2019-07-12 11:42:36 -04:00
|
|
|
(use-modules (gnu)
|
|
|
|
(gnu packages)
|
|
|
|
(gnu packages autotools)
|
|
|
|
(gnu packages base)
|
|
|
|
(gnu packages bash)
|
2021-03-03 14:00:12 -03:00
|
|
|
(gnu packages bison)
|
2021-02-04 21:09:02 -03:00
|
|
|
(gnu packages certs)
|
2020-11-17 15:09:31 -03:00
|
|
|
(gnu packages cdrom)
|
2019-07-12 11:42:36 -04:00
|
|
|
(gnu packages check)
|
2020-11-17 15:09:31 -03:00
|
|
|
(gnu packages cmake)
|
2019-07-12 11:42:36 -04:00
|
|
|
(gnu packages commencement)
|
|
|
|
(gnu packages compression)
|
|
|
|
(gnu packages cross-base)
|
|
|
|
(gnu packages file)
|
|
|
|
(gnu packages gawk)
|
|
|
|
(gnu packages gcc)
|
2020-11-17 15:09:31 -03:00
|
|
|
(gnu packages gnome)
|
2020-01-16 16:40:48 -03:00
|
|
|
(gnu packages installers)
|
2019-07-12 11:42:36 -04:00
|
|
|
(gnu packages linux)
|
2020-11-17 15:09:31 -03:00
|
|
|
(gnu packages llvm)
|
2020-01-16 16:40:48 -03:00
|
|
|
(gnu packages mingw)
|
2021-05-25 23:51:11 -04:00
|
|
|
(gnu packages moreutils)
|
2019-07-12 11:42:36 -04:00
|
|
|
(gnu packages pkg-config)
|
|
|
|
(gnu packages python)
|
2021-12-15 02:28:46 -03:00
|
|
|
(gnu packages python-crypto)
|
2021-02-04 21:09:02 -03:00
|
|
|
(gnu packages python-web)
|
2019-07-12 11:42:36 -04:00
|
|
|
(gnu packages shells)
|
2021-02-04 21:09:02 -03:00
|
|
|
(gnu packages tls)
|
2020-04-22 13:05:37 -04:00
|
|
|
(gnu packages version-control)
|
2022-08-03 05:54:15 -04:00
|
|
|
(guix build-system cmake)
|
2020-01-16 16:40:48 -03:00
|
|
|
(guix build-system gnu)
|
2021-04-08 22:12:14 -04:00
|
|
|
(guix build-system python)
|
2019-07-12 11:42:36 -04:00
|
|
|
(guix build-system trivial)
|
2020-11-17 15:09:31 -03:00
|
|
|
(guix download)
|
2019-07-12 11:42:36 -04:00
|
|
|
(guix gexp)
|
2021-04-08 22:12:14 -04:00
|
|
|
(guix git-download)
|
2020-11-17 15:09:31 -03:00
|
|
|
((guix licenses) #:prefix license:)
|
2019-07-12 11:42:36 -04:00
|
|
|
(guix packages)
|
|
|
|
(guix profiles)
|
|
|
|
(guix utils))
|
2019-07-12 00:28:29 -04:00
|
|
|
|
2021-01-14 20:10:16 -03:00
|
|
|
(define-syntax-rule (search-our-patches file-name ...)
|
|
|
|
"Return the list of absolute file names corresponding to each
|
|
|
|
FILE-NAME found in ./patches relative to the current file."
|
|
|
|
(parameterize
|
|
|
|
((%patch-path (list (string-append (dirname (current-filename)) "/patches"))))
|
|
|
|
(list (search-patch file-name) ...)))
|
|
|
|
|
2020-03-25 18:17:14 -03:00
|
|
|
(define (make-ssp-fixed-gcc xgcc)
|
|
|
|
"Given a XGCC package, return a modified package that uses the SSP function
|
2020-03-30 14:41:34 -03:00
|
|
|
from glibc instead of from libssp.so. Our `symbol-check' script will complain if
|
|
|
|
we link against libssp.so, and thus will ensure that this works properly.
