diff --git a/.gitignore b/.gitignore index 949403cc230e..9a73e23bdbbf 100644 --- a/.gitignore +++ b/.gitignore @@ -76,7 +76,6 @@ libconftest.dylib* *.log *.trs *.dmg -*.iso *.json.h *.raw.h diff --git a/Makefile.am b/Makefile.am index b9a89fa76240..ef535b86c432 100644 --- a/Makefile.am +++ b/Makefile.am @@ -13,7 +13,7 @@ if ENABLE_MAN SUBDIRS += doc/man endif .PHONY: deploy FORCE -.INTERMEDIATE: $(OSX_TEMP_ISO) $(COVERAGE_INFO) +.INTERMEDIATE: $(COVERAGE_INFO) export PYTHONPATH @@ -37,7 +37,6 @@ space := $(empty) $(empty) OSX_APP=Dash-Qt.app OSX_VOLNAME = $(subst $(space),-,$(PACKAGE_NAME)) OSX_DMG = $(OSX_VOLNAME).dmg -OSX_TEMP_ISO = $(OSX_DMG:.dmg=).temp.iso OSX_DEPLOY_SCRIPT=$(top_srcdir)/contrib/macdeploy/macdeployqtplus OSX_INSTALLER_ICONS=$(top_srcdir)/src/qt/res/icons/dash.icns OSX_PLIST=$(top_builddir)/share/qt/Info.plist #not installed @@ -127,19 +126,15 @@ deploydir: $(OSX_DMG) else !BUILD_DARWIN APP_DIST_DIR=$(top_builddir)/dist -$(OSX_TEMP_ISO): $(APP_DIST_DIR)/$(OSX_APP)/Contents/MacOS/Dash-Qt +$(OSX_DMG): deploydir $(XORRISOFS) -D -l -V "$(OSX_VOLNAME)" -no-pad -r -dir-mode 0755 -o $@ $(APP_DIST_DIR) -- $(if $(SOURCE_DATE_EPOCH),-volume_date all_file_dates =$(SOURCE_DATE_EPOCH)) -$(OSX_DMG): $(OSX_TEMP_ISO) - $(DMG) dmg "$<" "$@" - $(APP_DIST_DIR)/$(OSX_APP)/Contents/MacOS/Dash-Qt: $(OSX_APP_BUILT) $(OSX_PACKAGING) INSTALLNAMETOOL=$(INSTALLNAMETOOL) OTOOL=$(OTOOL) STRIP=$(STRIP) $(PYTHON) $(OSX_DEPLOY_SCRIPT) $(OSX_APP) $(OSX_VOLNAME) -translations-dir=$(QT_TRANSLATION_DIR) deploydir: $(APP_DIST_DIR)/$(OSX_APP)/Contents/MacOS/Dash-Qt endif !BUILD_DARWIN -appbundle: $(OSX_APP_BUILT) deploy: $(OSX_DMG) endif diff --git a/configure.ac b/configure.ac index 4081edea605f..08006d3c9808 100644 --- a/configure.ac +++ b/configure.ac @@ -846,7 +846,6 @@ case $host in AC_PATH_TOOL([INSTALLNAMETOOL], [install_name_tool], install_name_tool) AC_PATH_TOOL([OTOOL], [otool], otool) AC_PATH_PROGS([XORRISOFS], [xorrisofs], xorrisofs) - AC_PATH_PROGS([DMG], [dmg], dmg) dnl libtool will try to strip the static lib, which is a problem for dnl cross-builds because strip attempts to call a hard-coded ld, @@ -960,8 +959,6 @@ if test x$ac_cv_sys_large_files != x && CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files" fi -AC_SEARCH_LIBS([clock_gettime],[rt]) - if test "x$enable_gprof" = xyes; then dnl -pg is incompatible with -pie. Since hardening and profiling together doesn't make sense, dnl we simply make them mutually exclusive here. Additionally, hardened toolchains may force diff --git a/contrib/containers/ci/Dockerfile b/contrib/containers/ci/Dockerfile index d8ba16d76fe5..f80a1b5174b5 100644 --- a/contrib/containers/ci/Dockerfile +++ b/contrib/containers/ci/Dockerfile @@ -76,7 +76,7 @@ RUN pip3 install \ codespell==1.17.1 \ flake8==3.8.3 \ jinja2 \ - lief==0.12.1 \ + lief==0.13.2 \ pyzmq \ vulture==2.3 \ mypy==0.781 \ diff --git a/contrib/containers/guix/Dockerfile b/contrib/containers/guix/Dockerfile index 102b5162c883..4b09a24c12b6 100644 --- a/contrib/containers/guix/Dockerfile +++ b/contrib/containers/guix/Dockerfile @@ -31,7 +31,7 @@ ENV PATH="/usr/local/bin:/usr/local/guix/current/bin:$PATH" # Application Setup # https://guix.gnu.org/manual/en/html_node/Application-Setup.html ENV GUIX_LOCPATH="/usr/local/guix/profile" \ - LC_ALL="C" + LC_ALL="en_US.UTF-8" RUN guix_file_name=guix-binary-${guix_version}.$(uname -m)-linux.tar.xz && \ eval "guix_checksum=\${guix_checksum_$(uname -m)}" && \ diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index 16ef3a0c7ba3..cb49dba3b110 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -113,7 +113,7 @@ def check_ELF_control_flow(binary) -> bool: main = binary.get_function_address('main') content = binary.get_content_from_virtual_address(main, 4, lief.Binary.VA_TYPES.AUTO) - if content == [243, 15, 30, 250]: # endbr64 + if content.tolist() == [243, 15, 30, 250]: # endbr64 return True return False @@ -142,7 +142,7 @@ def check_PE_control_flow(binary) -> bool: content = binary.get_content_from_virtual_address(virtual_address, 4, lief.Binary.VA_TYPES.VA) - if content == [243, 15, 30, 250]: # endbr64 + if content.tolist() == [243, 15, 30, 250]: # endbr64 return True return False @@ -190,7 +190,7 @@ def check_MACHO_control_flow(binary) -> bool: ''' content = binary.get_content_from_virtual_address(binary.entrypoint, 4, lief.Binary.VA_TYPES.AUTO) - if content == [243, 15, 30, 250]: # endbr64 + if content.tolist() == [243, 15, 30, 250]: # endbr64 return True return False diff --git a/contrib/devtools/symbol-check.py b/contrib/devtools/symbol-check.py index fd070b28236e..33f481f77baf 100755 --- a/contrib/devtools/symbol-check.py +++ b/contrib/devtools/symbol-check.py @@ -15,20 +15,20 @@ import lief -# Debian 11 (Bullseye) EOL: est. 2026 https://wiki.debian.org/LTS +# Debian 11 (Bullseye) EOL: 2026. https://wiki.debian.org/LTS # -# - libgcc version 10.2.1 (https://packages.debian.org/search?suite=bullseye&arch=any&searchon=names&keywords=libgcc-s1) -# - libc version 2.31 (https://packages.debian.org/search?suite=bullseye&arch=any&searchon=names&keywords=libc6) +# - libgcc version 10.2.1 (https://packages.debian.org/bullseye/libgcc-s1) +# - libc version 2.31 (https://packages.debian.org/source/bullseye/glibc) # # Ubuntu 20.04 (Focal) EOL: 2030. https://wiki.ubuntu.com/ReleaseTeam # -# - libgcc version 10.3.0 (https://packages.ubuntu.com/focal/libgcc1) +# - libgcc version 10.5.0 (https://packages.ubuntu.com/focal/libgcc1) # - libc version 2.31 (https://packages.ubuntu.com/focal/libc6) # -# CentOS Stream 9 EOL: est. 2027 https://www.centos.org/cl-vs-cs +# CentOS Stream 9 EOL: 2027. https://www.centos.org/cl-vs-cs/#end-of-life # -# - libgcc version 12.2.1 (https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages) -# - libc version 2.34 (https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages) +# - libgcc version 12.2.1 (https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages/) +# - libc version 2.34 (https://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages/) # # See https://gcc.gnu.org/onlinedocs/libstdc++/manual/abi.html for more info. @@ -101,7 +101,6 @@ 'libc.so.6', # C library 'libpthread.so.0', # threading 'libm.so.6', # math library -'librt.so.1', # real-time (clock) 'libatomic.so.1', 'ld-linux-x86-64.so.2', # 64-bit dynamic linker 'ld-linux.so.2', # 32-bit dynamic linker diff --git a/contrib/devtools/test-security-check.py b/contrib/devtools/test-security-check.py index 9f45365c3b3f..7bfe08e3911e 100755 --- a/contrib/devtools/test-security-check.py +++ b/contrib/devtools/test-security-check.py @@ -58,32 +58,32 @@ def test_ELF(self): arch = get_arch(cc, source, executable) if arch == lief.ARCHITECTURES.X86: - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-fno-stack-protector','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), - (1, executable+': failed PIE NX RELRO Canary CONTROL_FLOW')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fno-stack-protector','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), - (1, executable+': failed PIE RELRO Canary CONTROL_FLOW')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), + (1, executable+': failed PIE NX RELRO CONTROL_FLOW')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), (1, executable+': failed PIE RELRO CONTROL_FLOW')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']), + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), + (1, executable+': failed PIE RELRO CONTROL_FLOW')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']), (1, executable+': failed RELRO CONTROL_FLOW')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']), + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']), (1, executable+': failed separate_code CONTROL_FLOW')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']), + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']), (1, executable+': failed CONTROL_FLOW')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code', '-fcf-protection=full']), + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code', '-fcf-protection=full']), (0, '')) else: - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-fno-stack-protector','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), - (1, executable+': failed PIE NX RELRO Canary')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fno-stack-protector','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), - (1, executable+': failed PIE RELRO Canary')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-zexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), + (1, executable+': failed PIE NX RELRO')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), + (1, executable+': failed PIE RELRO')) + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-no-pie','-fno-PIE', '-Wl,-z,separate-code']), (1, executable+': failed PIE RELRO')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']), + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-znorelro','-pie','-fPIE', '-Wl,-z,separate-code']), (1, executable+': failed RELRO')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']), + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,noseparate-code']), (1, executable+': failed separate_code')) - self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-fstack-protector-all','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']), + self.assertEqual(call_security_check(cc, source, executable, ['-Wl,-znoexecstack','-Wl,-zrelro','-Wl,-z,now','-pie','-fPIE', '-Wl,-z,separate-code']), (0, '')) clean_files(source, executable) diff --git a/contrib/devtools/test-symbol-check.py b/contrib/devtools/test-symbol-check.py index a5f23e7754f0..6d5f693090ac 100755 --- a/contrib/devtools/test-symbol-check.py +++ b/contrib/devtools/test-symbol-check.py @@ -38,11 +38,6 @@ def test_ELF(self): executable = 'test1' cc = determine_wellknown_cmd('CC', 'gcc') - # there's no way to do this test for ARM at the moment; we build for - # ARM in a glibc 2.31 envinonment and we allow all symbols from 2.28. - if 'arm' in get_machine(cc): - self.skipTest("test not available for 32-bit ARM") - # -lutil is part of the libc6 package so a safe bet that it's installed # it's also out of context enough that it's unlikely to ever become a real dependency source = 'test2.c' diff --git a/contrib/guix/guix-build b/contrib/guix/guix-build index 227e1cf6440d..415e97c57daa 100755 --- a/contrib/guix/guix-build +++ b/contrib/guix/guix-build @@ -74,7 +74,7 @@ mkdir -p "$VERSION_BASE" ################ # Default to building for all supported HOSTs (overridable by environment) -export HOSTS="${HOSTS:-x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu riscv64-linux-gnu +export HOSTS="${HOSTS:-x86_64-linux-gnu arm-linux-gnueabihf aarch64-linux-gnu riscv64-linux-gnu powerpc64-linux-gnu powerpc64le-linux-gnu x86_64-w64-mingw32 x86_64-apple-darwin arm64-apple-darwin}" diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh index f963578db5eb..c357a9da494f 100755 --- a/contrib/guix/libexec/build.sh +++ b/contrib/guix/libexec/build.sh @@ -54,7 +54,8 @@ BASEPREFIX="${PWD}/depends" store_path() { grep --extended-regexp "/[^-]{32}-${1}-[^-]+${2:+-${2}}" "${GUIX_ENVIRONMENT}/manifest" \ | head --lines=1 \ - | sed --expression='s|^[[:space:]]*"||' \ + | sed --expression='s|\x29*$||' \ + --expression='s|^[[:space:]]*"||' \ --expression='s|"[[:space:]]*$||' } @@ -71,29 +72,12 @@ unset CPLUS_INCLUDE_PATH unset OBJC_INCLUDE_PATH unset OBJCPLUS_INCLUDE_PATH -export LIBRARY_PATH="${NATIVE_GCC}/lib:${NATIVE_GCC}/lib64:${NATIVE_GCC_STATIC}/lib:${NATIVE_GCC_STATIC}/lib64" +export LIBRARY_PATH="${NATIVE_GCC}/lib:${NATIVE_GCC_STATIC}/lib" export C_INCLUDE_PATH="${NATIVE_GCC}/include" export CPLUS_INCLUDE_PATH="${NATIVE_GCC}/include/c++:${NATIVE_GCC}/include" export OBJC_INCLUDE_PATH="${NATIVE_GCC}/include" export OBJCPLUS_INCLUDE_PATH="${NATIVE_GCC}/include/c++:${NATIVE_GCC}/include" -prepend_to_search_env_var() { - export "${1}=${2}${!1:+:}${!1}" -} - -case "$HOST" in - *darwin*) - # When targeting darwin, zlib is required by native_libdmg-hfsplus. - zlib_store_path=$(store_path "zlib") - zlib_static_store_path=$(store_path "zlib" static) - - prepend_to_search_env_var LIBRARY_PATH "${zlib_static_store_path}/lib:${zlib_store_path}/lib" - prepend_to_search_env_var C_INCLUDE_PATH "${zlib_store_path}/include" - prepend_to_search_env_var CPLUS_INCLUDE_PATH "${zlib_store_path}/include" - prepend_to_search_env_var OBJC_INCLUDE_PATH "${zlib_store_path}/include" - prepend_to_search_env_var OBJCPLUS_INCLUDE_PATH "${zlib_store_path}/include" -esac - # Set environment variables to point the CROSS toolchain to the right # includes/libs for $HOST case "$HOST" in @@ -326,8 +310,7 @@ mkdir -p "$DISTSRC" make deploydir ${V:+V=1} mkdir -p "unsigned-app-${HOST}" cp --target-directory="unsigned-app-${HOST}" \ - contrib/macdeploy/detached-sig-create.sh \ - "${BASEPREFIX}/${HOST}"/native/bin/dmg + contrib/macdeploy/detached-sig-create.sh mv --target-directory="unsigned-app-${HOST}" dist ( cd "unsigned-app-${HOST}" diff --git a/contrib/guix/libexec/codesign.sh b/contrib/guix/libexec/codesign.sh index 91183fb53c30..c0976286908a 100755 --- a/contrib/guix/libexec/codesign.sh +++ b/contrib/guix/libexec/codesign.sh @@ -70,6 +70,7 @@ mkdir -p "$DISTSRC" osslsigncode attach-signature \ -in "$infile" \ -out "${OUTDIR}/${infile_base/-unsigned}" \ + -CAfile "$GUIX_ENVIRONMENT/etc/ssl/certs/ca-certificates.crt" \ -sigin codesignatures/win/"$infile_base".pem done ;; @@ -77,14 +78,11 @@ mkdir -p "$DISTSRC" # Apply detached codesignatures to dist/ (in-place) signapple apply dist/Dash-Qt.app codesignatures/osx/dist - # Make an uncompressed DMG from dist/ + # Make a DMG from dist/ xorrisofs -D -l -V "$(< osx_volname)" -no-pad -r -dir-mode 0755 \ - -o uncompressed.dmg \ + -o "${OUTDIR}/${DISTNAME}-${HOST}.dmg" \ dist \ -- -volume_date all_file_dates ="$SOURCE_DATE_EPOCH" - - # Compress uncompressed.dmg and output to OUTDIR - ./dmg dmg uncompressed.dmg "${OUTDIR}/${DISTNAME}-${HOST}.dmg" ;; *) exit 1 diff --git a/contrib/guix/libexec/prelude.bash b/contrib/guix/libexec/prelude.bash index f9b541b510b8..a31db6c04db5 100644 --- a/contrib/guix/libexec/prelude.bash +++ b/contrib/guix/libexec/prelude.bash @@ -51,7 +51,7 @@ fi time-machine() { # shellcheck disable=SC2086 guix time-machine --url=https://git.savannah.gnu.org/git/guix.git \ - --commit=998eda3067c7d21e0d9bb3310d2f5a14b8f1c681 \ + --commit=160f78a4d92205df986ed9efcce7d3aac188cb24 \ --cores="$JOBS" \ --keep-failed \ --fallback \ diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index beea4d6a17b2..e50574015fe8 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -1,12 +1,10 @@ -(use-modules (gnu) - (gnu packages) +(use-modules (gnu packages) (gnu packages autotools) - (gnu packages base) - (gnu packages bash) - (gnu packages certs) - (gnu packages cdrom) - (gnu packages check) - (gnu packages cmake) + ((gnu packages bash) #:select (bash-minimal)) + (gnu packages bison) + ((gnu packages certs) #:select (nss-certs)) + ((gnu packages cdrom) #:select (xorriso)) + ((gnu packages cmake) #:select (cmake-minimal)) (gnu packages commencement) (gnu packages compression) (gnu packages cross-base) @@ -14,30 +12,27 @@ (gnu packages file) (gnu packages gawk) (gnu packages gcc) - (gnu packages gnome) - (gnu packages installers) - (gnu packages linux) + ((gnu packages installers) #:select (nsis-x86_64)) + ((gnu packages linux) #:select (linux-libre-headers-5.15 util-linux)) (gnu packages llvm) (gnu packages mingw) (gnu packages moreutils) (gnu packages pkg-config) - (gnu packages python) - (gnu packages python-crypto) - (gnu packages python-web) - (gnu packages shells) - (gnu packages bison) - (gnu packages tls) - (gnu packages version-control) + ((gnu packages python) #:select (python-minimal)) + ((gnu packages python-build) #:select (python-tomli)) + ((gnu packages python-crypto) #:select (python-asn1crypto)) + ((gnu packages python-web) #:select (python-requests)) + ((gnu packages tls) #:select (openssl)) + ((gnu packages version-control) #:select (git-minimal)) + (guix build-system cmake) (guix build-system gnu) (guix build-system python) (guix build-system trivial) - (guix download) (guix gexp) (guix git-download) ((guix licenses) #:prefix license:) (guix packages) - (guix profiles) - (guix utils)) + ((guix utils) #:select (substitute-keyword-arguments))) (define-syntax-rule (search-our-patches file-name ...) "Return the list of absolute file names corresponding to each @@ -46,41 +41,7 @@ FILE-NAME found in ./patches relative to the current file." ((%patch-path (list (string-append (dirname (current-filename)) "/patches")))) (list (search-patch file-name) ...))) -(define (make-ssp-fixed-gcc xgcc) - "Given a XGCC package, return a modified package that uses the SSP function -from glibc instead of from libssp.so. Our `symbol-check' script will complain if -we link against libssp.so, and thus will ensure that this works properly. - -Taken from: -http://www.linuxfromscratch.org/hlfs/view/development/chapter05/gcc-pass1.html" - (package - (inherit xgcc) - (arguments - (substitute-keyword-arguments (package-arguments xgcc) - ((#:make-flags flags) - `(cons "gcc_cv_libc_provides_ssp=yes" ,flags)))))) - -(define (make-gcc-rpath-link xgcc) - "Given a XGCC package, return a modified package that replace each instance of --rpath in the default system spec that's inserted by Guix with -rpath-link" - (package - (inherit xgcc) - (arguments - (substitute-keyword-arguments (package-arguments xgcc) - ((#:phases phases) - `(modify-phases ,phases - (add-after 'pre-configure 'replace-rpath-with-rpath-link - (lambda _ - (substitute* (cons "gcc/config/rs6000/sysv4.h" - (find-files "gcc/config" - "^gnu-user.*\\.h$")) - (("-rpath=") "-rpath-link=")) - #t)))))))) - -(define building-on (string-append (list-ref (string-split (%current-system) #\-) 0) "-guix-linux-gnu")) - -(define (explicit-cross-configure package) - (package-with-extra-configure-variable package "--build" building-on)) +(define building-on (string-append "--build=" (list-ref (string-split (%current-system) #\-) 0) "-guix-linux-gnu")) (define (make-cross-toolchain target base-gcc-for-libc @@ -91,28 +52,28 @@ http://www.linuxfromscratch.org/hlfs/view/development/chapter05/gcc-pass1.html" (let* ((xbinutils (cross-binutils target)) ;; 1. Build a cross-compiling gcc without targeting any libc, derived ;; from BASE-GCC-FOR-LIBC - (xgcc-sans-libc (explicit-cross-configure (cross-gcc target - #:xgcc base-gcc-for-libc - #:xbinutils xbinutils))) + (xgcc-sans-libc (cross-gcc target + #:xgcc base-gcc-for-libc + #:xbinutils xbinutils)) ;; 2. Build cross-compiled kernel headers with XGCC-SANS-LIBC, derived ;; from BASE-KERNEL-HEADERS (xkernel (cross-kernel-headers target - base-kernel-headers - xgcc-sans-libc - xbinutils)) + #:linux-headers base-kernel-headers + #:xgcc xgcc-sans-libc + #:xbinutils xbinutils)) ;; 3. Build a cross-compiled libc with XGCC-SANS-LIBC and XKERNEL, ;; derived from BASE-LIBC - (xlibc (explicit-cross-configure (cross-libc target - base-libc - xgcc-sans-libc - xbinutils - xkernel))) + (xlibc (cross-libc target + #:libc base-libc + #:xgcc xgcc-sans-libc + #:xbinutils xbinutils + #:xheaders xkernel)) ;; 4. Build a cross-compiling gcc targeting XLIBC, derived from ;; BASE-GCC - (xgcc (explicit-cross-configure (cross-gcc target - #:xgcc base-gcc - #:xbinutils xbinutils - #:libc xlibc)))) + (xgcc (cross-gcc target + #:xgcc base-gcc + #:xbinutils xbinutils + #:libc xlibc))) ;; Define a meta-package that propagates the resulting XBINUTILS, XLIBC, and ;; XGCC (package @@ -136,21 +97,12 @@ chain for " target " development.")) (define base-gcc gcc-10) (define base-linux-kernel-headers linux-libre-headers-5.15) -;; https://gcc.gnu.org/install/configure.html -(define (hardened-gcc gcc) - (package-with-extra-configure-variable ( - package-with-extra-configure-variable ( - package-with-extra-configure-variable gcc - "--enable-initfini-array" "yes") - "--enable-default-ssp" "yes") - "--enable-default-pie" "yes")) - (define* (make-bitcoin-cross-toolchain target #:key - (base-gcc-for-libc base-gcc) + (base-gcc-for-libc linux-base-gcc) (base-kernel-headers base-linux-kernel-headers) - (base-libc (hardened-glibc glibc-2.28)) - (base-gcc (make-gcc-rpath-link (hardened-gcc base-gcc)))) + (base-libc glibc-2.31) + (base-gcc linux-base-gcc)) "Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values desirable for building Dash Core release binaries." (make-cross-toolchain target @@ -159,26 +111,19 @@ desirable for building Dash Core release binaries." base-libc base-gcc)) -(define (make-gcc-with-pthreads gcc) - (package-with-extra-configure-variable - (package-with-extra-patches gcc - (search-our-patches "gcc-10-remap-guix-store.patch")) - "--enable-threads" "posix")) - -(define (make-mingw-w64-cross-gcc cross-gcc) - (package-with-extra-patches cross-gcc - (search-our-patches "vmov-alignment.patch" - "gcc-broken-longjmp.patch"))) +(define (gcc-mingw-patches gcc) + (package-with-extra-patches gcc + (search-our-patches "gcc-remap-guix-store.patch" + "vmov-alignment.patch"))) (define (make-mingw-pthreads-cross-toolchain target) "Create a cross-compilation toolchain package for TARGET" (let* ((xbinutils (cross-binutils target)) (pthreads-xlibc mingw-w64-x86_64-winpthreads) - (pthreads-xgcc (make-gcc-with-pthreads - (cross-gcc target - #:xgcc (make-ssp-fixed-gcc (make-mingw-w64-cross-gcc base-gcc)) + (pthreads-xgcc (cross-gcc target + #:xgcc (gcc-mingw-patches mingw-w64-base-gcc) #:xbinutils xbinutils - #:libc pthreads-xlibc)))) + #:libc pthreads-xlibc))) ;; Define a meta-package that propagates the resulting XBINUTILS, XLIBC, and ;; XGCC (package @@ -200,33 +145,71 @@ chain for " target " development.")) (define (make-nsis-for-gcc-10 base-nsis) (package-with-extra-patches base-nsis - (search-our-patches "nsis-gcc-10-memmove.patch" - "nsis-disable-installer-reloc.patch"))) + (search-our-patches "nsis-gcc-10-memmove.patch"))) + +;; While LIEF is packaged in Guix, we maintain our own package, +;; to simplify building, and more easily apply updates. +;; Moreover, the Guix's package uses cmake, which caused build +;; failure; see https://github.com/bitcoin/bitcoin/pull/27296. +(define-public python-lief + (package + (name "python-lief") + (version "0.13.2") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/lief-project/LIEF") + (commit version))) + (file-name (git-file-name name version)) + (modules '((guix build utils))) + (snippet + '(begin + ;; Configure build for Python bindings. + (substitute* "api/python/config-default.toml" + (("(ninja = )true" all m) + (string-append m "false")) + (("(parallel-jobs = )0" all m) + (string-append m (number->string (parallel-job-count))))))) + (sha256 + (base32 + "0y48x358ppig5xp97ahcphfipx7cg9chldj2q5zrmn610fmi4zll")))) + (build-system python-build-system) + (native-inputs (list cmake-minimal python-tomli)) + (arguments + (list + #:tests? #f ;needs network + #:phases #~(modify-phases %standard-phases + (add-before 'build 'change-directory + (lambda _ + (chdir "api/python"))) + (replace 'build + (lambda _ + (invoke "python" "setup.py" "build")))))) + (home-page "https://github.com/lief-project/LIEF") + (synopsis "Library to instrument executable formats") + (description + "@code{python-lief} is a cross platform library which can parse, modify +and abstract ELF, PE and MachO formats.") + (license license:asl2.0))) (define osslsigncode (package (name "osslsigncode") - (version "2.0") + (version "2.5") (source (origin - (method url-fetch) - (uri (string-append "https://github.com/mtrojnar/" - name "/archive/" version ".tar.gz")) + (method git-fetch) + (uri (git-reference + (url "https://github.com/mtrojnar/osslsigncode") + (commit version))) (sha256 (base32 - "0byri6xny770wwb2nciq44j5071122l14bvv65axdd70nfjf0q2s")))) - (build-system gnu-build-system) - (native-inputs - `(("pkg-config" ,pkg-config) - ("autoconf" ,autoconf) - ("automake" ,automake) - ("libtool" ,libtool))) + "1j47vwq4caxfv0xw68kw5yh00qcpbd56d7rq6c483ma3y7s96yyz")))) + (build-system cmake-build-system) (inputs - `(("openssl" ,openssl))) + `(("openssl", openssl))) (arguments - `(#:configure-flags - `("--without-gsf" - "--without-curl" - "--disable-dependency-tracking"))) + '(#:configure-flags + (list "-DCMAKE_DISABLE_FIND_PACKAGE_CURL=TRUE"))) (home-page "https://github.com/mtrojnar/osslsigncode") (synopsis "Authenticode signing and timestamping tool") (description "osslsigncode is a small tool that implements part of the @@ -262,7 +245,7 @@ thus should be able to compile on most platforms where these exist.") (define-public python-oscrypto (package (name "python-oscrypto") - (version "1.2.1") + (version "1.3.0") (source (origin (method git-fetch) @@ -272,7 +255,7 @@ thus should be able to compile on most platforms where these exist.") (file-name (git-file-name name version)) (sha256 (base32 - "1d4d8s4z340qhvb3g5m5v3436y3a71yc26wk4749q64m09kxqc3l")) + "1v5wkmzcyiqy39db8j2dvkdrv2nlsc48556h73x4dzjwd6kg4q0a")) (patches (search-our-patches "oscrypto-hard-code-openssl.patch")))) (build-system python-build-system) (native-search-paths @@ -502,68 +485,83 @@ and endian independent.") inspecting signatures in Mach-O binaries.") (license license:expat)))) -;; https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html -;; We don't use --disable-werror directly, as that would be passed through to bash, -;; and cause it's build to fail. -(define (hardened-glibc glibc) - (package-with-extra-configure-variable ( - package-with-extra-configure-variable ( - package-with-extra-configure-variable glibc - "enable_werror" "no") - "--enable-stack-protector" "strong") - "--enable-bind-now" "yes")) +(define-public mingw-w64-base-gcc + (package + (inherit base-gcc) + (arguments + (substitute-keyword-arguments (package-arguments base-gcc) + ((#:configure-flags flags) + `(append ,flags + ;; https://gcc.gnu.org/install/configure.html + (list "--enable-threads=posix", + building-on))) + ((#:make-flags flags) + ;; Uses the SSP functions from glibc instead of from libssp.so. + ;; Our 'symbol-check' script will complain if we link against libssp.so, + ;; and thus will ensure that this works properly. + `(cons "gcc_cv_libc_provides_ssp=yes" ,flags)))))) -(define-public glibc-2.28 +(define-public linux-base-gcc (package - (inherit glibc-2.31) - (version "2.28") + (inherit base-gcc) + (arguments + (substitute-keyword-arguments (package-arguments base-gcc) + ((#:configure-flags flags) + `(append ,flags + ;; https://gcc.gnu.org/install/configure.html + (list "--enable-initfini-array=yes", + "--enable-default-ssp=yes", + "--enable-default-pie=yes", + building-on))) + ((#:phases phases) + `(modify-phases ,phases + ;; Given a XGCC package, return a modified package that replace each instance of + ;; -rpath in the default system spec that's inserted by Guix with -rpath-link + (add-after 'pre-configure 'replace-rpath-with-rpath-link + (lambda _ + (substitute* (cons "gcc/config/rs6000/sysv4.h" + (find-files "gcc/config" + "^gnu-user.