Commit graph

375 commits

Author SHA1 Message Date
fanquake
74b011bbfa
Merge bitcoin/bitcoin#23008: ci: Use clang-12 and libcxx-12 for msan
fa73f8a469 ci: Use clang-12 and libcxx-12 for msan (MarcoFalke)

Pull request description:

  Run the latest sanitizers to get the most implemented features

ACKs for top commit:
  fanquake:
    ACK fa73f8a469 - `--disable-hardening` matches what was just added to oss-fuzz.

Tree-SHA512: 2e533bb9273c97600176be2e41069a03f425aa586f9f32b8ed5f0c9844215a3a41e95a8edd58d044386e350807d6a1df09008a7da35428abd185a509ca71bd82
2022-03-30 19:41:16 +01:00
MarcoFalke
fa73f8a469
ci: Use clang-12 and libcxx-12 for msan 2022-03-30 11:56:06 +02:00
laanwj
bdbabc50ba
Merge bitcoin/bitcoin#24561: guix: use LIEF 0.12.0
3c3bd90220 test: remove lief install from multiprocess job (fanquake)
983e0a2058 contrib: use LIEF 0.12.0 for symbol and security checks (fanquake)

Pull request description:

  [LIEF](https://github.com/lief-project/LIEF) `0.12.0` is [now available](https://github.com/lief-project/LIEF/releases/tag/0.12.0), and includes minor changes we have upstreamed to improve support for RISC-V binaries:
  * https://github.com/lief-project/LIEF/pull/562
  * https://github.com/lief-project/LIEF/pull/640

  Closes: #23655.

  Guix Build (x86_64):
  ```bash
  2fc504baf4f550092f05115f8c7c9046ec2988f097b55b33c4c963e02f11cfc3  guix-build-3c3bd9022026/output/aarch64-linux-gnu/SHA256SUMS.part
  15b1a8a33f4b750cf8d3e2753e6fe3ca7560aeefa88c1acbaf0be412cbd81cc4  guix-build-3c3bd9022026/output/aarch64-linux-gnu/bitcoin-3c3bd9022026-aarch64-linux-gnu-debug.tar.gz
  77a446792dba101afd565f0b4441c5dfe8e08bf9e4c9ea6e862a0df118a55327  guix-build-3c3bd9022026/output/aarch64-linux-gnu/bitcoin-3c3bd9022026-aarch64-linux-gnu.tar.gz
  dc63f742a3d396ab2b2115f7cea4e90c127267a0c9fc2f1e9af9e052a670cd41  guix-build-3c3bd9022026/output/arm-linux-gnueabihf/SHA256SUMS.part
  5214a5c3e532ddfec218354b6512cc4eedd6411a199cc2d4eed7d0ad77873a0e  guix-build-3c3bd9022026/output/arm-linux-gnueabihf/bitcoin-3c3bd9022026-arm-linux-gnueabihf-debug.tar.gz
  fea7b00ca6d8b7bc72c2e4e2c9e9aa94c76f9f463af82cf0bd5a6fc8951a7fe7  guix-build-3c3bd9022026/output/arm-linux-gnueabihf/bitcoin-3c3bd9022026-arm-linux-gnueabihf.tar.gz
  200bf59ecaebdcb2a1302160dd47288135b8cead99e202d1a8b7da8d54a872c3  guix-build-3c3bd9022026/output/arm64-apple-darwin/SHA256SUMS.part
  51c079c29966a1f76f690f28ed99d767413327422636bbbe9ca499e97954cfd4  guix-build-3c3bd9022026/output/arm64-apple-darwin/bitcoin-3c3bd9022026-arm64-apple-darwin-unsigned.dmg
  2e85d002b7e993a90b23363bb01d8dca644fbabd9debb336012834abeddce024  guix-build-3c3bd9022026/output/arm64-apple-darwin/bitcoin-3c3bd9022026-arm64-apple-darwin-unsigned.tar.gz
  257e272f6ed867f7634d1bba5860da855e35793646581b37518e25d1fdab48db  guix-build-3c3bd9022026/output/arm64-apple-darwin/bitcoin-3c3bd9022026-arm64-apple-darwin.tar.gz
  a0c755bb31763995e1d2050d5448bb98194c238fdd6b9eff901e429c9fdfa0f6  guix-build-3c3bd9022026/output/dist-archive/bitcoin-3c3bd9022026.tar.gz
  cf07cfefe010a1cc58ceab5dd5361ca39d770038d73682bd60b52410708c5f35  guix-build-3c3bd9022026/output/powerpc64-linux-gnu/SHA256SUMS.part
  aa93521bfbf7cf693fe56500faa6ac460bb297e5af2d8cf4e857f7ea0e92eb34  guix-build-3c3bd9022026/output/powerpc64-linux-gnu/bitcoin-3c3bd9022026-powerpc64-linux-gnu-debug.tar.gz
  883c2e5fe0d8215dcc0a252cd62c8fd95fc13b31e1bd72d340dfb2e4adadfe01  guix-build-3c3bd9022026/output/powerpc64-linux-gnu/bitcoin-3c3bd9022026-powerpc64-linux-gnu.tar.gz
  903666488f620a5710bc1709f52feb60d530aaba6e7e0b200692fa2945e569b8  guix-build-3c3bd9022026/output/powerpc64le-linux-gnu/SHA256SUMS.part
  2dd8a3fa924111e839097da8ee12675a265e64aeeae270f1f3e86f9c9b7bd28a  guix-build-3c3bd9022026/output/powerpc64le-linux-gnu/bitcoin-3c3bd9022026-powerpc64le-linux-gnu-debug.tar.gz
  d93a4347ea376e02760c52bb836317fd3f9c8e78ff004d9c141ebce185f3d364  guix-build-3c3bd9022026/output/powerpc64le-linux-gnu/bitcoin-3c3bd9022026-powerpc64le-linux-gnu.tar.gz
  7ee00ec4a2cd83f27d619c6983e93baa198d78167a860e8d9f4c4aa670120ab2  guix-build-3c3bd9022026/output/riscv64-linux-gnu/SHA256SUMS.part
  9ad79a47c59a67f881ba2ef7a669ffb667b6e0bd13407730574dc7af542fd935  guix-build-3c3bd9022026/output/riscv64-linux-gnu/bitcoin-3c3bd9022026-riscv64-linux-gnu-debug.tar.gz
  35462865447683571b006d426e532090c19ef18b9f399b84ebf37795fb3c4eaa  guix-build-3c3bd9022026/output/riscv64-linux-gnu/bitcoin-3c3bd9022026-riscv64-linux-gnu.tar.gz
  a5a3bb0527ded1eea3956208d1dc7289e39786594ac4cbee17f4c28573b7e4fb  guix-build-3c3bd9022026/output/x86_64-apple-darwin/SHA256SUMS.part
  e75435885e97dec09f3d9c51c0bd5987329a485ef26027d6e7b4cafcec20a9ab  guix-build-3c3bd9022026/output/x86_64-apple-darwin/bitcoin-3c3bd9022026-x86_64-apple-darwin-unsigned.dmg
  438b027186095eed1615898a403b0bdd0a686d95f0617b4065db469c8c4e732c  guix-build-3c3bd9022026/output/x86_64-apple-darwin/bitcoin-3c3bd9022026-x86_64-apple-darwin-unsigned.tar.gz
  1d33e0661041f00b4f224f231bbb71bda534ad8ad76a7d2b041084911cdd0814  guix-build-3c3bd9022026/output/x86_64-apple-darwin/bitcoin-3c3bd9022026-x86_64-apple-darwin.tar.gz
  fc9a88c1cdf10570bc2c453c1a643a04b525155f0b98a18c90b8d5fd64fcf630  guix-build-3c3bd9022026/output/x86_64-linux-gnu/SHA256SUMS.part
  435896b6a85f46a2f3f0b5f278936e84d0212ef7102787b70f139648373344d3  guix-build-3c3bd9022026/output/x86_64-linux-gnu/bitcoin-3c3bd9022026-x86_64-linux-gnu-debug.tar.gz
  02c84c4c74846740b5336e8889194909bb6d638cf731851ddd8af7bbffd1ae9b  guix-build-3c3bd9022026/output/x86_64-linux-gnu/bitcoin-3c3bd9022026-x86_64-linux-gnu.tar.gz
  d4176cc40eaa0769410717b28637d507ddef182c73c60801f333ddd7a56b41f7  guix-build-3c3bd9022026/output/x86_64-w64-mingw32/SHA256SUMS.part
  7623a149798beba635c21639975d5cbf2a417c7e8a1bf3583abe1bb20cfa1673  guix-build-3c3bd9022026/output/x86_64-w64-mingw32/bitcoin-3c3bd9022026-win64-debug.zip
  a1de00c9d4315928e3ce93890009fe2ea8f3f1fa7ca63004d952192012131d20  guix-build-3c3bd9022026/output/x86_64-w64-mingw32/bitcoin-3c3bd9022026-win64-setup-unsigned.exe
  82dc001a7f6d2b405b89bd343276db59954f25461d828ddf2e3c42f5ba4fe164  guix-build-3c3bd9022026/output/x86_64-w64-mingw32/bitcoin-3c3bd9022026-win64-unsigned.tar.gz
  6fc6f6101672a4cee2696a1517def03b6872435d968d74a47efbb4f8c5198c03  guix-build-3c3bd9022026/output/x86_64-w64-mingw32/bitcoin-3c3bd9022026-win64.zip
  ```

