (fanquake)
4516e5ec9223486fe2eba7f4320d786d074a58fd lint: exclude Guix patches from spell-checking (fanquake)
de6ca41a52d2646598daae5f4620bbe766757e21 guix: no-longer pass --enable-glibc-back-compat to Guix (fanquake)
84dd81fb5bf7308b8070b53520266854fb6efad3 build: remove glibc backcompat requirement for Linux symbol checks (fanquake)

Pull request description:

  Now that our Guix toolchains are based on glibc 2.24 and 2.27 (RISCV), we don't need to use the `--enable-glibc-back-compat` option to produce binaries that don't use any symbols from glibc 2.17 and 2.27 or later.

  This also adds additional documentation to some Guix patches (pointed out in #22365) and removes Guix patches from the spelling linter, because that isn't our spelling.

  Symbol usage: https://gist.github.com/fanquake/d15604fc580718444c5aa4b3c3c75fdc.

  Guix Builds:
  ```bash
  bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
  ed54e6a6cf4fab328557c0c72eb08c73f2a58c6c70959544cf4b1882e75ea69e  guix-build-797b3ed90900/output/aarch64-linux-gnu/SHA256SUMS.part
  83bd9dadc59f89f848d143fa4fc3964f16fe0b4bdf35e5093b577ff2c4bd1f43  guix-build-797b3ed90900/output/aarch64-linux-gnu/bitcoin-797b3ed90900-aarch64-linux-gnu-debug.tar.gz
  94cb8c35281f12dec6ea5b390b66cad5e27ac8c45a30c42c8d38c438695d54c0  guix-build-797b3ed90900/output/aarch64-linux-gnu/bitcoin-797b3ed90900-aarch64-linux-gnu.tar.gz
  7318b63d65c0aa52d2446de8e1f40658d2e47ab8fb0268820c3b7585d140fb23  guix-build-797b3ed90900/output/arm-linux-gnueabihf/SHA256SUMS.part
  95e1ffb372964b73f539653ca703b70cf0c018801a9c4c0ffc46a0b63539253c  guix-build-797b3ed90900/output/arm-linux-gnueabihf/bitcoin-797b3ed90900-arm-linux-gnueabihf-debug.tar.gz
  039d3842e6499626cf955ae0a7590dd6b3d0935cdc217c98aaf9d156b0ebd3b4  guix-build-797b3ed90900/output/arm-linux-gnueabihf/bitcoin-797b3ed90900-arm-linux-gnueabihf.tar.gz
  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  guix-build-797b3ed90900/output/dist-archive/SKIPATTEST.TAG
  2c4e7b6e7aff63ba811e5bf59362d16866c3a358f8844fba8739a61192870622  guix-build-797b3ed90900/output/dist-archive/bitcoin-797b3ed90900.tar.gz
  955029b949c368eabd517dd33040d2f01e2ac6a55e7b4f9107907a7c6e0c6060  guix-build-797b3ed90900/output/powerpc64-linux-gnu/SHA256SUMS.part
  fd6d6b137f8efedf58a879d11205b1d4649e1f97d7f91e193239ef206fcc285d  guix-build-797b3ed90900/output/powerpc64-linux-gnu/bitcoin-797b3ed90900-powerpc64-linux-gnu-debug.tar.gz
  51736ac8e77737999f1b5bd4c381b0016f19a8d5e40e786fe941ff04e84c11c9  guix-build-797b3ed90900/output/powerpc64-linux-gnu/bitcoin-797b3ed90900-powerpc64-linux-gnu.tar.gz
  8c244c16bfa46c1efdb120e1d91fdd14d3f14eefee8d7e1fbb0a9b4664a5c315  guix-build-797b3ed90900/output/powerpc64le-linux-gnu/SHA256SUMS.part
  704ee593251a1b1c65a5bebeef93b23f266af4e8cbf8ae556150c3b2e8f06a6c  guix-build-797b3ed90900/output/powerpc64le-linux-gnu/bitcoin-797b3ed90900-powerpc64le-linux-gnu-debug.tar.gz
  0ec06ae7d344de20d61e3965d8b383747ef20b0e9d93a3165733ea23bdf2ead8  guix-build-797b3ed90900/output/powerpc64le-linux-gnu/bitcoin-797b3ed90900-powerpc64le-linux-gnu.tar.gz
  2dd6c6ecc67b0ea40ca9c43f92efca81ccd054b8db8c197ad84ad9674d510a25  guix-build-797b3ed90900/output/riscv64-linux-gnu/SHA256SUMS.part
  5ebb27a855a677f7a188d83995be6b2a3ea8606be152abb7fc7832713fb0677a  guix-build-797b3ed90900/output/riscv64-linux-gnu/bitcoin-797b3ed90900-riscv64-linux-gnu-debug.tar.gz
  bdaf1783f5e1861597afa37c1880364e118d9a7a7af8017302d82202791019f6  guix-build-797b3ed90900/output/riscv64-linux-gnu/bitcoin-797b3ed90900-riscv64-linux-gnu.tar.gz
  726c9092b60ac2e7d7e14b2c24467fcf276a6f89170a871ddab9dce6ac230699  guix-build-797b3ed90900/output/x86_64-apple-darwin18/SHA256SUMS.part
  2af4d709b44952654f3c08c86593bf2ccc9a44ed422783a1b95b8a199a894db2  guix-build-797b3ed90900/output/x86_64-apple-darwin18/bitcoin-797b3ed90900-osx-unsigned.dmg
  fd49ba445aa6cf3d8c47019a05e9e5740cb0f53349344dd80671297127f49f1a  guix-build-797b3ed90900/output/x86_64-apple-darwin18/bitcoin-797b3ed90900-osx-unsigned.tar.gz
  3f51cbf8cf18420d4be70e656aa993675cf5e828a255c2030047ae2e059ed5b7  guix-build-797b3ed90900/output/x86_64-apple-darwin18/bitcoin-797b3ed90900-osx64.tar.gz
  afd1edee1447bb88d81e972abfae4c4e065b5b1827769f033cff9472084c7c1b  guix-build-797b3ed90900/output/x86_64-linux-gnu/SHA256SUMS.part
  ec468ef886d25e685f4f7a18b4f7d497dedf757495e0d5beb72c23cc32ab69b5  guix-build-797b3ed90900/output/x86_64-linux-gnu/bitcoin-797b3ed90900-x86_64-linux-gnu-debug.tar.gz
  1934d7294f0c9e083d38a3f68d4a61cd679defa79ce0a89f77386978692b9b18  guix-build-797b3ed90900/output/x86_64-linux-gnu/bitcoin-797b3ed90900-x86_64-linux-gnu.tar.gz
  94c11c328a628052eb6f50e9816aa768f87ea7acfbbbafdab60f6928da766811  guix-build-797b3ed90900/output/x86_64-w64-mingw32/SHA256SUMS.part
  fd371922ba93d81bd4a2b711d617af6756f9f0494db6d83aa0e5f491a24168ef  guix-build-797b3ed90900/output/x86_64-w64-mingw32/bitcoin-797b3ed90900-win-unsigned.tar.gz
  4e4ad976bc029bbbf9596ad8493accaaba8b0d5c598dd342f8da330609bbdf21  guix-build-797b3ed90900/output/x86_64-w64-mingw32/bitcoin-797b3ed90900-win64-debug.zip
  3a89a16b9101e9a17d98efb9234b5bdd264c0bba2c6326511017730e1a08311f  guix-build-797b3ed90900/output/x86_64-w64-mingw32/bitcoin-797b3ed90900-win64-setup-unsigned.exe
  e285ab737e3c843fd3f1c26c2f053e421a3c39b33995747ce48281884d3f28d1  guix-build-797b3ed90900/output/x86_64-w64-mingw32/bitcoin-797b3ed90900-win64.zip
  ```