|
|
|
|
|
|
|
|
Taken from:
|
2020-03-25 18:17:14 -03:00
|
|
|
http://www.linuxfromscratch.org/hlfs/view/development/chapter05/gcc-pass1.html"
|
|
|
|
(package
|
2021-02-04 20:58:26 -03:00
|
|
|
(inherit xgcc)
|
|
|
|
(arguments
|
|
|
|
(substitute-keyword-arguments (package-arguments xgcc)
|
|
|
|
((#:make-flags flags)
|
|
|
|
`(cons "gcc_cv_libc_provides_ssp=yes" ,flags))))))
|
2020-03-25 18:17:14 -03:00
|
|
|
|
2019-07-12 00:28:29 -04:00
|
|
|
(define (make-gcc-rpath-link xgcc)
|
|
|
|
"Given a XGCC package, return a modified package that replace each instance of
|
|
|
|
-rpath in the default system spec that's inserted by Guix with -rpath-link"
|
|
|
|
(package
|
2021-02-04 20:58:26 -03:00
|
|
|
(inherit xgcc)
|
|
|
|
(arguments
|
|
|
|
(substitute-keyword-arguments (package-arguments xgcc)
|
|
|
|
((#:phases phases)
|
|
|
|
`(modify-phases ,phases
|
|
|
|
(add-after 'pre-configure 'replace-rpath-with-rpath-link
|
|
|
|
(lambda _
|
|
|
|
(substitute* (cons "gcc/config/rs6000/sysv4.h"
|
|
|
|
(find-files "gcc/config"
|
|
|
|
"^gnu-user.*\\.h$"))
|
|
|
|
(("-rpath=") "-rpath-link="))
|
|
|
|
#t))))))))
|
2019-07-12 00:28:29 -04:00
|
|
|
|
2022-08-17 07:18:57 -04:00
|
|
|
(define building-on (string-append (list-ref (string-split (%current-system) #\-) 0) "-guix-linux-gnu"))
|
|
|
|
|
|
|
|
(define (explicit-cross-configure package)
|
|
|
|
(package-with-extra-configure-variable package "--build" building-on))
|
|
|
|
|
2019-07-12 00:28:29 -04:00
|
|
|
(define (make-cross-toolchain target
|
|
|
|
base-gcc-for-libc
|
|
|
|
base-kernel-headers
|
|
|
|
base-libc
|
|
|
|
base-gcc)
|
|
|
|
"Create a cross-compilation toolchain package for TARGET"
|
|
|
|
(let* ((xbinutils (cross-binutils target))
|
|
|
|
;; 1. Build a cross-compiling gcc without targeting any libc, derived
|
|
|
|
;; from BASE-GCC-FOR-LIBC
|
2022-08-17 07:18:57 -04:00
|
|
|
(xgcc-sans-libc (explicit-cross-configure (cross-gcc target
|
|
|
|
#:xgcc base-gcc-for-libc
|
|
|
|
#:xbinutils xbinutils)))
|
2019-07-12 00:28:29 -04:00
|
|
|
;; 2. Build cross-compiled kernel headers with XGCC-SANS-LIBC, derived
|
|
|
|
;; from BASE-KERNEL-HEADERS
|
|
|
|
(xkernel (cross-kernel-headers target
|
|
|
|
base-kernel-headers
|
|
|
|
xgcc-sans-libc
|
|
|
|
xbinutils))
|
|
|
|
;; 3. Build a cross-compiled libc with XGCC-SANS-LIBC and XKERNEL,
|
|
|
|
;; derived from BASE-LIBC
|
2022-08-17 07:18:57 -04:00
|
|
|
(xlibc (explicit-cross-configure (cross-libc target
|
|
|
|
base-libc
|
|
|
|
xgcc-sans-libc
|
|
|
|
xbinutils
|
|
|
|
xkernel)))
|
2019-07-12 00:28:29 -04:00
|
|
|
;; 4. Build a cross-compiling gcc targeting XLIBC, derived from
|
|
|
|
;; BASE-GCC
|
2022-08-17 07:18:57 -04:00
|
|
|
(xgcc (explicit-cross-configure (cross-gcc target
|
|
|
|
#:xgcc base-gcc
|
|
|
|
#:xbinutils xbinutils
|
|
|
|
#:libc xlibc))))
|
2019-07-12 00:28:29 -04:00
|
|
|
;; Define a meta-package that propagates the resulting XBINUTILS, XLIBC, and
|
|
|
|
;; XGCC
|
|
|
|
(package
|
|
|
|
(name (string-append target "-toolchain"))
|
|
|
|
(version (package-version xgcc))
|
|
|
|
(source #f)
|
|
|
|
(build-system trivial-build-system)
|
|
|
|
(arguments '(#:builder (begin (mkdir %output) #t)))
|
|
|
|
(propagated-inputs
|
|
|
|
`(("binutils" ,xbinutils)
|
|
|
|
("libc" ,xlibc)
|
|
|
|
("libc:static" ,xlibc "static")
|
2021-02-04 15:52:51 -03:00
|
|
|
("gcc" ,xgcc)
|
|
|
|
("gcc-lib" ,xgcc "lib")))
|
2019-07-12 00:28:29 -04:00
|
|
|
(synopsis (string-append "Complete GCC tool chain for " target))
|
|
|
|
(description (string-append "This package provides a complete GCC tool
|
|
|
|
chain for " target " development."))
|
|
|
|
(home-page (package-home-page xgcc))
|
|
|
|
(license (package-license xgcc)))))
|
|
|
|
|
2021-11-01 04:17:01 -03:00
|
|
|
(define base-gcc gcc-10)
|
2022-04-27 03:32:09 -04:00
|
|
|
(define base-linux-kernel-headers linux-libre-headers-5.15)
|
2021-05-19 13:47:58 -04:00
|
|
|
|
2022-06-20 10:30:19 -04:00
|
|
|
;; https://gcc.gnu.org/install/configure.html
|
|
|
|
(define (hardened-gcc gcc)
|
|
|
|
(package-with-extra-configure-variable (
|
2022-08-18 13:04:48 -04:00
|
|
|
package-with-extra-configure-variable (
|
|
|
|
package-with-extra-configure-variable gcc
|
|
|
|
"--enable-initfini-array" "yes")
|
|
|
|
"--enable-default-ssp" "yes")
|
|
|
|
"--enable-default-pie" "yes"))
|
2022-06-20 10:30:19 -04:00
|
|
|
|
2019-07-12 00:28:29 -04:00
|
|
|
(define* (make-bitcoin-cross-toolchain target
|
2021-02-04 20:58:26 -03:00
|
|
|
#:key
|
2022-03-29 05:02:58 -03:00
|
|
|
(base-gcc-for-libc base-gcc)
|
2022-04-27 03:32:09 -04:00
|
|
|
(base-kernel-headers base-linux-kernel-headers)
|
2023-03-24 12:23:33 -03:00
|
|
|
(base-libc (hardened-glibc glibc-2.27))
|
2022-06-20 10:30:19 -04:00
|
|
|
(base-gcc (make-gcc-rpath-link (hardened-gcc base-gcc))))
|
2019-11-04 06:22:53 -03:00
|
|
|
"Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values
|
2019-07-12 00:28:29 -04:00
|
|
|
desirable for building Bitcoin Core release binaries."
