mirror of
https://github.com/dashpay/dash.git
synced 2024-12-26 12:32:48 +01:00
3e693ddfb5
7a0b129c41d9fefdbc20d6d04983dd87bb8379e7 guix: patch NSIS to remove .reloc sections from install stubs (fanquake) Pull request description: With the release of binutils/ld 2.36, ld swapped to much improved default settings when producing windows binaries with mingw-w64. One of these changes was to stop stripping the .reloc section from binaries, which is required for working ASLR. When we switched to using a newer Guix time-machine in #23778, we begun using binutils 2.37 to produce releases. Since then, our windows installer (produced with makensis) has not functioned correctly when run on a Windows system with the "Force randomization for images (Mandatory ASLR)" option enabled. Note that all of our other release binaries, which all contain .reloc sections, function fine under the same option, so it cannot be just the presence of a .reloc section that is the issue. The root cause of the problem is that when we compile NSIS (makensis), a number of exe installer stubs are produced at the same time, for use later when makensis is actually run. Given the new linker defaults, the stubs will contain .reloc sections, when previously they would not. It seems that, in combination with how makensis mutates the stub when it actually builds the installer, causes the problem. According to upstream, https://sourceforge.net/p/nsis/bugs/1131/#abb6: > Looks like the problem is the very existance of the .reloc section. > It's not supposed to be there, and makensis doesn't handle it. The most recent .reloc related upstream activity is in https://sourceforge.net/p/nsis/bugs/1283/, where the conclusion again seemed to be that .relo sections are not wanted, but there hasn't been any further follow up. For now, restore pre-binutils-2.36 behaviour, by passing `-Wl,--disable-reloc-section` to the linker when building the installer stubs, which fixes the produced installer. The underlying issue can be further investigated in future. .reloc section stripping is something we've accounted for previously, see #18702, and related upstream discussion is in this thread: https://sourceware.org/bugzilla/show_bug.cgi?id=19011. Fixes #25726. Guix Build (x86_64): ```bash 7e0723388913ac1ec9f650b943c6b23351ba0cd921c0ec830abf16b16724d503 guix-build-7a0b129c41d9/output/dist-archive/bitcoin-7a0b129c41d9.tar.gz c3bb9c68895ffafa2900b0d18c1268e299d012a7dc70593f20f9900cf116eb05 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/SHA256SUMS.part b57aa99c242b0aae64653c64ada38f6d3f0cbd902bbc096d3dc529fdcf87d681 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-debug.zip 341d99afc9961299883be6cd9666e8bc0f3f6296cff758719a32d27419acad36 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-setup-unsigned.exe 1d9ef48d3c9ed93a925962356b41cdaeb9d09fd758de193cd4d5f4d1ec6791eb guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-unsigned.tar.gz 28c81d99a9a4bd6648449393f91db213369e958add579ba9e9a1721540d2c4f7 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64.zip ``` Guix Build (arm64): ```bash 7e0723388913ac1ec9f650b943c6b23351ba0cd921c0ec830abf16b16724d503 guix-build-7a0b129c41d9/output/dist-archive/bitcoin-7a0b129c41d9.tar.gz c3bb9c68895ffafa2900b0d18c1268e299d012a7dc70593f20f9900cf116eb05 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/SHA256SUMS.part b57aa99c242b0aae64653c64ada38f6d3f0cbd902bbc096d3dc529fdcf87d681 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-debug.zip 341d99afc9961299883be6cd9666e8bc0f3f6296cff758719a32d27419acad36 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-setup-unsigned.exe 1d9ef48d3c9ed93a925962356b41cdaeb9d09fd758de193cd4d5f4d1ec6791eb guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-unsigned.tar.gz 28c81d99a9a4bd6648449393f91db213369e958add579ba9e9a1721540d2c4f7 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64.zip ``` ACKs for top commit: achow101: ACK 7a0b129c41d9fefdbc20d6d04983dd87bb8379e7 hebasto: ACK 7a0b129c41d9fefdbc20d6d04983dd87bb8379e7 jarolrod: ACK 7a0b129c41d9fefdbc20d6d04983dd87bb8379e7 Tree-SHA512: 9e14e98207d20236b833603319fc4bb335c878a7c179ab495b33d143e2a900c6926125536bbb7499ee4f0f676cd5ea45c8c86cd7e544ed9a76bb298f98db6197
31 lines
1.4 KiB
Diff
31 lines
1.4 KiB
Diff
Patch NSIS so that it's installer stubs, produced at NSIS build time,
|
|
do not contain .reloc sections, which will exist by default when using
|
|
binutils/ld 2.36+.
|
|
|
|
This ultimately fixes an issue when running the installer with the
|
|
"Force randomization for images (Mandatory ASLR)" setting active.
|
|
|
|
This patch has not yet been sent upstream, because it's not clear if this
|
|
is the best fix, for the underlying issue, which seems to be that makensis
|
|
doesn't account for .reloc sections when it builds installers.
|
|
|
|
The existence of a reloc section shouldn't be a problem, and, if anything,
|
|
is actually a requirement for working ASLR. All other Windows binaries we
|
|
produce contain them, and function correctly when under the same
|
|
"Force randomization for images (Mandatory ASLR)" setting.
|
|
|
|
See:
|
|
https://github.com/bitcoin/bitcoin/issues/25726
|
|
https://sourceforge.net/p/nsis/bugs/1131/
|
|
|
|
--- a/SCons/Config/gnu
|
|
+++ b/SCons/Config/gnu
|
|
@@ -102,6 +102,7 @@ stub_env.Append(LINKFLAGS = ['-mwindows']) # build windows executables
|
|
stub_env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG']) # no standard libraries
|
|
stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align
|
|
stub_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file
|
|
+stub_env.Append(LINKFLAGS = ['-Wl,--disable-reloc-section'])
|
|
|
|
conf = FlagsConfigure(stub_env)
|
|
conf.CheckCompileFlag('-fno-tree-loop-distribute-patterns') # GCC 10: Don't generate msvcrt!memmove calls (bug #1248)
|