  Guix Build (arm64):
  ```bash
  d803406d4a90f9813bff58f01fde109d77dbf5b37b1af68e7a58fb4c3041a390  guix-build-3c3bd9022026/output/arm-linux-gnueabihf/SHA256SUMS.part
  25a234f4c0eb0ed280d7c24b65e2bae75d44f4fade1895d9d6d2a3880ed29557  guix-build-3c3bd9022026/output/arm-linux-gnueabihf/bitcoin-3c3bd9022026-arm-linux-gnueabihf-debug.tar.gz
  0b6044ea0441536e7b2853cce5a354fff33625db8c18c70023c78a9de5364376  guix-build-3c3bd9022026/output/arm-linux-gnueabihf/bitcoin-3c3bd9022026-arm-linux-gnueabihf.tar.gz
  c44810505ee8f7800488c0442edc71550a1f989598c702e9a31709b9880ef8ba  guix-build-3c3bd9022026/output/arm64-apple-darwin/SHA256SUMS.part
  ce9a74deac4a20a2ca4d7f8dfc242aea367c2aa55cb3b9de4e11c691ce0755bd  guix-build-3c3bd9022026/output/arm64-apple-darwin/bitcoin-3c3bd9022026-arm64-apple-darwin-unsigned.dmg
  341efb7b536ad6f75456dd51134e1afa4773708be2103733c48c8fb7a85df8b0  guix-build-3c3bd9022026/output/arm64-apple-darwin/bitcoin-3c3bd9022026-arm64-apple-darwin-unsigned.tar.gz
  607151e3423f712ea1bb0e24b7f625290e2decfe4586adf193e3218f62e87f71  guix-build-3c3bd9022026/output/arm64-apple-darwin/bitcoin-3c3bd9022026-arm64-apple-darwin.tar.gz
  a0c755bb31763995e1d2050d5448bb98194c238fdd6b9eff901e429c9fdfa0f6  guix-build-3c3bd9022026/output/dist-archive/bitcoin-3c3bd9022026.tar.gz
  16f1f669f9f7a658ad25d72e628c68fefdc3469857efd06149b0ae063ad07cf2  guix-build-3c3bd9022026/output/powerpc64-linux-gnu/SHA256SUMS.part
  8c36e24b12d0f3c200b51c813a6c8e85b826c994af4891a4eed16bb2447f6ae9  guix-build-3c3bd9022026/output/powerpc64-linux-gnu/bitcoin-3c3bd9022026-powerpc64-linux-gnu-debug.tar.gz
  89777d8c44ec0ce3e59e74461fb7ed39b544ff1d40ed8399e3a26733fcd938af  guix-build-3c3bd9022026/output/powerpc64-linux-gnu/bitcoin-3c3bd9022026-powerpc64-linux-gnu.tar.gz
  f51279dc699a1b8625f8fd3e13ec1555e81be7696dc0fd88621177fb4c3353d7  guix-build-3c3bd9022026/output/powerpc64le-linux-gnu/SHA256SUMS.part
  15c1aad2b67838fbf004cfd4a0926cb2e2f2d0fcee639e5cf17fec9c659be7ad  guix-build-3c3bd9022026/output/powerpc64le-linux-gnu/bitcoin-3c3bd9022026-powerpc64le-linux-gnu-debug.tar.gz
  102ae28c667fee645fb1541395531742b89886e153ed979639532c8cab50d24b  guix-build-3c3bd9022026/output/powerpc64le-linux-gnu/bitcoin-3c3bd9022026-powerpc64le-linux-gnu.tar.gz
  ccff48fd8b5a26d32d2743f430d812a449ad00ee502fc1f02538598ff7def9db  guix-build-3c3bd9022026/output/riscv64-linux-gnu/SHA256SUMS.part
  d038064cfb33dee85833a58ee5a7c40c94041aa0574da9fa14837b0da7a92b3a  guix-build-3c3bd9022026/output/riscv64-linux-gnu/bitcoin-3c3bd9022026-riscv64-linux-gnu-debug.tar.gz
  763a0c5c7492d11370a0208f3110fc73f6bac3526b401d1df3eca5cff1037a36  guix-build-3c3bd9022026/output/riscv64-linux-gnu/bitcoin-3c3bd9022026-riscv64-linux-gnu.tar.gz
  14aad526acfed07e5781efa8febe37f002c5772090aad0cd98cf7f4cf0cc3177  guix-build-3c3bd9022026/output/x86_64-apple-darwin/SHA256SUMS.part
  e75435885e97dec09f3d9c51c0bd5987329a485ef26027d6e7b4cafcec20a9ab  guix-build-3c3bd9022026/output/x86_64-apple-darwin/bitcoin-3c3bd9022026-x86_64-apple-darwin-unsigned.dmg
  742cacbb471968c396da97bbed0332220b721c552b663e931b9bfeb0e4b2f4de  guix-build-3c3bd9022026/output/x86_64-apple-darwin/bitcoin-3c3bd9022026-x86_64-apple-darwin-unsigned.tar.gz
  1d33e0661041f00b4f224f231bbb71bda534ad8ad76a7d2b041084911cdd0814  guix-build-3c3bd9022026/output/x86_64-apple-darwin/bitcoin-3c3bd9022026-x86_64-apple-darwin.tar.gz
  b8fdd26c3aef78d13161f6119d755a853470ced695cb40dcc8ff9f0463a533e1  guix-build-3c3bd9022026/output/x86_64-linux-gnu/SHA256SUMS.part
  48846704f00e92e1cb6898a13e077da5a314314d6aa694b022d0f2aa68b7128b  guix-build-3c3bd9022026/output/x86_64-linux-gnu/bitcoin-3c3bd9022026-x86_64-linux-gnu-debug.tar.gz
  52968c1aea392d19989613b4faf0075702c9aa834f74cd3e7a09883e201ae3e4  guix-build-3c3bd9022026/output/x86_64-linux-gnu/bitcoin-3c3bd9022026-x86_64-linux-gnu.tar.gz
  a4df21e146042c6d78b0724ace37fdb05ce3a4ce8c1ed8274727b031cf53805e  guix-build-3c3bd9022026/output/x86_64-w64-mingw32/SHA256SUMS.part
  68f05fc5cc5e157805280bcb36fdbc6873db9e7b3afb4ddd992786db722530fc  guix-build-3c3bd9022026/output/x86_64-w64-mingw32/bitcoin-3c3bd9022026-win64-debug.zip
  a1de00c9d4315928e3ce93890009fe2ea8f3f1fa7ca63004d952192012131d20  guix-build-3c3bd9022026/output/x86_64-w64-mingw32/bitcoin-3c3bd9022026-win64-setup-unsigned.exe
  82dc001a7f6d2b405b89bd343276db59954f25461d828ddf2e3c42f5ba4fe164  guix-build-3c3bd9022026/output/x86_64-w64-mingw32/bitcoin-3c3bd9022026-win64-unsigned.tar.gz
  b644760f08a6147bccae8761e33fa13dc7f0cf391240521a81e57b437e272baa  guix-build-3c3bd9022026/output/x86_64-w64-mingw32/bitcoin-3c3bd9022026-win64.zip
  ```