|
|
|
|
(make-cross-toolchain target
|
2021-02-04 20:58:26 -03:00
|
|
|
base-gcc-for-libc
|
|
|
|
base-kernel-headers
|
|
|
|
base-libc
|
|
|
|
base-gcc))
|
2019-07-12 00:28:29 -04:00
|
|
|
|
2020-01-16 16:40:48 -03:00
|
|
|
(define (make-gcc-with-pthreads gcc)
|
2022-07-06 17:24:20 -04:00
|
|
|
(package-with-extra-configure-variable
|
|
|
|
(package-with-extra-patches gcc
|
|
|
|
(search-our-patches "gcc-10-remap-guix-store.patch"))
|
|
|
|
"--enable-threads" "posix"))
|
2020-01-16 16:40:48 -03:00
|
|
|
|
2022-04-13 06:41:45 -04:00
|
|
|
(define (make-mingw-w64-cross-gcc cross-gcc)
|
2022-04-01 06:43:32 -03:00
|
|
|
(package-with-extra-patches cross-gcc
|
2022-04-13 06:41:45 -04:00
|
|
|
(search-our-patches "vmov-alignment.patch"
|
|
|
|
"gcc-broken-longjmp.patch")))
|
2022-04-01 06:43:32 -03:00
|
|
|
|
2020-01-16 16:40:48 -03:00
|
|
|
(define (make-mingw-pthreads-cross-toolchain target)
|
|
|
|
"Create a cross-compilation toolchain package for TARGET"
|
2021-11-01 04:17:01 -03:00
|
|
|
(let* ((xbinutils (cross-binutils target))
|
2020-01-16 16:40:48 -03:00
|
|
|
(pthreads-xlibc mingw-w64-x86_64-winpthreads)
|
|
|
|
(pthreads-xgcc (make-gcc-with-pthreads
|
|
|
|
(cross-gcc target
|
2022-04-13 06:41:45 -04:00
|
|
|
#:xgcc (make-ssp-fixed-gcc (make-mingw-w64-cross-gcc base-gcc))
|
2020-01-16 16:40:48 -03:00
|
|
|
#:xbinutils xbinutils
|
|
|
|
#:libc pthreads-xlibc))))
|
|
|
|
;; Define a meta-package that propagates the resulting XBINUTILS, XLIBC, and
|
|
|
|
;; XGCC
|
|
|
|
(package
|
|
|
|
(name (string-append target "-posix-toolchain"))
|
|
|
|
(version (package-version pthreads-xgcc))
|
|
|
|
(source #f)
|
|
|
|
(build-system trivial-build-system)
|
|
|
|
(arguments '(#:builder (begin (mkdir %output) #t)))
|
|
|
|
(propagated-inputs
|
|
|
|
`(("binutils" ,xbinutils)
|
|
|
|
("libc" ,pthreads-xlibc)
|
2021-02-04 15:52:51 -03:00
|
|
|
("gcc" ,pthreads-xgcc)
|
|
|
|
("gcc-lib" ,pthreads-xgcc "lib")))
|
2020-01-16 16:40:48 -03:00
|
|
|
(synopsis (string-append "Complete GCC tool chain for " target))
|
|
|
|
(description (string-append "This package provides a complete GCC tool
|
|
|
|
chain for " target " development."))
|
|
|
|
(home-page (package-home-page pthreads-xgcc))
|
|
|
|
(license (package-license pthreads-xgcc)))))
|
|
|
|
|
2021-12-07 22:16:52 -03:00
|
|
|
(define (make-nsis-for-gcc-10 base-nsis)
|
2021-01-14 20:10:16 -03:00
|
|
|
(package-with-extra-patches base-nsis
|
guix: patch NSIS to remove .reloc sections from install stubs
With the release of binutils/ld 2.36, ld swapped to much improved
default settings when producing windows binaries with mingw-w64. One of
these changes was to stop stripping the .reloc section from binaries,
which is required for working ASLR.
.reloc section stripping is something we've accounted for previously,
see #18702. The related upstream discussion is in this thread:
https://sourceware.org/bugzilla/show_bug.cgi?id=19011.
When we switched to using a newer Guix time-machine in #23778, we begun
using binutils 2.37 to produce releases. Since then, our windows
installer (produced with makensis) has not functioned correctly when run on
a Windows system with the "Force randomization for images (Mandatory ASLR)"
option enabled. Note that all of our other release binaries, which all
contain .reloc sections, function fine under the same option, so it
cannot be just the presence of a .reloc section that is the issue.
For now, restore makensis to it's pre-binutils-2.36 behaviour, which
fixes the produced installer. The underlying issue can be further
investigated in future.
2022-08-05 06:48:15 -04:00
|
|
|
(search-our-patches "nsis-gcc-10-memmove.patch"
|
|
|
|
"nsis-disable-installer-reloc.patch")))
|
2021-01-14 20:10:16 -03:00
|
|
|
|
2022-06-25 04:41:09 -04:00
|
|
|
(define (fix-ppc64-nx-default lief)
|
|
|
|
(package-with-extra-patches lief
|
|
|
|
(search-our-patches "lief-fix-ppc64-nx-default.patch")))
|
|
|
|
|
2023-03-21 11:26:01 -03:00
|
|
|
;; Our python-lief package can be removed once we are using
|
|
|
|
;; guix 83bfdb409787cb2737e68b093a319b247b7858e6 or later.
|
2023-03-22 06:53:13 -03:00
|
|
|
;; Note we currently use cmake-minimal.