*\\.h$")) + (("-rpath=") "-rpath-link=")) + #t)))))))) + +(define-public glibc-2.31 + (let ((commit "8e30f03744837a85e33d84ccd34ed3abe30d37c3")) + (package + (inherit glibc) ;; 2.35 + (version "2.31") (source (origin (method git-fetch) (uri (git-reference (url "https://sourceware.org/git/glibc.git") - (commit "c9e58ae23402eb82877de90fd8a18519c086ed87"))) - (file-name (git-file-name "glibc" "c9e58ae23402eb82877de90fd8a18519c086ed87")) + (commit commit))) + (file-name (git-file-name "glibc" commit)) (sha256 (base32 - "0wm0if2n4z48kpn85va6yb4iac34crds2f55ddpz1hykx6jp1pb6")) - (patches (search-our-patches "glibc-ldd-x86_64.patch" - "glibc-versioned-locpath.patch" - "glibc-2.27-fcommon.patch" - "glibc-2.27-guix-prefix.patch")))))) - -(define (fix-ppc64-nx-default lief) - (package-with-extra-patches lief - (search-our-patches "lief-fix-ppc64-nx-default.patch"))) - -(define-public lief - (package - (name "python-lief") - (version "0.12.1") - (source - (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/lief-project/LIEF.git") - (commit version))) - (file-name (git-file-name name version)) - (sha256 - (base32 - "1xzbh3bxy4rw1yamnx68da1v5s56ay4g081cyamv67256g0qy2i1")))) - (build-system python-build-system) - (arguments - `(#:phases - (modify-phases %standard-phases - (add-after 'unpack 'parallel-jobs - ;; build with multiple cores - (lambda _ - (substitute* "setup.py" (("self.parallel if self.parallel else 1") (number->string (parallel-job-count))))))))) - (native-inputs - `(("cmake" ,cmake))) - (home-page "https://github.com/lief-project/LIEF") - (synopsis "Library to Instrument Executable Formats") - (description "Python library to to provide a cross platform library which can -parse, modify and abstract ELF, PE and MachO formats.") - (license license:asl2.0))) + "1zi0s9yy5zkisw823vivn7zlj8w6g9p3mm7lmlqiixcxdkz4dbn6")) + (patches (search-our-patches "glibc-guix-prefix.patch")))) + (arguments + (substitute-keyword-arguments (package-arguments glibc) + ((#:configure-flags flags) + `(append ,flags + ;; https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html + (list "--enable-stack-protector=all", + "--enable-bind-now", + "--disable-werror", + building-on))) + ((#:phases phases) + `(modify-phases ,phases + (add-before 'configure 'set-etc-rpc-installation-directory + (lambda* (#:key outputs #:allow-other-keys) + ;; Install the rpc data base file under `$out/etc/rpc'. + ;; Otherwise build will fail with "Permission denied." + ;; Can be removed when we are building 2.32 or later. + (let ((out (assoc-ref outputs "out"))) + (substitute* "sunrpc/Makefile" + (("^\\$\\(inst_sysconfdir\\)/rpc(.*)$" _ suffix) + (string-append out "/etc/rpc" suffix "\n")) + (("^install-others =.*$") + (string-append "install-others = " out "/etc/rpc\n"))))))))))))) (packages->manifest (append @@ -587,12 +585,10 @@ parse, modify and abstract ELF, PE and MachO formats.") bzip2 gzip xz - zlib - (list zlib "static") ;; Build tools cmake-minimal gnu-make - libtool-2.4.7 + libtool autoconf-2.71 automake pkg-config @@ -601,17 +597,18 @@ parse, modify and abstract ELF, PE and MachO formats.") gcc-toolchain-10 (list gcc-toolchain-10 "static") ;; Scripting - python-minimal ;; (3.9) + python-minimal ;; (3.10) ;; Git git-minimal ;; Tests - (fix-ppc64-nx-default lief)) + python-lief) (let ((target (getenv "HOST"))) (cond ((string-suffix? "-mingw32" target) ;; Windows (list zip (make-mingw-pthreads-cross-toolchain "x86_64-w64-mingw32") (make-nsis-for-gcc-10 nsis-x86_64) + nss-certs osslsigncode)) ((string-contains target "-linux-") (list (make-bitcoin-cross-toolchain target))) diff --git a/contrib/guix/patches/gcc-broken-longjmp.patch b/contrib/guix/patches/gcc-broken-longjmp.patch deleted file mode 100644 index 56568813c0d8..000000000000 --- a/contrib/guix/patches/gcc-broken-longjmp.patch +++ /dev/null @@ -1,70 +0,0 @@ -commit eb5698897c52702498938592d7f76e67d126451f -Author: Eric Botcazou -Date: Wed May 5 22:48:51 2021 +0200 - - Fix PR target/100402 - - This is a regression for 64-bit Windows present from mainline down to the 9 - branch and introduced by the fix for PR target/99234. Again SEH, but with - a twist related to the way MinGW implements setjmp/longjmp, which turns out - to be piggybacked on SEH with recent versions of MinGW, i.e. the longjmp - performs a bona-fide unwinding of the stack, because it calls RtlUnwindEx - with the second argument initially passed to setjmp, which is the result of - __builtin_frame_address (0) in the MinGW header file: - - define setjmp(BUF) _setjmp((BUF), __builtin_frame_address (0)) - - This means that we directly expose the frame pointer to the SEH machinery - here (unlike with regular exception handling where we use an intermediate - CFA) and thus that we cannot do whatever we want with it. The old code - would leave it unaligned, i.e. not multiple of 16, whereas the new code - aligns it, but this breaks for some reason; at least it appears that a - .seh_setframe directive with 0 as second argument always works, so the - fix aligns it this way. - - gcc/ - PR target/100402 - * config/i386/i386.c (ix86_compute_frame_layout): For a SEH target, - always return the establisher frame for __builtin_frame_address (0). - gcc/testsuite/ - * gcc.c-torture/execute/20210505-1.c: New test. - - This patch can be dropped when we are building with GCC 10.4.0 or later. - -diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c -index 2f838840e96..06ad1b2274e 100644 ---- a/gcc/config/i386/i386.c -+++ b/gcc/config/i386/i386.c -@@ -6356,12 +6356,29 @@ ix86_compute_frame_layout (void) - area, see the SEH code in config/i386/winnt.c for the rationale. */ - frame->hard_frame_pointer_offset = frame->sse_reg_save_offset; - -- /* If we can leave the frame pointer where it is, do so. Also, return -+ /* If we can leave the frame pointer where it is, do so; however return - the establisher frame for __builtin_frame_address (0) or else if the -- frame overflows the SEH maximum frame size. */ -+ frame overflows the SEH maximum frame size. -+ -+ Note that the value returned by __builtin_frame_address (0) is quite -+ constrained, because setjmp is piggybacked on the SEH machinery with -+ recent versions of MinGW: -+ -+ # elif defined(__SEH__) -+ # if defined(__aarch64__) || defined(_ARM64_) -+ # define setjmp(BUF) _setjmp((BUF), __builtin_sponentry()) -+ # elif (__MINGW_GCC_VERSION < 40702) -+ # define setjmp(BUF) _setjmp((BUF), mingw_getsp()) -+ # else -+ # define setjmp(BUF) _setjmp((BUF), __builtin_frame_address (0)) -+ # endif -+ -+ and the second argument passed to _setjmp, if not null, is forwarded -+ to the