ACKs for top commit:
  laanwj:
    Code review ACK 3c3bd90220
  hebasto:
    ACK 3c3bd90220, tested that bitcoin/bitcoin#23655 has been resolved.

Tree-SHA512: abc95ab68d3973c89d421ee7a5b795f6fa802dc665db47529d5f9aee5b92b8a7b55f9a45c634b9be6e917038e67e785f1809cc189c84be13f089f4e7fa1029f9
2022-03-30 11:10:25 +02:00
fanquake
896beca831
Merge bitcoin/bitcoin#24708: ci: Avoid boost test warnings
fa76b2fbe3 ci: Avoid boost test warnings (MarcoFalke)

Pull request description:

  This removes boost test warnings from the CI log.

  For example https://cirrus-ci.com/task/6029158399606784?logs=ci#L4060:

  ```
  Boost.Test WARNING: token "/tmp/cirrus-build/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/test_bitcoin-addrman_tests.o" does not correspond to the Boost.Test argument
                      and should be placed after all Boost.Test arguments and the -- separator.
                      For example: test_bitcoin --random -- /tmp/cirrus-build/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/test_bitcoin-addrman_tests.o
  Boost.Test WARNING: token "/tmp/cirrus-build/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/test_bitcoin-allocator_tests.o" does not correspond to the Boost.Test argument
                      and should be placed after all Boost.Test arguments and the -- separator.
                      For example: test_bitcoin --random -- /tmp/cirrus-build/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/test_bitcoin-allocator_tests.o
  Boost.Test WARNING: token "/tmp/cirrus-build/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/test_bitcoin-amount_tests.o" does not correspond to the Boost.Test argument
                      and should be placed after all Boost.Test arguments and the -- separator.
  ...

ACKs for top commit:
  fanquake:
    ACK fa76b2fbe3 - checked that tests are also still being run in other jobs.

Tree-SHA512: c00fe1242ee6b9ef92d511f1e86305c1731d8894bb89ec8fcdf30069959831483933a93a6bfd33d9f2d15706bdeedbba29e82c409eed266abfc57aabfdaf4841
2022-03-30 08:54:26 +01:00
MarcoFalke
ecf692b466
Merge bitcoin/bitcoin#24540: ci: Integrate ccache into MSVC build
3a53927f03 ci: Integrate ccache into MSVC build (Hennadii Stepanov)

Pull request description:

  [ccache 4.6](https://ccache.dev/releasenotes.html#_ccache_4_6):
  > Added support for caching calls to Microsoft Visual C++ (MSVC)

  Integrated into our native Windows CI task.

  [On master](url) (c109e7d51c):
  ![Screenshot from 2022-03-12 10-17-58](https://user-images.githubusercontent.com/32963518/158012098-7ac9d441-2eb0-481e-bcc5-3700c1ce2b15.png)

  [This PR](https://cirrus-ci.com/task/6572984340054016):
  ![Screenshot from 2022-03-12 10-25-33](https://user-images.githubusercontent.com/32963518/158012361-d6bf88bc-f98d-4771-8b4f-31bf5673d085.png)