|
2023-03-21 11:26:01 -03:00
|
|
|
(define-public python-lief
|
2021-04-08 22:12:14 -04:00
|
|
|
(package
|
2023-03-21 11:26:01 -03:00
|
|
|
(name "python-lief")
|
|
|
|
(version "0.12.3")
|
|
|
|
(source (origin
|
|
|
|
(method git-fetch)
|
|
|
|
(uri (git-reference
|
|
|
|
(url "https://github.com/lief-project/LIEF")
|
|
|
|
(commit version)))
|
|
|
|
(file-name (git-file-name name version))
|
|
|
|
(sha256
|
|
|
|
(base32
|
|
|
|
"11i6hqmcjh56y554kqhl61698n9v66j2qk1c1g63mv2w07h2z661"))))
|
|
|
|
(build-system python-build-system)
|
2023-03-22 06:53:13 -03:00
|
|
|
(native-inputs (list cmake-minimal))
|
2023-03-21 11:26:01 -03:00
|
|
|
(arguments
|
|
|
|
(list
|
|
|
|
#:tests? #f ;needs network
|
|
|
|
#:phases #~(modify-phases %standard-phases
|
|
|
|
(replace 'build
|
|
|
|
(lambda _
|
|
|
|
(invoke
|
|
|
|
"python" "setup.py" "--sdk" "build"
|
|
|
|
(string-append
|
|
|
|
"-j" (number->string (parallel-job-count)))))))))
|
|
|
|
(home-page "https://github.com/lief-project/LIEF")
|
|
|
|
(synopsis "Library to instrument executable formats")
|
|
|
|
(description
|
|
|
|
"@code{python-lief} is a cross platform library which can parse, modify
|
|
|
|
and abstract ELF, PE and MachO formats.")
|
|
|
|
(license license:asl2.0)))
|
2021-04-08 22:12:14 -04:00
|
|
|
|
2021-02-04 21:09:02 -03:00
|
|
|
(define osslsigncode
|
|
|
|
(package
|
|
|
|
(name "osslsigncode")
|
2022-08-03 05:54:15 -04:00
|
|
|
(version "2.5")
|
2021-02-04 21:09:02 -03:00
|
|
|
(source (origin
|
|
|
|
(method url-fetch)
|
|
|
|
(uri (string-append "https://github.com/mtrojnar/"
|
|
|
|
name "/archive/" version ".tar.gz"))
|
|
|
|
(sha256
|
|
|
|
(base32
|
2022-08-03 05:54:15 -04:00
|
|
|
"03by9706gg0an6dn48pljx38vcb76ziv11bgm8ilwsf293x2k4hv"))))
|
|
|
|
(build-system cmake-build-system)
|
2021-02-04 21:09:02 -03:00
|
|
|
(inputs
|
2022-08-03 05:54:15 -04:00
|
|
|
`(("openssl", openssl)))
|
2021-02-04 21:09:02 -03:00
|
|
|
(home-page "https://github.com/mtrojnar/osslsigncode")
|
|
|
|
(synopsis "Authenticode signing and timestamping tool")
|
|
|
|
(description "osslsigncode is a small tool that implements part of the
|
|
|
|
functionality of the Microsoft tool signtool.exe - more exactly the Authenticode
|
|
|
|
signing and timestamping. But osslsigncode is based on OpenSSL and cURL, and
|
|
|
|
thus should be able to compile on most platforms where these exist.")
|
|
|
|
(license license:gpl3+))) ; license is with openssl exception
|
|
|
|
|
|
|
|
(define-public python-elfesteem
|
2022-06-30 06:20:29 -04:00
|
|
|
(let ((commit "2eb1e5384ff7a220fd1afacd4a0170acff54fe56"))
|
2021-02-04 21:09:02 -03:00
|
|
|
(package
|
|
|
|
(name "python-elfesteem")
|
|
|
|
(version (git-version "0.1" "1" commit))
|
|
|
|
(source
|
|
|
|
(origin
|
|
|
|
(method git-fetch)
|
|
|
|
(uri (git-reference
|
|
|
|
(url "https://github.com/LRGH/elfesteem")
|
|
|
|
(commit commit)))
|
|
|
|
(file-name (git-file-name name commit))
|
|
|
|
(sha256
|
|
|
|
(base32
|
2022-06-30 06:20:29 -04:00
|
|
|
"07x6p8clh11z8s1n2kdxrqwqm2almgc5qpkcr9ckb6y5ivjdr5r6"))))
|
2021-02-04 21:09:02 -03:00
|
|
|
(build-system python-build-system)
|
|
|
|
;; There are no tests, but attempting to run python setup.py test leads to
|
|
|
|
;; PYTHONPATH problems, just disable the test
|
|
|
|
(arguments '(#:tests? #f))
|
|
|
|
(home-page "https://github.com/LRGH/elfesteem")
|
|
|
|
(synopsis "ELF/PE/Mach-O parsing library")
|
|
|
|
(description "elfesteem parses ELF, PE and Mach-O files.")