TargetFrame parameter of RtlUnwindEx by longjmp (after it has -+ built an ExceptionRecord on the fly describing the setjmp buffer). */ - const HOST_WIDE_INT diff - = frame->stack_pointer_offset - frame->hard_frame_pointer_offset; -- if (diff <= 255) -+ if (diff <= 255 && !crtl->accesses_prior_frames) - { - /* The resulting diff will be a multiple of 16 lower than 255, - i.e. at most 240 as required by the unwind data structure. */ diff --git a/contrib/guix/patches/gcc-10-remap-guix-store.patch b/contrib/guix/patches/gcc-remap-guix-store.patch similarity index 100% rename from contrib/guix/patches/gcc-10-remap-guix-store.patch rename to contrib/guix/patches/gcc-remap-guix-store.patch diff --git a/contrib/guix/patches/glibc-2.27-fcommon.patch b/contrib/guix/patches/glibc-2.27-fcommon.patch deleted file mode 100644 index 817aa85bb95f..000000000000 --- a/contrib/guix/patches/glibc-2.27-fcommon.patch +++ /dev/null @@ -1,34 +0,0 @@ -commit 264a4a0dbe1f4369db315080034b500bed66016c -Author: fanquake -Date: Fri May 6 11:03:04 2022 +0100 - - build: use -fcommon to retain legacy behaviour with GCC 10 - - GCC 10 started using -fno-common by default, which causes issues with - the powerpc builds using gibc 2.27. A patch was commited to glibc to fix - the issue, 18363b4f010da9ba459b13310b113ac0647c2fcc but is non-trvial - to backport, and was broken in at least one way, see the followup in - commit 7650321ce037302bfc2f026aa19e0213b8d02fe6. - - For now, retain the legacy GCC behaviour by passing -fcommon when - building glibc. - - https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html. - https://sourceware.org/git/?p=glibc.git;a=commit;h=18363b4f010da9ba459b13310b113ac0647c2fcc - https://sourceware.org/git/?p=glibc.git;a=commit;h=7650321ce037302bfc2f026aa19e0213b8d02fe6 - - This patch can be dropped when we are building with glibc 2.31+. - -diff --git a/Makeconfig b/Makeconfig -index 86a71e5802..aa2166be60 100644 ---- a/Makeconfig -+++ b/Makeconfig -@@ -896,7 +896,7 @@ ifeq "$(strip $(+cflags))" "" - endif # $(+cflags) == "" - - +cflags += $(cflags-cpu) $(+gccwarn) $(+merge-constants) $(+math-flags) \ -- $(+stack-protector) -+ $(+stack-protector) -fcommon - +gcc-nowarn := -w - - # Don't duplicate options if we inherited variables from the parent. diff --git a/contrib/guix/patches/glibc-2.27-guix-prefix.patch b/contrib/guix/patches/glibc-guix-prefix.patch similarity index 78% rename from contrib/guix/patches/glibc-2.27-guix-prefix.patch rename to contrib/guix/patches/glibc-guix-prefix.patch index dc515907ff88..60e12ca52546 100644 --- a/contrib/guix/patches/glibc-2.27-guix-prefix.patch +++ b/contrib/guix/patches/glibc-guix-prefix.patch @@ -4,19 +4,13 @@ hash for the same package will differ when on different architectures. In order to be reproducible regardless of the architecture used to build the package, map all guix store prefixes to something fixed, e.g. /usr. -We might be able to drop this in favour of using --with-nonshared-cflags -when we begin using newer versions of glibc. - --- a/Makeconfig +++ b/Makeconfig -@@ -992,6 +992,10 @@ object-suffixes := +@@ -1007,6 +1007,7 @@ object-suffixes := CPPFLAGS-.o = $(pic-default) # libc.a must be compiled with -fPIE/-fpie for static PIE. CFLAGS-.o = $(filter %frame-pointer,$(+cflags)) $(pie-default) -+ -+# Map Guix store paths to /usr +CFLAGS-.o += `find /gnu/store -maxdepth 1 -mindepth 1 -type d -exec echo -n " -ffile-prefix-map={}=/usr" \;` -+ libtype.o := lib%.a object-suffixes += .o ifeq (yes,$(build-shared)) diff --git a/contrib/guix/patches/glibc-ldd-x86_64.patch b/contrib/guix/patches/glibc-ldd-x86_64.patch deleted file mode 100644 index a23b095caa75..000000000000 --- a/contrib/guix/patches/glibc-ldd-x86_64.patch +++ /dev/null @@ -1,10 +0,0 @@ -By default, 'RTDLLIST' in 'ldd' refers to 'lib64/ld-linux-x86-64.so', whereas -it's in 'lib/' for us. This patch fixes that. - ---- a/sysdeps/unix/sysv/linux/x86_64/ldd-rewrite.sed -+++ b/sysdeps/unix/sysv/linux/x86_64/ldd-rewrite.sed -@@ -1,3 +1,3 @@ - /LD_TRACE_LOADED_OBJECTS=1/a\ - add_env="$add_env LD_LIBRARY_VERSION=\\$verify_out" --s_^\(RTLDLIST=\)\(.*lib\)\(\|64\|x32\)\(/[^/]*\)\(-x86-64\|-x32\)\(\.so\.[0-9.]*\)[ ]*$_\1"\2\4\6 \264\4-x86-64\6 \2x32\4-x32\6"_ -+s_^\(RTLDLIST=\)\(.*lib\)\(\|64\|x32\)\(/[^/]*\)\(-x86-64\|-x32\)\(\.so\.[0-9.]*\)[ ]*$_\1"\2\4\6 \2\4-x86-64\6 \2x32\4-x32\6"_ diff --git a/contrib/guix/patches/glibc-versioned-locpath.patch b/contrib/guix/patches/glibc-versioned-locpath.patch deleted file mode 100644 index 5afefd8fb375..000000000000 --- a/contrib/guix/patches/glibc-versioned-locpath.patch +++ /dev/null @@ -1,241 +0,0 @@ -The format of locale data can be incompatible between libc versions, and -loading incompatible data can lead to 'setlocale' returning EINVAL at best -or triggering an assertion failure at worst. See -https://lists.gnu.org/archive/html/guix-devel/2015-09/msg00717.html -for background information. - -To address that, this patch changes libc to honor a new 'GUIX_LOCPATH' -variable, and to look for locale data in version-specific sub-directories of -that variable. So, if GUIX_LOCPATH=/foo:/bar, locale data is searched for in -/foo/X.Y and /bar/X.Y, where X.Y is the libc version number. - -That way, a single 'GUIX_LOCPATH' setting can work even if different libc -versions coexist on the system. - ---- a/locale/newlocale.c -+++ b/locale/newlocale.c -@@ -30,6 +30,7 @@ - /* Lock for protecting global data. */ - __libc_rwlock_define (extern , __libc_setlocale_lock attribute_hidden) - -+extern error_t compute_locale_search_path (char **, size_t *); - - /* Use this when we come along an error. */ - #define ERROR_RETURN \ -@@ -48,7 +49,6 @@ __newlocale (int category_mask, const char *locale, locale_t base) - locale_t result_ptr; - char *locale_path; - size_t locale_path_len; -- const char *locpath_var; - int cnt; - size_t names_len; - -@@ -102,17 +102,8 @@ __newlocale (int category_mask, const char *locale, __locale_t base) - locale_path = NULL; - locale_path_len = 0; - -- locpath_var = getenv ("LOCPATH"); -- if (locpath_var != NULL && locpath_var[0] != '\0') -- { -- if (__argz_create_sep (locpath_var, ':', -- &locale_path, &locale_path_len) != 0) -- return NULL; -- -- if (__argz_add_sep (&locale_path, &locale_path_len, -- _nl_default_locale_path, ':') != 0) -- return NULL; -- } -+ if (compute_locale_search_path (&locale_path, &locale_path_len) != 0) -+ return NULL; - - /* Get the names for the locales we are interested in. We either - allow a composite name or a single name. */ -diff --git a/locale/setlocale.c b/locale/setlocale.c -index e4de907e1f..47b6233fc5 100644 ---- a/locale/setlocale.c -+++ b/locale/setlocale.c -@@ -215,12 +215,65 @@ setdata (int category, struct __locale_data *data) - } - } - -+/* Return in *LOCALE_PATH and *LOCALE_PATH_LEN the locale data search path as -+ a colon-separated list. Return ENOMEN on error, zero otherwise. */ -+error_t -+compute_locale_search_path (char **locale_path, size_t *locale_path_len) -+{ -+ char* guix_locpath_var = getenv ("GUIX_LOCPATH"); -+ char *locpath_var = getenv ("LOCPATH"); -+ -+ if (guix_locpath_var != NULL && guix_locpath_var[0] != '\0') -+ { -+ /* Entries in 'GUIX_LOCPATH' take precedence over 'LOCPATH'. These -+ entries are systematically prefixed with "/X.Y" where "X.Y" is the -+ libc version. */ -+ if (__argz_create_sep (guix_locpath_var, ':', -+ locale_path, locale_path_len) != 0 -+ || __argz_suffix_entries (locale_path, locale_path_len, -+ "/" VERSION) != 0) -+ goto bail_out; -+ } -+ -+ if (locpath_var != NULL && locpath_var[0] != '\0') -+ { -+ char *reg_locale_path = NULL; -+ size_t reg_locale_path_len = 0; -+ -+ if (__argz_create_sep (locpath_var, ':', -+ ®_locale_path, ®_locale_path_len) != 0) -+ goto bail_out; -+ -+ if (__argz_append (locale_path, locale_path_len, -+ reg_locale_path, reg_locale_path_len) != 0) -+ goto bail_out; -+ -+ free (reg_locale_path); -+ } -+ -+ if (*locale_path != NULL) -+ { -+ /* Append the system default locale directory. */ -+ if (__argz_add_sep (locale_path, locale_path_len, -+ _nl_default_locale_path, ':') != 0) -+ goto bail_out; -+ } -+ -+ return 0; -+ -+ bail_out: -+ free (*locale_path); -+ *locale_path = NULL; -+ *locale_path_len = 0; -+ -+ return ENOMEM; -+} -+ - char * - setlocale (int category, const char *locale) - { - char *locale_path; - size_t locale_path_len; -- const char *locpath_var; - char *composite; - - /* Sanity check for CATEGORY argument. */ -@@ -251,18 +304,11 @@ setlocale (int category, const char *locale) - locale_path = NULL; - locale_path_len = 0; - -- locpath_var = getenv ("LOCPATH"); -- if (locpath_var != NULL && locpath_var[0] != '\0') -+ if (compute_locale_search_path (&locale_path, &locale_path_len) != 0) - { -- if (__argz_create_sep (locpath_var, ':', -- &locale_path, &locale_path_len) != 0 -- || __argz_add_sep (&locale_path, &locale_path_len, -- _nl_default_locale_path, ':') != 0) -- { -- __libc_rwlock_unlock (__libc_setlocale_lock); -- return NULL; -- } -+ __libc_rwlock_unlock (__libc_setlocale_lock); -+ return NULL; - } - - if (category == LC_ALL) - { -diff --git a/string/Makefile b/string/Makefile -index aa2da9ca72..de752a1539 100644 ---- a/string/Makefile -+++ b/string/Makefile -@@ -40,7 +40,7 @@ routines := strcat strchr strcmp strcoll strcpy strcspn \ - swab strfry memfrob memmem rawmemchr strchrnul \ - $(addprefix argz-,append count create ctsep next \ - delete extract insert stringify \ -- addsep replace) \ -+ addsep replace suffix) \ - envz basename \ - strcoll_l strxfrm_l string-inlines memrchr \ - xpg-strerror strerror_l explicit_bzero -diff --git a/string/argz-suffix.c b/string/argz-suffix.c -new file mode 100644 -index 0000000000..505b0f248c ---- /dev/null -+++ b/string/argz-suffix.c -@@ -0,0 +1,56 @@ -+/* Copyright (C) 2015 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ Contributed by Ludovic Courtès . -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include -+ -+ -+error_t -+__argz_suffix_entries (char **argz, size_t *argz_len, const char *suffix) -+ -+{ -+ size_t suffix_len = strlen (suffix); -+ size_t count = __argz_count (*argz, *argz_len); -+ size_t new_argz_len = *argz_len + count * suffix_len; -+ char *new_argz = malloc (new_argz_len); -+ -+ if (new_argz) -+ { -+ char *p = new_argz, *entry; -+ -+ for (entry = *argz; -+ entry != NULL; -+ entry = argz_next (*argz, *argz_len, entry)) -+ { -+ p = stpcpy (p, entry); -+ p = stpcpy (p, suffix); -+ p++; -+ } -+ -+ free (*argz); -+ *argz = new_argz; -+ *argz_len = new_argz_len; -+ -+ return 0; -+ } -+ else -+ return ENOMEM; -+} -+weak_alias (__argz_suffix_entries, argz_suffix_entries) -diff --git a/string/argz.h b/string/argz.h -index 9c496f5ef5..1010a439d8 100644 ---- a/string/argz.h -+++ b/string/argz.h -@@ -108,6 +108,16 @@ extern error_t argz_replace (char **__restrict __argz, - const char *__restrict __str, - const char *__restrict __with, - unsigned int *__restrict __replace_count); -+ -+/* Suffix each entry of ARGZ & ARGZ_LEN with SUFFIX. Return 0 on success, -+ and ENOMEN if memory cannot be allocated. */ -+extern error_t __argz_suffix_entries (char **__restrict __argz, -+ size_t *__restrict __argz_len, -+ const char *__restrict __suffix); -+extern error_t argz_suffix_entries (char **__restrict __argz, -+ size_t *__restrict __argz_len, -+ const char *__restrict __suffix); -+ - - /* Returns the next entry in ARGZ & ARGZ_LEN after ENTRY, or NULL if there - are no more. If entry is NULL, then the first entry is returned. This diff --git a/contrib/guix/patches/lief-fix-ppc64-nx-default.patch b/contrib/guix/patches/lief-fix-ppc64-nx-default.patch deleted file mode 100644 index 101bc1ddc0cf..000000000000 --- a/contrib/guix/patches/lief-fix-ppc64-nx-default.patch +++ /dev/null @@ -1,29 +0,0 @@ -Correct default for Binary::has_nx on ppc64 - -From the Linux kernel source: - - * This is the default if a program doesn't have a PT_GNU_STACK - * program header entry. The PPC64 ELF ABI has a non executable stack - * stack by default, so in the absence of a PT_GNU_STACK program header - * we turn execute permission off. - -This patch can be dropped the next time we update LIEF. - -diff --git a/src/ELF/Binary.cpp b/src/ELF/Binary.cpp -index a90be1ab..fd2d9764 100644 ---- a/src/ELF/Binary.cpp -+++ b/src/ELF/Binary.cpp -@@ -1084,7 +1084,12 @@ bool Binary::has_nx() const { - return segment->type() == SEGMENT_TYPES::PT_GNU_STACK; - }); - if (it_stack == std::end(segments_)) { -- return false; -+ if (header().machine_type() == ARCH::EM_PPC64) { -+ // The PPC64 ELF ABI has a non-executable stack by default. -+ return true; -+ } else { -+ return false; -+ } - } - - return !