  ```
  Summary:
    Hits:             222 /  222 (100.0 %)
      Direct:         222 /  222 (100.0 %)
      Preprocessed:     0 /    0
    Misses:             0
      Direct:           0
      Preprocessed:     0
    Errors:             7
    Uncacheable:        9
  Primary storage:
    Hits:             444 /  444 (100.0 %)
    Misses:             0
    Cache size (GB): 0.04 / 5.00 (0.86 %)

  Use the -v/--verbose option for more details.
  ```

Top commit has no ACKs.

Tree-SHA512: d8cf91d8e75a5187cf456960bdf759f857fb9a9b0c4087e5e46ccbe2202aca5f1b9b38a47ec54d98e885c0f5d78de93a3188fb966fa5b346e81907c211ba1e79
2022-03-29 20:22:48 +02:00
MarcoFalke
fa76b2fbe3
ci: Avoid boost test warnings 2022-03-29 16:05:39 +02:00
fanquake
527eeaf580
ci: note why BDB is disabled for MSAN jobs 2022-03-29 10:59:43 +01:00
fanquake
d6c71b0ccf
ci: remove explicit --enable-wallet from msan job
This isn't required to enable sqlite wallets, as support is
automatically detected when sqlite is available.
2022-03-29 10:33:57 +01:00
fanquake
3c3bd90220
test: remove lief install from multiprocess job
This job doesn't run any security / symbol checks, so lief isn't needed.
2022-03-28 10:35:37 +01:00
MarcoFalke
fa6e47d85b
ci: Compile fuzz binary in periodic task 2022-03-25 10:17:14 +01:00
MarcoFalke
999982b06c
build: Add --enable-c++20 option 2022-03-24 11:37:42 +01:00
MarcoFalke
fa43933e3b
ci: Temporarily use clang-13 to work around clang-14 TSan bug 2022-03-15 18:24:16 +01:00
MarcoFalke
e7db4e245a
Merge bitcoin/bitcoin#24164: build: Bump minimum required clang/libc++ to 8.0
fae20e6b50 Revert "Avoid the use of P0083R3 std::set::merge" (MarcoFalke)
fab53b5fd4 ci/doc: Set minimum required clang/libc++ version to 8.0 (MarcoFalke)

Pull request description:

  This is not for 23.0, but for 24.0. It comes with the following benefits:

  * Can use C++17 P0083R3 std::set::merge from libc++ 8.0
  * No longer need to provide support for clang-7, which already fails to compile on some architectures (https://github.com/bitcoin/bitcoin/issues/21294#issuecomment-998098483)

  This should be fine, given that all supported operating systems ship with at least clang-10:

  * CentOS 8: clang-12
  * Stretch: https://packages.debian.org/stretch/clang-11
  * Buster: https://packages.debian.org/buster-backports/clang-11
  * Bionic: https://packages.ubuntu.com/bionic-updates/clang-10
  * Focal: https://packages.ubuntu.com/focal/clang-10

ACKs for top commit:
  fanquake:
    ACK fae20e6b50 - I think this is fine to do. I would be surprised if in another 6 months time someone was stuck on a system we supported, needing to compile Core, and only had access to Clang 7 or older. As mentioned in the PR description, all systems we currently support, already support multiple newer versions of Clang.
  hebasto:
    ACK fae20e6b50, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: 3b4c6c130ff40dd7e84934af076863415e5dd661d823c72e3e3832566c65be6e877a7ef9164bbcf394bcea4b897fc29a48db0f231c22ace0e2c9b5638659a628
2022-03-12 10:37:05 +01:00
Hennadii Stepanov
3a53927f03
ci: Integrate ccache into MSVC build 2022-03-12 03:20:33 +01:00
fanquake
3566353c5e
ci: remove compiled-but-unused BDB from MSAN job
Self-compiled BDB was added to this job as opposed to using depends BDB
due to linking issues, however the compiled BDB is not actually used.
Remove it for now, given we don't actually lose any coverage (note that
BDB is also no used the MSAN fuzz job), and in future, we can use
depends BDB.
2022-03-10 12:48:21 +00:00
MarcoFalke
fa9112aac0
Remove utxo db upgrade code 2022-03-10 13:05:29 +01:00
fanquake
c9ed9927bb
Merge bitcoin/bitcoin#24132: build: Bump minimum Qt version to 5.11.3
956f7322f6 build: Bump minimum Qt version to 5.11.3 (Hennadii Stepanov)
e22d10b936 ci: Switch from bionic to buster (Hennadii Stepanov)

Pull request description:

  The current minimum Qt version is 5.9.5 which has been set in bitcoin/bitcoin#21286.

  Distro support:
  - centos 7 -- unsupported since bitcoin/bitcoin#23511
  - centos 8 -- [5.15.2](http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/qt5-qtbase-5.15.2-3.el8.x86_64.rpm)
  - buster -- [5.11.3](https://packages.debian.org/buster/libqt5core5a)
  - bullseye  -- [5.15.2](https://packages.debian.org/bullseye/libqt5core5a)
  - _bionic_ -- [5.9.5](https://packages.ubuntu.com/bionic/libqt5core5a)
  - focal -- [5.12.8](https://packages.ubuntu.com/focal/libqt5core5a)

  As another Ubuntu LTS is coming soon, it seems unreasonable to stick to Qt 5.9 which support [ended](https://www.qt.io/blog/2017/06/07/renewed-qt-support-services) on 2020-05-31. Anyway, it's still possible to build Bitcoin Core GUI with depends on bionic system.

  Bumping the minimum Qt version allows to make code safer and more reliable, e.g.:
  - functor-parameter overload of [`QMetaObject::invokeMethod`](https://doc.qt.io/qt-5/qmetaobject.html#invokeMethod-4)
  - fixed https://bugreports.qt.io/browse/QTBUG-10907

  An example of the patch using the functor-overload of `QMetaObject::invokeMethod`:
  ```diff
  --- a/src/qt/walletmodel.cpp
  +++ b/src/qt/walletmodel.cpp
  @@ -349,7 +349,7 @@ bool WalletModel::changePassphrase(const SecureString &oldPass, const SecureStri
   static void NotifyUnload(WalletModel* walletModel)
   {
       qDebug() << "NotifyUnload";
  -    bool invoked = QMetaObject::invokeMethod(walletModel, "unload");
  +    bool invoked = QMetaObject::invokeMethod(walletModel, &WalletModel::unload);
       assert(invoked);
   }

  ```
  It uses the same new syntax as signal-slot connection with compile-time check. Also see bitcoin/bitcoin#16348.

  This PR is intended to be merged early [after](https://github.com/bitcoin/bitcoin/issues/22969) branching `23.x` off.

ACKs for top commit:
  MarcoFalke:
    cr ACK 956f7322f6
  fanquake:
    ACK 956f7322f6

Tree-SHA512: 3d652bcdcd990ce785ad412ed70234d4f27743895e535a53ed44b35d4afc3052e066c4c84f417e30bc53d0a3dd9ebed62444c57b7c765cb1e9aa687fbf866877
2022-03-07 14:53:23 +00:00
MarcoFalke
fab53b5fd4
ci/doc: Set minimum required clang/libc++ version to 8.0 2022-03-04 14:13:21 +00:00
MarcoFalke
619f8a27ad
Merge bitcoin/bitcoin#24304: [kernel 0/n] Introduce bitcoin-chainstate
2c03cec2ff ci: Build bitcoin-chainstate (Carl Dong)
095aa6ca37 build: Add example bitcoin-chainstate executable (Carl Dong)

Pull request description:

  Part of: #24303

  This PR introduces an example/demo `bitcoin-chainstate` executable using said library which can print out information about a datadir and take in new blocks on stdin.

  Please read the commit messages for more details.

  -----

  #### You may ask: WTF?! Why is `index/*.cpp`, etc. being linked in?

  This PR is meant only to capture the state of dependencies in our consensus engine as of right now. There are many things to decouple from consensus, which will be done in subsequent PRs. Listing the files out right now in `bitcoin_chainstate_SOURCES` is purely to give us a clear picture of the task at hand, it is **not** to say that these dependencies _belongs_ there in any way.

  ### TODO

  1. Clean up `bitcoin-chainstate.cpp`
     It is quite ugly, with a lot of comments I've left for myself, I should clean it up to the best of my abilities (the ugliness of our init/shutdown might be the upper bound on cleanliness here...)

ACKs for top commit:
  ajtowns:
    ACK 2c03cec2ff
  ryanofsky:
    Code review ACK 2c03cec2ff. Just rebase, comments, formatting change since last review
  MarcoFalke:
    re-ACK 2c03cec2ff 🏔

Tree-SHA512: 86e7fb5718caa577df8abc8288c754f4a590650d974df9d2f6476c87ed25c70f923c4db651c6963f33498fc7a3a31f6692b9a75cbc996bf4888c5dac2f34a13b
2022-03-03 19:31:36 +00:00
laanwj
25290071c4
Merge bitcoin/bitcoin#24397: build: Fix Boost.Process check for Boost 1.73 and older
774323e378 ci: Force `--enable-external-signer` to prevent future regressions (Hennadii Stepanov)
69978858a4 build: Fix Boost.Process check for Boost 1.73 and older (Hennadii Stepanov)
2199ef79cb build: Fix a non-portable use of `test` (Hennadii Stepanov)
d436c488d4 build, refactor: Replace tabs with spaces (Hennadii Stepanov)

Pull request description:

  On master (5f44c5c428) Boost.Process check false fails without the `-lpthread` flag.