|
|
|
|
(license license:lgpl2.1))))
|
|
|
|
|
|
|
|
(define-public python-oscrypto
|
|
|
|
(package
|
|
|
|
(name "python-oscrypto")
|
|
|
|
(version "1.2.1")
|
|
|
|
(source
|
|
|
|
(origin
|
|
|
|
(method git-fetch)
|
|
|
|
(uri (git-reference
|
|
|
|
(url "https://github.com/wbond/oscrypto")
|
|
|
|
(commit version)))
|
|
|
|
(file-name (git-file-name name version))
|
|
|
|
(sha256
|
|
|
|
(base32
|
|
|
|
"1d4d8s4z340qhvb3g5m5v3436y3a71yc26wk4749q64m09kxqc3l"))
|
|
|
|
(patches (search-our-patches "oscrypto-hard-code-openssl.patch"))))
|
|
|
|
(build-system python-build-system)
|
|
|
|
(native-search-paths
|
|
|
|
(list (search-path-specification
|
|
|
|
(variable "SSL_CERT_FILE")
|
|
|
|
(file-type 'regular)
|
|
|
|
(separator #f) ;single entry
|
|
|
|
(files '("etc/ssl/certs/ca-certificates.crt")))))
|
|
|
|
|
|
|
|
(propagated-inputs
|
|
|
|
`(("python-asn1crypto" ,python-asn1crypto)
|
|
|
|
("openssl" ,openssl)))
|
|
|
|
(arguments
|
|
|
|
`(#:phases
|
|
|
|
(modify-phases %standard-phases
|
|
|
|
(add-after 'unpack 'hard-code-path-to-libscrypt
|
|
|
|
(lambda* (#:key inputs #:allow-other-keys)
|
|
|
|
(let ((openssl (assoc-ref inputs "openssl")))
|
|
|
|
(substitute* "oscrypto/__init__.py"
|
|
|
|
(("@GUIX_OSCRYPTO_USE_OPENSSL@")
|
|
|
|
(string-append openssl "/lib/libcrypto.so" "," openssl "/lib/libssl.so")))
|
|
|
|
#t)))
|
|
|
|
(add-after 'unpack 'disable-broken-tests
|
|
|
|
(lambda _
|
|
|
|
;; This test is broken as there is no keyboard interrupt.
|
|
|
|
(substitute* "tests/test_trust_list.py"
|
|
|
|
(("^(.*)class TrustListTests" line indent)
|
|
|
|
(string-append indent
|
|
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
|
|
line)))
|
|
|
|
(substitute* "tests/test_tls.py"
|
|
|
|
(("^(.*)class TLSTests" line indent)
|
|
|
|
(string-append indent
|
|
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
|
|
line)))
|
|
|
|
#t))
|
|
|
|
(replace 'check
|
|
|
|
(lambda _
|
|
|
|
(invoke "python" "run.py" "tests")
|
|
|
|
#t)))))
|
|
|
|
(home-page "https://github.com/wbond/oscrypto")
|
|
|
|
(synopsis "Compiler-free Python crypto library backed by the OS")
|
|
|
|
(description "oscrypto is a compilation-free, always up-to-date encryption library for Python.")
|
|
|
|
(license license:expat)))
|
|
|
|
|
|
|
|
(define-public python-oscryptotests
|
|
|
|
(package (inherit python-oscrypto)
|
|
|
|
(name "python-oscryptotests")
|
2021-11-01 04:17:01 -03:00
|
|
|
(propagated-inputs
|
|
|
|
`(("python-oscrypto" ,python-oscrypto)))
|
2021-02-04 21:09:02 -03:00
|
|
|
(arguments
|
|
|
|
`(#:tests? #f
|
|
|
|
#:phases
|
|
|
|
(modify-phases %standard-phases
|
|
|
|
(add-after 'unpack 'hard-code-path-to-libscrypt
|
|
|
|
(lambda* (#:key inputs #:allow-other-keys)
|
|
|
|
(chdir "tests")
|
|
|
|
#t)))))))
|
|
|
|
|
|
|
|
(define-public python-certvalidator
|
2022-03-08 09:11:13 -03:00
|
|
|
(let ((commit "a145bf25eb75a9f014b3e7678826132efbba6213"))
|
2021-02-04 21:09:02 -03:00
|
|
|
(package
|
|
|
|
(name "python-certvalidator")
|
|
|
|
(version (git-version "0.1" "1" commit))
|
|
|
|
(source
|
|
|
|
(origin
|
|
|
|
(method git-fetch)
|
|
|
|
(uri (git-reference
|
|
|
|
(url "https://github.com/achow101/certvalidator")
|
|
|
|
(commit commit)))
|
|
|
|
(file-name (git-file-name name commit))
|
|
|
|
(sha256
|
|
|
|
(base32
|
2022-03-08 09:11:13 -03:00
|
|
|
"1qw2k7xis53179lpqdqyylbcmp76lj7sagp883wmxg5i7chhc96k"))))
|
2021-02-04 21:09:02 -03:00
|
|
|
(build-system python-build-system)
|
|
|
|
(propagated-inputs
|
|
|
|
`(("python-asn1crypto" ,python-asn1crypto)
|
|
|
|
("python-oscrypto" ,python-oscrypto)
|
|
|
|
("python-oscryptotests", python-oscryptotests))) ;; certvalidator tests import oscryptotests
|
|
|
|
(arguments
|
|
|
|
`(#:phases
|
|
|
|
(modify-phases %standard-phases
|
|
|
|
(add-after 'unpack 'disable-broken-tests
|
|
|
|
(lambda _
|
|
|
|
(substitute* "tests/test_certificate_validator.py"
|
|
|
|
(("^(.*)class CertificateValidatorTests" line indent)
|
|
|
|
(string-append indent
|
|
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
|
|
line)))
|
|
|
|
(substitute* "tests/test_crl_client.py"
|
|
|
|
(("^(.*)def test_fetch_crl" line indent)
|
|
|
|
(string-append indent
|
|
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
|
|
line)))
|
|
|
|
(substitute* "tests/test_ocsp_client.py"
|
|
|
|
(("^(.*)def test_fetch_ocsp" line indent)
|
|
|
|
(string-append indent
|
|
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
|
|
line)))
|
|
|
|
(substitute* "tests/test_registry.py"
|
|
|
|
(("^(.*)def test_build_paths" line indent)
|
|
|
|
(string-append indent
|
|
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
|
|
line)))
|
|
|
|
(substitute* "tests/test_validate.py"
|
|
|
|
(("^(.*)def test_revocation_mode_hard" line indent)
|
|
|
|
(string-append indent
|
|
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
|
|
line)))
|
2022-08-04 08:24:20 -04:00
|
|
|
(substitute* "tests/test_validate.py"
|
|
|
|
(("^(.*)def test_revocation_mode_soft" line indent)
|
|
|
|
(string-append indent
|
|
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
|
|
line)))
|
2021-02-04 21:09:02 -03:00
|
|
|
#t))
|
|
|
|
(replace 'check
|
|
|
|
(lambda _
|
|
|
|
(invoke "python" "run.py" "tests")
|
|
|
|
#t)))))
|
|
|
|
(home-page "https://github.com/wbond/certvalidator")
|
|
|
|
(synopsis "Python library for validating X.509 certificates and paths")
|
|
|
|
(description "certvalidator is a Python library for validating X.509
|
|
|
|
certificates or paths. Supports various options, including: validation at a
|
|
|
|
specific moment in time, whitelisting and revocation checks.")