ACKs for top commit:
  sipa:
    utACK 797b3ed9090030f32fade81803b580562d4a90a3
  hebasto:
    ACK 797b3ed9090030f32fade81803b580562d4a90a3

Tree-SHA512: 3a569702d8832c155c5ce8d2f6d823f7f12603885576078bc5192bc9038a48261ecb541800f79d1e9bc86d71fa640265c5b8b89df9d8bb680b3bb05d9d78a666
2023-03-26 16:50:26 -05:00
fanquake
7084e52141 Merge bitcoin/bitcoin#22365: guix: Avoid relying on newer symbols by rebasing our cross toolchains on older glibcs
647f7e5f1da1089d451f3c431efc635b8e87b064 guix: Also sort SHA256SUMS.part (Carl Dong)
dc4137a60c99979b89f75d2bddba96d043f387b8 guix: Build depends/qt with our platform definition (Carl Dong)
16b0a936e15b81710755303e11ef51f608b61475 guix: Rebase toolchain on glibc 2.24 (2.27 for riscv64) (Carl Dong)

Pull request description:

  After this PR, we'll have the following:
  - riscv64 -> build with a toolchain targeting glibc 2.27
  - everything else -> builds with a toolchain targeting glibc 2.24, but will not have symbols > 2.17 (checked by `symbol-check.py`)

ACKs for top commit:
  achow101:
    reACK 647f7e5f1da1089d451f3c431efc635b8e87b064
  hebasto:
    ACK 647f7e5f1da1089d451f3c431efc635b8e87b064
  MarcoFalke:
    review ACK 647f7e5f1da1089d451f3c431efc635b8e87b064
  fanquake:
    ACK 647f7e5f1da1089d451f3c431efc635b8e87b064 - documentation can be fixed shortly.