  ```
  $ grep -C 2 pthread_detach config.log
  /usr/bin/ld: /tmp/cczCQfQv.o: in function `boost::asio::detail::posix_global_impl<boost::asio::system_context>::~posix_global_impl()':
  conftest.cpp:(.text._ZN5boost4asio6detail17posix_global_implINS0_14system_contextEED2Ev[_ZN5boost4asio6detail17posix_global_implINS0_14system_contextEED5Ev]+0xa3): undefined reference to `pthread_join'
  /usr/bin/ld: conftest.cpp:(.text._ZN5boost4asio6detail17posix_global_implINS0_14system_contextEED2Ev[_ZN5boost4asio6detail17posix_global_implINS0_14system_contextEED5Ev]+0xc4): undefined reference to `pthread_detach'
  collect2: error: ld returned 1 exit status
  configure:26674: $? = 1
  ```

  Not required for Boost 1.74+.

ACKs for top commit:
  laanwj:
    Code review ACK 774323e378, is a bugfix/workaround, seems fine to merge last minute for 23.0.

Tree-SHA512: 2a9d4b67fd8910e107af972d8c223286b7c933bc310616f86c8b6d8c903438916980fc76bd7e37f2698f6ce5361dc706cbf2933d1ac2c081bcabe1b83ca7d6b6
2022-02-28 14:06:16 +01:00
MarcoFalke
f1ce67f09f
Merge bitcoin/bitcoin#19013: test: add v0.20.1, v0.21.0 and v22.0 to backwards compatibility test
24cec4b5c0 test: Fix intermittent test failure in feature_backwards_compatibility (MarcoFalke)
d8b705f1ca test: previous releases: add v22.0 (Sjors Provoost)
40849eebd9 test: bump sandbox argument minimum version (Sjors Provoost)
8a57a06a50 test: previous releases: add v0.21.0 (Sjors Provoost)
8cba75f5fd test: v0.20.1 backwards compatibility (Sjors Provoost)
0e4b695b6a test: backwards compatibility: misc fixes (Sjors Provoost)
76557cbe4c test: Remove i686 from test/get_previous_releases.py (MarcoFalke)

Pull request description:

  This also simplifies the tests a bit.

ACKs for top commit:
  ryanofsky:
    Code review ACK 24cec4b5c0. Only change since last review is rebasing and adding comment and whitelist args.

Tree-SHA512: 85a603ddd70fd8f0180d00fb84eb2ad2f92d6199b7d3f7c1abd660bfba53f869faf40f1a4183a8ce15dbd496ee3132d879c1258651c9d443ece69e5fe328bd26
2022-02-24 17:42:28 +01:00
Hennadii Stepanov
774323e378
ci: Force --enable-external-signer to prevent future regressions 2022-02-22 14:27:30 +02:00
fanquake
2ab4fbe375
Merge bitcoin/bitcoin#24292: Revert "ci: Run fuzzer task for the master branch only"
fa27745ccb ci: Bump fuzz tasks to jammy (MarcoFalke)
fab8cd5f87 Revert "ci: Run fuzzer task for the master branch only" (MarcoFalke)

Pull request description:

  This reverts commit 5a9e255e5a.

  I think we should attempt to maintain the fuzz tasks for release branches as well.

  If it is too difficult for one branch, it could make sense to disable it for that branch, but not for all branches unconditionally.

  Also, bump to jammy.

ACKs for top commit:
  fanquake:
    ACK fa27745ccb - we'll see how we go with the 23.x release branch.

Tree-SHA512: d6d08e7dce0884b556c51ff1896aebbbb5a805c22decd58af81a04192d19876978696017b489ec55886ddfd5c022963baaab5f11022369ae5291016826ff8017
2022-02-21 13:12:36 +00:00
MarcoFalke
3de5fcc94f
Merge bitcoin/bitcoin#24296: ci: use Ubuntu Jammy for Windows cross-compilation CI
a1515cdd96 ci: use Ubuntu Jammy for Windows CI (fanquake)

Pull request description:

  This means we'll compile using [GCC 10.3.x](https://packages.ubuntu.com/jammy/g++-mingw-w64) and [mingw-w64 8.0.0](https://packages.ubuntu.com/jammy/mingw-w64) which better matches our Guix release environment.

ACKs for top commit:
  MarcoFalke:
    cr ACK a1515cdd96
  hebasto:
    ACK a1515cdd96, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: a57cce1874324c9dd00e5d8989996d214facbdd561440471c15e6cc1808bca1c6fd758abe7a1b87378b2e7f9c25e7c9d8242df911cd1ef6cfbe49718adc3be5d
2022-02-21 07:55:36 +01:00
fanquake
a1515cdd96
ci: use Ubuntu Jammy for Windows CI
This means we'll compile using GCC 10.3.x and mingw-w64 8.0.0 which
better matches our Guix release environment.
2022-02-18 15:19:05 +00:00
fanquake
7e02adf78d
ci: add missing sqlite_cflags to MSAN fuzz job
These are present in the other MSAN job.
2022-02-18 14:10:59 +00:00
fanquake
54d817c5b9
ci: remove boost_cxxflags from MSAN CIs
No-longer needed after #24301.
2022-02-18 14:07:55 +00:00
Carl Dong
2c03cec2ff ci: Build bitcoin-chainstate
...to make sure that the linker errors that arise from coupling
regressions are caught by CI.

Adding to the "no wallet" ci job as suggested by MarcoFalke.
2022-02-14 14:54:01 -05:00
fanquake
39e66e938f
build: use header-only Boost unit test 2022-02-13 20:59:02 +00:00
MarcoFalke
fa27745ccb
ci: Bump fuzz tasks to jammy
This gives them a newer clang version, which may have more sanitizers
available.
2022-02-08 20:23:21 +01:00
Hennadii Stepanov
e22d10b936
ci: Switch from bionic to buster
This change is a prerequisite for the following bumping Qt minimum
version to 5.11.3. It is required as bionic has Qt 5.9.5.

Effectively, this also changes:
- gcc from 8.4.0 to 8.3.0
- python from 3.6.5 to 3.7.3
2022-02-05 23:53:37 +02:00
MarcoFalke
fa4b61911d
test: Remove unused valgrind suppressions 2022-02-04 16:35:15 +01:00
MarcoFalke
faccb2d7fe
test: Exclude broken feature_init for now 2022-02-04 16:33:36 +01:00
fanquake
07269321f3
build: remove Boost::system usage 2022-02-03 18:35:52 +08:00
Kiminuo
b87f9c5edf
build: remove boost::filesystem usage 2022-02-03 18:35:52 +08:00
Hennadii Stepanov
0bbae237a8
ci: Drop no longer needed update-alternatives 2022-02-02 19:29:01 +02:00
MarcoFalke
fafc55a489
ci: Use dash when building depends in centos build 2022-02-01 10:15:17 +01:00
MarcoFalke
fa33236e77
scripted-diff: Rename DOCKER_EXEC to CI_EXEC
-BEGIN VERIFY SCRIPT-
 sed -i "s/DOCKER_EXEC/CI_EXEC/g" $(git grep -l DOCKER_EXEC)
-END VERIFY SCRIPT-
2022-02-01 10:14:53 +01:00
MarcoFalke
fa5457e64a
ci: Bump CentOS 8 image 2022-02-01 10:13:25 +01:00
fanquake
446e73cc0b
build: use macOS 11 SDK (Xcode 12.2)
This should be sufficient to support building for Apple ARM when
cross-compiling.
2022-01-26 17:28:16 +08:00
fanquake
e2ab9f83f8
build: disable external signer on Windows 2022-01-15 10:02:04 +08:00
MarcoFalke
95833c012e
Merge bitcoin/bitcoin#23938: ci: Clone entire bitcoin-core/qa-assets repo only when run fuzzing
0b7c55f157 ci: Clone entire bitcoin-core/qa-assets repo only when run fuzzing (Hennadii Stepanov)

Pull request description:

  This PR speeds up CI tasks that run unit tests but do not run fuzzing.

  On my machine:
  ```
  $ time git clone --depth=1 https://github.com/bitcoin-core/qa-assets
  Cloning into 'qa-assets'...
  remote: Enumerating objects: 289750, done.
  remote: Counting objects: 100% (289750/289750), done.
  remote: Compressing objects: 100% (207687/207687), done.
  remote: Total 289750 (delta 16863), reused 275449 (delta 12092), pack-reused 0
  Receiving objects: 100% (289750/289750), 1.39 GiB | 4.79 MiB/s, done.
  Resolving deltas: 100% (16863/16863), done.
  Updating files: 100% (294515/294515), done.