|
|
|
|
(license license:expat))))
|
|
|
|
|
|
|
|
(define-public python-altgraph
|
|
|
|
(package
|
|
|
|
(name "python-altgraph")
|
|
|
|
(version "0.17")
|
|
|
|
(source
|
|
|
|
(origin
|
|
|
|
(method git-fetch)
|
|
|
|
(uri (git-reference
|
|
|
|
(url "https://github.com/ronaldoussoren/altgraph")
|
|
|
|
(commit (string-append "v" version))))
|
|
|
|
(file-name (git-file-name name version))
|
|
|
|
(sha256
|
|
|
|
(base32
|
|
|
|
"09sm4srvvkw458pn48ga9q7ykr4xlz7q8gh1h9w7nxpf001qgpwb"))))
|
|
|
|
(build-system python-build-system)
|
|
|
|
(home-page "https://github.com/ronaldoussoren/altgraph")
|
|
|
|
(synopsis "Python graph (network) package")
|
|
|
|
(description "altgraph is a fork of graphlib: a graph (network) package for
|
|
|
|
constructing graphs, BFS and DFS traversals, topological sort, shortest paths,
|
|
|
|
etc. with graphviz output.")
|
|
|
|
(license license:expat)))
|
|
|
|
|
|
|
|
|
|
|
|
(define-public python-macholib
|
|
|
|
(package
|
|
|
|
(name "python-macholib")
|
|
|
|
(version "1.14")
|
|
|
|
(source
|
|
|
|
(origin
|
|
|
|
(method git-fetch)
|
|
|
|
(uri (git-reference
|
|
|
|
(url "https://github.com/ronaldoussoren/macholib")
|
|
|
|
(commit (string-append "v" version))))
|
|
|
|
(file-name (git-file-name name version))
|
|
|
|
(sha256
|
|
|
|
(base32
|
|
|
|
"0aislnnfsza9wl4f0vp45ivzlc0pzhp9d4r08700slrypn5flg42"))))
|
|
|
|
(build-system python-build-system)
|
|
|
|
(propagated-inputs
|
|
|
|
`(("python-altgraph" ,python-altgraph)))
|
|
|
|
(arguments
|
|
|
|
'(#:phases
|
|
|
|
(modify-phases %standard-phases
|
|
|
|
(add-after 'unpack 'disable-broken-tests
|
|
|
|
(lambda _
|
|
|
|
;; This test is broken as there is no keyboard interrupt.
|
|
|
|
(substitute* "macholib_tests/test_command_line.py"
|
|
|
|
(("^(.*)class TestCmdLine" line indent)
|
|
|
|
(string-append indent
|
|
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
|
|
line)))
|
|
|
|
(substitute* "macholib_tests/test_dyld.py"
|
|
|
|
(("^(.*)def test_\\S+_find" line indent)
|
|
|
|
(string-append indent
|
|
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
|
|
line))
|
|
|
|
(("^(.*)def testBasic" line indent)
|
|
|
|
(string-append indent
|
|
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
|
|
line))
|
|
|
|
)
|
|
|
|
#t)))))
|
|
|
|
(home-page "https://github.com/ronaldoussoren/macholib")
|
|
|
|
(synopsis "Python library for analyzing and editing Mach-O headers")
|
|
|
|
(description "macholib is a Macho-O header analyzer and editor. It's
|
|
|
|
typically used as a dependency analysis tool, and also to rewrite dylib
|
|
|
|
references in Mach-O headers to be @executable_path relative. Though this tool
|
|
|
|
targets a platform specific file format, it is pure python code that is platform
|
|
|
|
and endian independent.")
|
|
|
|
(license license:expat)))
|
|
|
|
|
|
|
|
(define-public python-signapple
|
2022-03-15 15:02:27 -03:00
|
|
|
(let ((commit "8a945a2e7583be2665cf3a6a89d665b70ecd1ab6"))
|
2021-02-04 21:09:02 -03:00
|
|
|
(package
|
|
|
|
(name "python-signapple")
|
|
|
|
(version (git-version "0.1" "1" commit))
|
|
|
|
(source
|
|
|
|
(origin
|
|
|
|
(method git-fetch)
|
|
|
|
(uri (git-reference
|
2021-06-08 16:30:43 -04:00
|
|
|
(url "https://github.com/achow101/signapple")
|
2021-02-04 21:09:02 -03:00
|
|
|
(commit commit)))
|
|
|
|
(file-name (git-file-name name commit))
|
|
|
|
(sha256
|
|
|
|
(base32
|
2022-03-15 15:02:27 -03:00
|
|
|
"0fr1hangvfyiwflca6jg5g8zvg3jc9qr7vd2c12ff89pznf38dlg"))))
|
2021-02-04 21:09:02 -03:00
|
|
|
(build-system python-build-system)
|
|
|
|
(propagated-inputs
|
|
|
|
`(("python-asn1crypto" ,python-asn1crypto)
|
|
|
|
("python-oscrypto" ,python-oscrypto)
|
|
|
|
("python-certvalidator" ,python-certvalidator)
|
|
|
|
("python-elfesteem" ,python-elfesteem)
|
2021-12-30 09:43:02 -03:00
|
|
|
("python-requests" ,python-requests)
|
2022-03-09 06:01:30 -03:00
|
|
|
("python-macholib" ,python-macholib)))
|
2021-02-04 21:09:02 -03:00
|
|
|
;; There are no tests, but attempting to run python setup.py test leads to
|
|
|
|
;; problems, just disable the test
|
|
|
|
(arguments '(#:tests? #f))
|
|
|
|
(home-page "https://github.com/achow101/signapple")
|
|
|
|
(synopsis "Mach-O binary signature tool")
|
|
|
|
(description "signapple is a Python tool for creating, verifying, and
|
|
|
|
inspecting signatures in Mach-O binaries.")