Tree-SHA512: ddff57a5d7c053687b0a273720d4ad7d28c6fc8816226d4304869284d017af5e3630d4b57565d91e74f2e1b7583c9c83ee8b2e5e70e41d619ab618e602c97a94
2023-03-26 16:50:26 -05:00
W. J. van der Laan
033e30de8b Merge bitcoin/bitcoin#21239: guix: Add codesignature attachment support for osx+win
ee883201cf134952284632e9e9ae72bf1c8c792f guix: repro: Sort find output in libtool for gcc-8 (Carl Dong)
ee0a67c32a8861eab650bf8894af06807578eba0 codesigning: Use SHA256 as digest for osslsigncode (Windows) (Carl Dong)
38eb91eb0616ed6dbe34c23e11588d130fef07f8 guix: Add codesigning functionality (Carl Dong)
bac2690e6f683fcedb883fe1d32f3c33c628a141 guix: Package codesigning tools (Carl Dong)
0a2176d47767972e4cd5ed302c1dbeedece1708b guix: Reindent existing manifest.scm (Carl Dong)
c090a3e9238ba2df07875b4708e908d8dca4ed9b Makefile.am: use APP_DIST_DIR instead of hard-coding dist (Carl Dong)

Pull request description:

  This is the last PR before we reach feature-parity with the Gitian process!

  Note: I tried using the `Makefile` inside the distsrc to make the dmg instead of manually listing out the commands, but `make` seems to want to re-make a lot of other files which broke the dmg.

  The workflow looks something like this:
  1. `env [ FOO=bar... ] ./contrib/guix/guix-build` (add additional env vars as necessary)
  2. Codesigners only:
      1.  Copy `guix-build-<short-id>/output/x86_64-apple-darwin18/bitcoin-<short-id>-osx-unsigned.tar.gz` and `guix-build-<short-id>/output/x86_64-w64-mingw32/bitcoin-<short-id>-win-unsigned.tar.gz` to signing computer
      2. Codesign with `./detached-sig-create.sh` inside the tarball
      3. Upload contents of `signature-{osx,win}.tar.gz` to https://github.com/bitcoin-core/bitcoin-detached-sigs (as a new tag)
  3. Checkout new tag for `bitcoin-core/bitcoin-detached-sigs` with the detached signatures
  4. `env [ FOO=bar... ] DETACHED_SIGS_REPO=<path/to/bitcoin-detached-sigs> ./contrib/guix/guix-codesign` (modify env vars as necessary)
  5. Make sure `guix.sigs` is cloned and updated
  6. `env GUIX_SIGS_REPO=<path/to/guix.sigs> SIGNER=0x96AB007F1A7ED999=dongcarl ./contrib/guix/guix-attest` (modify env vars as necessary)
  7. Commit your new signatures and SHA256SUMS in `guix.sigs`
  8. Optionally, after there are multiple signatures in `guix.sigs`: `env GUIX_SIGS_REPO=<path/to/guix.sigs> ./contrib/guix/guix-verify`

ACKs for top commit:
  laanwj:
    Tested ACK ee883201cf134952284632e9e9ae72bf1c8c792f
  achow101:
    ACK ee883201cf134952284632e9e9ae72bf1c8c792f

Tree-SHA512: e812a07a5f19f900600c70cb9c717769ef544a6c0c12760b5558b76b6b37df863257f3dbf38b0757e6e06e334470267e94c9f2bdbc27409d6837b1a0bfc6acbc
2023-03-26 16:50:26 -05:00
fanquake
1c79710e65 Merge #20937: guix: Make nsis reproducible by respecting SOURCE-DATE-EPOCH
1fca9811e1331ac5dae8188f6178cc37da4929a7 lint: Skip whitespace lint for guix patches (Carl Dong)
a91c46c57d88fc399432afab7bb0fb14c3e490a7 guix: Make nsis reproducible by respecting SOURCE-DATE-EPOCH (Carl Dong)

Pull request description:

  ```
  When building nsis, if VERSION is not specified, it defaults to
  cvs_version which is non-deterministic as it includes the current date.

  This patches nsis to default to SOURCE_DATE_EPOCH if it exists so that
  nsis is reproducible.

  Upstream change: https://github.com/kichik/nsis/pull/13
  ```

  Sidenote: also a good demonstration of how Guix allows us to flexibly patch our tools!

  Note to reviewers: if you want to compare hashes, please build after Jan 16th 2021 without my substitute server enabled!

ACKs for top commit:
  fanquake:
    ACK 1fca9811e1331ac5dae8188f6178cc37da4929a7

Tree-SHA512: b800e0ce5f73827ad353739effb9167ec3a6bdb362c725ae20dd3f025ce78660f85c70ce1d75cd0896facf1e8fe38a9e058459ed13dec71ab3a2fe41e20eaa5d
2023-03-26 16:50:26 -05:00