(*it_stack)->has(ELF_SEGMENT_FLAGS::PF_X); diff --git a/contrib/guix/patches/nsis-disable-installer-reloc.patch b/contrib/guix/patches/nsis-disable-installer-reloc.patch deleted file mode 100644 index 4914527e56be..000000000000 --- a/contrib/guix/patches/nsis-disable-installer-reloc.patch +++ /dev/null @@ -1,30 +0,0 @@ -Patch NSIS so that it's installer stubs, produced at NSIS build time, -do not contain .reloc sections, which will exist by default when using -binutils/ld 2.36+. - -This ultimately fixes an issue when running the installer with the -"Force randomization for images (Mandatory ASLR)" setting active. - -This patch has not yet been sent upstream, because it's not clear if this -is the best fix, for the underlying issue, which seems to be that makensis -doesn't account for .reloc sections when it builds installers. - -The existence of a reloc section shouldn't be a problem, and, if anything, -is actually a requirement for working ASLR. All other Windows binaries we -produce contain them, and function correctly when under the same -"Force randomization for images (Mandatory ASLR)" setting. - -See: -https://github.com/bitcoin/bitcoin/issues/25726 -https://sourceforge.net/p/nsis/bugs/1131/ - ---- a/SCons/Config/gnu -+++ b/SCons/Config/gnu -@@ -102,6 +102,7 @@ stub_env.Append(LINKFLAGS = ['-mwindows']) # build windows executables - stub_env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG']) # no standard libraries - stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align - stub_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file -+stub_env.Append(LINKFLAGS = ['-Wl,--disable-reloc-section']) - - conf = FlagsConfigure(stub_env) - conf.CheckCompileFlag('-fno-tree-loop-distribute-patterns') # GCC 10: Don't generate msvcrt!memmove calls (bug #1248) diff --git a/contrib/macdeploy/README.md b/contrib/macdeploy/README.md index d201e327e9c5..a6fae6e018a6 100644 --- a/contrib/macdeploy/README.md +++ b/contrib/macdeploy/README.md @@ -97,16 +97,7 @@ redistributed. [`xorrisofs`](https://www.gnu.org/software/xorriso/) is used to create the DMG. -`xorrisofs` cannot compress DMGs, so afterwards, the DMG tool from the -`libdmg-hfsplus` project is used to compress it. There are several bugs in this -tool and its maintainer has seemingly abandoned the project. - -The DMG tool has the ability to create DMGs from scratch as well, but this functionality is -broken. Only the compression feature is currently used. Ideally, the creation could be fixed -and `xorrisofs` would no longer be necessary. - -Background images and other features can be added to DMG files by inserting a -`.DS_Store` during creation. +A background image is added to DMG files by inserting a `.DS_Store` during creation. As of OS X 10.9 Mavericks, using an Apple-blessed key to sign binaries is a requirement in order to satisfy the new Gatekeeper requirements. Because this private key cannot be diff --git a/depends/packages/native_libdmg-hfsplus.mk b/depends/packages/native_libdmg-hfsplus.mk deleted file mode 100644 index c7c8adef4158..000000000000 --- a/depends/packages/native_libdmg-hfsplus.mk +++ /dev/null @@ -1,24 +0,0 @@ -package=native_libdmg-hfsplus -$(package)_version=7ac55ec64c96f7800d9818ce64c79670e7f02b67 -$(package)_download_path=https://github.com/planetbeing/libdmg-hfsplus/archive -$(package)_file_name=$($(package)_version).tar.gz -$(package)_sha256_hash=56fbdc48ec110966342f0ecddd6f8f89202f4143ed2a3336e42bbf88f940850c -$(package)_build_subdir=build -$(package)_patches=remove-libcrypto-dependency.patch - -define $(package)_preprocess_cmds - patch -p1 < $($(package)_patch_dir)/remove-libcrypto-dependency.patch && \ - mkdir build -endef - -define $(package)_config_cmds - $($(package)_cmake) -DCMAKE_C_FLAGS="$$($(1)_cflags) -Wl,--build-id=none" -DCMAKE_SKIP_RPATH="ON" -DCMAKE_EXE_LINKER_FLAGS="-static" -DCMAKE_FIND_LIBRARY_SUFFIXES=".a" .. -endef - -define $(package)_build_cmds - $(MAKE) -C dmg -endef - -define $(package)_stage_cmds - $(MAKE) DESTDIR=$($(package)_staging_dir) -C dmg install -endef diff --git a/depends/packages/packages.mk b/depends/packages/packages.mk index bdf235b19bc9..2e07037ea76d 100644 --- a/depends/packages/packages.mk +++ b/depends/packages/packages.mk @@ -27,7 +27,7 @@ usdt_linux_packages=systemtap darwin_native_packages = native_ds_store native_mac_alias ifneq ($(build_os),darwin) -darwin_native_packages += native_cctools native_libtapi native_libdmg-hfsplus +darwin_native_packages += native_cctools native_libtapi ifeq ($(strip $(FORCE_USE_SYSTEM_CLANG)),) darwin_native_packages+= native_clang diff --git a/depends/patches/native_libdmg-hfsplus/remove-libcrypto-dependency.patch b/depends/patches/native_libdmg-hfsplus/remove-libcrypto-dependency.patch deleted file mode 100644 index f346c8f2cff8..000000000000 --- a/depends/patches/native_libdmg-hfsplus/remove-libcrypto-dependency.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 3e5fd3fb56bc9ff03beb535979e33dcf83fe1f70 Mon Sep 17 00:00:00 2001 -From: Cory Fields -Date: Thu, 8 May 2014 12:39:42 -0400 -Subject: [PATCH] dmg: remove libcrypto dependency - ---- - dmg/CMakeLists.txt | 16 ---------------- - 1 file changed, 16 deletions(-) - -diff --git a/dmg/CMakeLists.txt b/dmg/CMakeLists.txt -index eec62d6..3969f64 100644 ---- a/dmg/CMakeLists.txt -+++ b/dmg/CMakeLists.txt -@@ -1,12 +1,5 @@ --INCLUDE(FindOpenSSL) - INCLUDE(FindZLIB) - --FIND_LIBRARY(CRYPTO_LIBRARIES crypto -- PATHS -- /usr/lib -- /usr/local/lib -- ) -- - IF(NOT ZLIB_FOUND) - message(FATAL_ERROR "zlib is required for dmg!") - ENDIF(NOT ZLIB_FOUND) -@@ -18,15 +11,6 @@ link_directories(${PROJECT_BINARY_DIR}/common ${PROJECT_BINARY_DIR}/hfs) - - add_library(dmg adc.c base64.c checksum.c dmgfile.c dmglib.c filevault.c io.c partition.c resources.c udif.c) - --IF(OPENSSL_FOUND) -- add_definitions(-DHAVE_CRYPT) -- include_directories(${OPENSSL_INCLUDE_DIR}) -- target_link_libraries(dmg ${CRYPTO_LIBRARIES}) -- IF(WIN32) -- TARGET_LINK_LIBRARIES(dmg gdi32) -- ENDIF(WIN32) --ENDIF(OPENSSL_FOUND) -- - target_link_libraries(dmg common hfs z) - - add_executable(dmg-bin dmg.c) --- -2.22.0 - diff --git a/doc/dependencies.md b/doc/dependencies.md index 9d4529178326..d271c4bf753e 100644 --- a/doc/dependencies.md +++ b/doc/dependencies.md @@ -11,7 +11,7 @@ These are the dependencies currently used by Dash Core. You can find instruction | fontconfig | [2.12.1](https://www.freedesktop.org/software/fontconfig/release/) | | No | Yes | | | FreeType | [2.11.0](https://download.savannah.gnu.org/releases/freetype) | | No | | [Yes](https://github.com/dashpay/dash/blob/develop/depends/packages/qt.mk) (Android only) | | GCC | | [7+](https://gcc.gnu.org/) (C++17 support) | | | | -| glibc | | [2.28](https://www.gnu.org/software/libc/) | | | | | +| glibc | | [2.31](https://www.gnu.org/software/libc/) | | | | | | HarfBuzz-NG | | | | | [Yes](https://github.com/dashpay/dash/blob/develop/depends/packages/qt.mk) | | libevent | [2.1.12-stable](https://github.com/libevent/libevent/releases) | [2.0.21](https://github.com/bitcoin/bitcoin/pull/18676) | No | | | | libnatpmp | git commit [4536032...](https://github.com/miniupnp/libnatpmp/tree/4536032ae32268a45c073a4d5e91bbab4534773a) | | No | | | diff --git a/doc/release-notes-6383.md b/doc/release-notes-6383.md new file mode 100644 index 000000000000..c6f685f2b452 --- /dev/null +++ b/doc/release-notes-6383.md @@ -0,0 +1,5 @@ +Compatibility +============= + +The minimum required glibc to run Dash Core is now 2.31. This means that RHEL 8 and Ubuntu 18.04 (Bionic) +are no-longer supported.