|
|
|
|
(license license:expat))))
|
|
|
|
|
2023-01-26 07:30:41 -03:00
|
|
|
;; https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
|
2023-03-24 12:23:33 -03:00
|
|
|
;; We don't use --disable-werror directly, as that would be passed through to bash,
|
|
|
|
;; and cause it's build to fail.
|
2023-01-26 07:30:41 -03:00
|
|
|
(define (hardened-glibc glibc)
|
|
|
|
(package-with-extra-configure-variable (
|
2023-03-24 12:23:33 -03:00
|
|
|
package-with-extra-configure-variable (
|
|
|
|
package-with-extra-configure-variable glibc
|
|
|
|
"enable_werror" "no")
|
|
|
|
"--enable-stack-protector" "all")
|
|
|
|
"--enable-bind-now" "yes"))
|
2022-06-27 06:25:07 -04:00
|
|
|
|
2023-01-25 14:10:42 -03:00
|
|
|
(define-public glibc-2.27
|
2021-11-01 04:17:01 -03:00
|
|
|
(package
|
|
|
|
(inherit glibc-2.31)
|
|
|
|
(version "2.27")
|
|
|
|
(source (origin
|
|
|
|
(method git-fetch)
|
|
|
|
(uri (git-reference
|
|
|
|
(url "https://sourceware.org/git/glibc.git")
|
2023-01-25 14:10:42 -03:00
|
|
|
(commit "73886db6218e613bd6d4edf529f11e008a6c2fa6")))
|
|
|
|
(file-name (git-file-name "glibc" "73886db6218e613bd6d4edf529f11e008a6c2fa6"))
|
2021-11-01 04:17:01 -03:00
|
|
|
(sha256
|
|
|
|
(base32
|
2023-01-25 14:10:42 -03:00
|
|
|
"0azpb9cvnbv25zg8019rqz48h8i2257ngyjg566dlnp74ivrs9vq"))
|
guix: remove redundant glibc patches
These should only be relevant for a glibc that is built as part of a
Guix system, and should not be required for a glibc that is just being
built to compile our binaries against. A x86_64 linux bitcoind produced
with Guix using master vs this change has no difference. i.e:
```diff
@@ -20311,15 +20311,15 @@
This is experimental software.
The source code is available from %s.
Please contribute if you find %s useful. Visit %s for further information about the software.
The %s developers
The Bitcoin Core developers
<https://bitcoincore.org/>
Copyright (C) %i-%i
-v25.99.0-gda0bf1d07639b0490791bbd6aec71bbea8aa2aThe %s developer<https://github.com/bitcoin/bitcDistributed under the MIT software license, see the accompanyingThis is experimeThe source code is available froPlease contribute if you find %s useful. Visit %s for further information about Copyright (C) %ibool BCLog::Logger::StartLogging()
+v25.99.0-gd7700d3a26478d9b1648463c188648c7047b1cThe %s developer<https://github.com/bitcoin/bitcDistributed under the MIT software license, see the accompanyingThis is experimeThe source code is available froPlease contribute if you find %s useful. Visit %s for further information about Copyright (C) %ibool BCLog::Logger::StartLogging()
std::string BCLog::Logger::LogLevelToStr(BCLog::Level) const
std::string LogCategoryToStr(BCLog::LogFlags)
void BCLog::Logger::LogPrintStr(const string&, const string&, const string&, int, BCLog::LogFlags, BCLog::Level)
void BCLog::Logger::ShrinkDebugFile()
Failed to shrink debug log file: fseek(...) failed
logging.cpp
m_buffering
```
```diff
@@ -1505889,15 +1505889,15 @@
call aa3380 <malloc@plt+0xa4edb0>
mov (%rsp),%rdx
movdqa 0x465540(%rip),%xmm0
mov %rax,0x7a0559(%rip)
lea 0x7a0552(%rip),%rsi
lea 0x3957bb(%rip),%rdi
mov %rdx,0x7a0554(%rip)
- mov $0x3038,%edx
+ mov $0x3036,%edx
movups %xmm0,(%rax)
movdqa 0x465524(%rip),%xmm0
mov %dx,0x30(%rax)
mov 0x7a0529(%rip),%rdx
movups %xmm0,0x10(%rax)
movdqa 0x46551d(%rip),%xmm0
movups %xmm0,0x20(%rax)
```
```diff
@@ -37238,17 +37238,17 @@
0x00b73730 65202573 20646576 656c6f70 65727300 e %s developers.
0x00b73740 54686520 42697463 6f696e20 436f7265 The Bitcoin Core
0x00b73750 20646576 656c6f70 65727300 434f5059 developers.COPY
0x00b73760 494e4700 3c687474 70733a2f 2f626974 ING.<https://bit
0x00b73770 636f696e 636f7265 2e6f7267 2f3e0043 coincore.org/>.C
0x00b73780 6f707972 69676874 20284329 2025692d opyright (C) %i-
0x00b73790 25690053 61746f73 68690000 00000000 %i.Satoshi......
- 0x00b737a0 7632352e 39392e30 2d676461 30626631 v25.99.0-gda0bf1
- 0x00b737b0 64303736 33396230 34393037 39316262 d07639b0490791bb
- 0x00b737c0 64366165 63373162 62656138 61613261 d6aec71bbea8aa2a
+ 0x00b737a0 7632352e 39392e30 2d676437 37303064 v25.99.0-gd7700d
+ 0x00b737b0 33613236 34373864 39623136 34383436 3a26478d9b164846
+ 0x00b737c0 33633138 38363438 63373034 37623163 3c188648c7047b1c
0x00b737d0 54686520 25732064 6576656c 6f706572 The %s developer
0x00b737e0 3c687474 70733a2f 2f676974 6875622e <https://github.
0x00b737f0 636f6d2f 62697463 6f696e2f 62697463 com/bitcoin/bitc
0x00b73800 44697374 72696275 74656420 756e6465 Distributed unde
0x00b73810 72207468 65204d49 5420736f 66747761 r the MIT softwa
0x00b73820 7265206c 6963656e 73652c20 73656520 re license, see
0x00b73830 74686520 6163636f 6d70616e 79696e67 the accompanying
```
```diff
@@ -1,5 +1,5 @@
Hex dump of section '.gnu_debuglink':
0x00000000 62697463 6f696e64 2e646267 00000000 bitcoind.dbg....
- 0x00000010 6b6e8eda kn..
+ 0x00000010 345cb865 4\.e
```
2023-05-15 12:07:20 -04:00
|
|
|
(patches (search-our-patches "glibc-2.27-riscv64-Use-__has_include-to-include-asm-syscalls.h.patch"
|
2023-01-25 14:10:42 -03:00
|
|
|
"glibc-2.27-fcommon.patch"
|
2022-03-18 11:50:35 -03:00
|
|
|
"glibc-2.27-guix-prefix.patch"))))))
|
2021-06-25 20:49:33 -04:00
|
|
|
|
2019-07-12 00:28:29 -04:00
|
|
|
(packages->manifest
|
2020-01-16 16:40:48 -03:00
|
|
|
(append
|
|
|
|
(list ;; The Basics
|
2023-02-28 06:25:04 -03:00
|
|
|
bash-minimal
|
2020-01-16 16:40:48 -03:00
|
|
|
which
|
2023-02-28 06:25:21 -03:00
|
|
|
coreutils-minimal
|
2020-01-16 16:40:48 -03:00
|
|
|
util-linux
|
|
|
|
;; File(system) inspection
|
|
|
|
file
|
|
|
|
grep
|
|
|
|
diffutils
|
|
|
|
findutils
|
|
|
|
;; File transformation
|
|
|
|
patch
|
|
|
|
gawk
|
|
|
|
sed
|
2021-05-25 23:51:11 -04:00
|
|
|
moreutils
|
2020-01-16 16:40:48 -03:00
|
|
|
;; Compression and archiving
|
|
|
|
tar
|
|
|
|
bzip2
|
|
|
|
gzip
|
|
|
|
xz
|
|
|
|
;; Build tools
|
|
|
|
gnu-make
|
2022-06-16 06:14:04 -04:00
|
|
|
libtool-2.4.7
|
2022-01-25 21:57:51 -03:00
|
|
|
autoconf-2.71
|
2020-01-16 16:40:48 -03:00
|
|
|
automake
|
|
|
|
pkg-config
|
2021-03-03 14:00:12 -03:00
|
|
|
bison
|
2022-03-29 05:02:58 -03:00
|
|
|
;; Native GCC 10 toolchain
|
|
|
|
gcc-toolchain-10
|
|
|
|
(list gcc-toolchain-10 "static")
|
2020-01-16 16:40:48 -03:00
|
|
|
;; Scripting
|
2023-03-05 14:17:47 -03:00
|
|
|
python-minimal ;; (3.9)
|
2020-04-22 13:05:37 -04:00
|
|
|
;; Git
|
2022-09-07 09:10:55 -04:00
|
|
|
git-minimal
|
2021-04-08 22:12:14 -04:00
|
|
|
;; Tests
|
2023-03-21 11:26:01 -03:00
|
|
|
(fix-ppc64-nx-default python-lief))
|
2020-01-16 16:40:48 -03:00
|
|
|
(let ((target (getenv "HOST")))
|
|
|
|
(cond ((string-suffix? "-mingw32" target)
|
|
|
|
;; Windows
|
2022-03-29 05:02:58 -03:00
|
|
|
(list zip
|
2021-01-14 20:10:16 -03:00
|
|
|
(make-mingw-pthreads-cross-toolchain "x86_64-w64-mingw32")
|
2021-12-07 22:16:52 -03:00
|
|
|
(make-nsis-for-gcc-10 nsis-x86_64)
|
2022-08-03 05:54:15 -04:00
|
|
|
nss-certs
|
2021-02-04 21:09:02 -03:00
|
|
|
osslsigncode))
|
2020-01-16 16:40:48 -03:00
|
|
|
((string-contains target "-linux-")
|
2023-01-25 14:10:42 -03:00
|
|
|
(list (make-bitcoin-cross-toolchain target)))
|
2020-11-17 15:09:31 -03:00
|
|
|
((string-contains target "darwin")
|
2023-02-28 09:15:18 -03:00
|
|
|
(list clang-toolchain-10 binutils cmake-minimal xorriso python-signapple))
|
2020-01-16 16:40:48 -03:00
|
|
|
(else '())))))
|