  real7m43,417s
  user2m39,771s
  sys0m43,272s
  ```

ACKs for top commit:
  MarcoFalke:
    cr ACK 0b7c55f157

Tree-SHA512: 8f8dd63e361c3d9c64a2b31f207f59beea7d2e4142363f7762ec724a61152323fda0c6b98a36386e15f2ca4ef3f7412da763baef65e862fc7f48cdeda8c40e09
2022-01-06 17:15:17 +01:00
Hennadii Stepanov
0b7c55f157
ci: Clone entire bitcoin-core/qa-assets repo only when run fuzzing 2022-01-06 16:23:48 +02:00
fanquake
e09773d20a
build: use a static .tiff for macOS .dmg over generating
Co-authored-by: Pavol Rusnak <pavol@rusnak.io>
2022-01-02 15:38:19 +08:00
MarcoFalke
623745ca74
Merge bitcoin/bitcoin#23912: Insert and bump copyright headers
1362d6173f scripted-diff: Insert missed copyright headers (Hennadii Stepanov)
f47dda2c58 scripted-diff: Bump copyright headers (Hennadii Stepanov)
c29105efdc script: Fix copyright_header.py (Hennadii Stepanov)

Pull request description:

  This PR is an alternative to #23903.

  It bumps the existing copyright headers as we did every year, and adds the missed copyright headers.

  A small fix has been applied to the `copyright_header.py` in order to prevent such weird bumping as `2021` --> `2021-2017`.

ACKs for top commit:
  MarcoFalke:
    ACK 1362d6173f

Tree-SHA512: 204d970fe8c51546b26b8f03fe4297db8a9bef5101df851540b7b9eddbd3a09677ee81fdd882c60937d732407f42c9883165bd978272200cff8f90190f075905
2021-12-31 12:08:49 +01:00
Hennadii Stepanov
f47dda2c58
scripted-diff: Bump copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-

Commits of previous years:
* 2020: fa0074e2d8
* 2019: aaaaad6ac9
2021-12-30 19:36:57 +02:00
Hennadii Stepanov
ec7b7d4a36
ci: Enable the gui in the TSan build 2021-12-30 10:53:19 +02:00
fanquake
2da97b271b
ci: use GCC 8 when building packages in native_qt5 CI
Our minimum required GCC is GCC 8, and this change in required for
changes like #23839 which take advantage of flags introduced in that
version of GCC.

This should have been included as part of
182de7ba10.
2021-12-23 10:53:02 +08:00
MarcoFalke
fa6a548f54
ci: Disable s390x gui tests for now 2021-12-17 17:09:51 +01:00
Sjors Provoost
d8b705f1ca
test: previous releases: add v22.0 2021-12-16 12:41:45 +07:00
Sjors Provoost
8a57a06a50
test: previous releases: add v0.21.0 2021-12-16 12:41:44 +07:00
fanquake
1b76b18f8a
Merge bitcoin/bitcoin#23585: scripted-diff: Drop Darwin version for better maintainability
2f356a0ca8 scripted-diff: Drop Darwin version for better maintainability (Hennadii Stepanov)

Pull request description:

  After this PR, any macOS tools version bumping in the future will touch fewer files in the repo.

  Pointing a Darwin version for the `--host` system does not matter for the following reasons:

  - in terms of the resulted binaries, we should only care about the minimum supported macOS version which is a separated parameter in our build system.

  - in terms of the build system itself, the usage of the `$(host)` variable is self-consistent enough. Btw `$(host_os)` value already has the version dropped:
  ```
  $ make -C depends --no-print-directory print-host_os HOST=x86_64-apple-darwin19
  host_os=darwin
  ```

ACKs for top commit:
  gruve-p:
    ACK 2f356a0ca8
  promag:
    ACK 2f356a0ca8.
  fanquake:
    ACK 2f356a0ca8

Tree-SHA512: 374896ab0ba02b0d8b4b21431fe963bd213b0d09586e0898c13a4c5fa294c1b693f1b2c92880c245c4157c14217b4825b36522f461930477f4d2a727086ebb2a
2021-12-09 16:13:33 +08:00
Hennadii Stepanov
78a6bc6919
build, qt: Use Android NDK r23 LTS 2021-12-05 03:00:02 +02:00
Hennadii Stepanov
3ad5ace351
ci: Revamp Android SDK cache, and update it timely 2021-11-25 21:23:34 +02:00
Hennadii Stepanov
e988bc7f2e
ci: Make macOS SDK cache independent, and update it timely 2021-11-25 20:39:07 +02:00
Hennadii Stepanov
2f356a0ca8
scripted-diff: Drop Darwin version for better maintainability
-BEGIN VERIFY SCRIPT-
sed -i 's/darwin19/darwin/g' $(git grep --files-with-matches 'darwin19')
-END VERIFY SCRIPT-
2021-11-25 01:12:46 +02:00
fanquake
ad09c287cb
Merge bitcoin/bitcoin#23504: ci: Replace soon EOL hirsute with jammy
fafa66e424 ci: Replace soon EOL hirsute with jammy (MarcoFalke)

Pull request description:

  `hirsute` will be EOL in about 1.5 months, at which point the package servers may be shut down. Avoid this by hopping to the next LTS release 22.04 (Jammy Jellyfish).

  While the release is currently in development, it seems unlikely that anything will break for us. I am doing the hirsute->jammy hop to avoid a hirsute->impish->jammy hop, but if anything does break, we can fall back to that "double hop".

ACKs for top commit:
  fanquake:
    ACK fafa66e424
  Zero-1729:
    crACK fafa66e424

Tree-SHA512: a3626b72519c7f54f260477d04265321af7aefe25cc2a7d653dba77f79caca10db3a6aa4249a934184dcdc99832f6b4c6e50330d7630e58720ab0aba3624ab8a
2021-11-16 16:11:13 +08:00
Hennadii Stepanov
fe0ff569ea
test: Enable SC2046 shellcheck rule 2021-11-13 18:05:26 +02:00
Hennadii Stepanov
9a1ad7bc0d
test: Enable SC2086 shellcheck rule 2021-11-13 16:54:56 +02:00
MarcoFalke
fafa66e424
ci: Replace soon EOL hirsute with jammy 2021-11-13 11:19:36 +01:00
fanquake
c1fb30633b
Merge bitcoin/bitcoin#23114: Add minisketch subtree and integrate into build/test
29173d6c6c ubsan: add minisketch exceptions (Cory Fields)
54b5e1aeab Add thin Minisketch wrapper to pick best implementation (Pieter Wuille)
ee9dc71c1b Add basic minisketch tests (Pieter Wuille)
0659f12b13 Add minisketch dependency (Gleb Naumenko)
0eb7928ab8 Add MSVC build configuration for libminisketch (Pieter Wuille)
8bc166d5b1 build: add minisketch build file and include it (Cory Fields)
b2904ceb85 build: add configure checks for minisketch (Cory Fields)
b6487dc4ef Squashed 'src/minisketch/' content from commit 89629eb2c7 (fanquake)

Pull request description:

  This takes over #21859, which has [recently switched](https://github.com/bitcoin/bitcoin/pull/21859#issuecomment-921899200) to my integration branch. A few more build issues came up (and have been fixed) since, and after discussing with sipa it was decided I would open a PR to shepherd any final changes through.

  > This adds a `src/minisketch` subtree, taken from the master branch of https://github.com/sipa/minisketch, to prepare for Erlay implementation (see #21515). It gets configured for just supporting 32-bit fields (the only ones we're interested in in the context of Erlay), and some code on top is added:
  > * A very basic unit test (just to make sure compilation & running works; actual correctness checking is done through minisketch's own tests).
  > * A wrapper in `minisketchwrapper.{cpp,h}` that runs a benchmark to determine which field implementation to use.

  Only changes since my last update to the branch in the previous PR have been rebasing on master and fixing an issue with a header in an introduced file.

ACKs for top commit:
  naumenkogs:
    ACK 29173d6c6c

Tree-SHA512: 1217d3228db1dd0de12c2919314e1c3626c18a416cf6291fec99d37e34fb6eec8e28d9e9fb935f8590273b8836cbadac313a15f05b4fd9f9d3024c8ce2c80d02
2021-11-12 10:00:49 +08:00
Hennadii Stepanov
15fb57556e
ci: Enable ccache for "ARM64 Android APK" job 2021-11-08 07:19:21 +02:00
MarcoFalke
11115169a1
ci: Build fuzz with libsqlite3-dev 2021-10-28 13:32:47 +01:00
Gleb Naumenko
0659f12b13
Add minisketch dependency 2021-10-21 09:38:55 +08:00
MarcoFalke
fa44406ffd
ci: Disable syscall sandbox in valgrind functional tests 2021-10-20 21:06:10 +02:00
fanquake
a7f28af437
Merge bitcoin/bitcoin#22646: build: tighter Univalue integration, remove --with-system-univalue
0f95247246 Integrate univalue into our buildsystem (Cory Fields)
9b49ed656f Squashed 'src/univalue/' changes from 98fadc0909..a44caf65fe (fanquake)

Pull request description:

  This PR more tightly integrates building Univalue into our build system. This follows the same approach we use for [LevelDB](https://github.com/bitcoin-core/leveldb/), ([`Makefile.leveldb.include`](https://github.com/bitcoin/bitcoin/blob/master/src/Makefile.leveldb.include)), and [CRC32C](https://github.com/bitcoin-core/crc32c) ([`Makefile.crc32c.include`](https://github.com/bitcoin/bitcoin/blob/master/src/Makefile.crc32c.include)), and will be the same approach we use for [minisketch](https://github.com/sipa/minisketch); see #23114.

  This approach yields a number of benefits, including:
  * Faster configuration due to one less subconfigure being run during `./configure` i.e 22s with this PR vs 26s
  * Faster autoconf i.e 13s with this PR vs 17s
  * Improved caching
  * No more issues with compiler flags i.e https://github.com/bitcoin/bitcoin/pull/12467
  * More direct control means we can build exactly the objects we want

  There might be one argument against making this change, which is that builders should have the option to use "proper shared/system libraries". However, I think that falls down for a few reasons. The first being that we already don't support building with a number of system libraries (secp256k1, leveldb, crc32c); some for good reason. Univalue is really the odd one out at the moment.

  Note that the only fork of Core I'm aware of, that actively patches in support for using system libs, also explicitly marks them as ["DANGEROUS"](a886811721/configure.ac (L1430)) and ["NOT SUPPORTED"](a886811721/configure.ac (L1312)). So it would seem they exist more to satisfy a distro requirement, as opposed to something that anyone should, or would actually use in practice.

  PRs like #22412 highlight the "issue" with us operating with our own Univalue fork, where we actively fix bugs, and make improvements, when upstream (https://github.com/jgarzik/univalue) may not be taking those improvements, and by all accounts, is not currently actively maintained. Bitcoin Core should not be hamstrung into not being able to fix bugs in a library, and/or have to litter our source with "workarounds", i.e #22412, for bugs we've already fixed, based on the fact that an upstream project is not actively being maintained. Allowing builders to use system libs is really only exacerbating this problem, with little benefit to our project. Bitcoin Core is not quite like your average piece of distro packaged software.

  There is the potential for us to give the same treatment to libsecp256k1, however it seems doing that is currently less straightforward.

ACKs for top commit:
  dongcarl:
    ACK 0f95247246 less my comment above, always nice to have an include-able `sources.mk` which makes integration easier.
  theuni:
    ACK 0f95247246. Thanks fanquake for keeping this going.

Tree-SHA512: a7f2e41ee7cba06ae72388638e86b264eca1b9a8b81c15d1d7b45df960c88c3b91578b4ade020f8cc61d75cf8d16914575f9a78fa4cef9c12be63504ed804b99
2021-10-20 11:01:38 +08:00
Hennadii Stepanov
67bb6b5c43
ci, refactor: Disable binaries for Android task explicitly
No behavior change.
2021-10-15 15:00:04 +02:00
Cory Fields
0f95247246
Integrate univalue into our buildsystem
This addresses issues like the one in #12467, where some of our compiler flags
end up being dropped during the subconfigure of Univalue. Specifically, we're
still using the compiler-default c++ version rather than forcing c++17.

We can drop the need subconfigure completely in favor of a tighter build
integration, where the sources are listed separately from the build recipes,
so that they may be included directly by upstream projects. This is
similar to the way leveldb build integration works in Core.

Core benefits of this approach include:
- Better caching (for ex. ccache and autoconf)
- No need for a slow subconfigure
- Faster autoconf
- No more missing compile flags
- Compile only the objects needed

There are no benefits to Univalue itself that I can think of. These changes
should be a no-op there, and to downstreams as well until they take advantage
of the new sources.mk.

This also removes the option to use an external univalue to avoid similar ABI
issues with mystery binaries.

Co-authored-by: fanquake <fanquake@gmail.com>
2021-10-11 20:46:25 +08:00
W. J. van der Laan
9e530c6352
Merge bitcoin/bitcoin#20487: Add syscall sandboxing using seccomp-bpf (Linux secure computing mode)
4747da3a5b Add syscall sandboxing (seccomp-bpf) (practicalswift)

Pull request description:

  Add experimental syscall sandboxing using seccomp-bpf (Linux secure computing mode).

  Enable filtering of system calls using seccomp-bpf: allow only explicitly allowlisted (expected) syscalls to be called.

  The syscall sandboxing implemented in this PR is an experimental feature currently available only under Linux x86-64.

  To enable the experimental syscall sandbox the `-sandbox=<mode>` option must be passed to `bitcoind`:

  ```
    -sandbox=<mode>
         Use the experimental syscall sandbox in the specified mode
         (-sandbox=log-and-abort or -sandbox=abort). Allow only expected
         syscalls to be used by bitcoind. Note that this is an
         experimental new feature that may cause bitcoind to exit or crash
         unexpectedly: use with caution. In the "log-and-abort" mode the
         invocation of an unexpected syscall results in a debug handler
         being invoked which will log the incident and terminate the
         program (without executing the unexpected syscall). In the
         "abort" mode the invocation of an unexpected syscall results in
         the entire process being killed immediately by the kernel without
         executing the unexpected syscall.
  ```

  The allowed syscalls are defined on a per thread basis.

  I've used this feature since summer 2020 and I find it to be a helpful testing/debugging addition which makes it much easier to reason about the actual capabilities required of each type of thread in Bitcoin Core.

  ---

  Quick start guide:

  ```
  $ ./configure
  $ src/bitcoind -regtest -debug=util -sandbox=log-and-abort
  …
  2021-06-09T12:34:56Z Experimental syscall sandbox enabled (-sandbox=log-and-abort): bitcoind will terminate if an unexpected (not allowlisted) syscall is invoked.
  …
  2021-06-09T12:34:56Z Syscall filter installed for thread "addcon"
  2021-06-09T12:34:56Z Syscall filter installed for thread "dnsseed"
  2021-06-09T12:34:56Z Syscall filter installed for thread "net"
  2021-06-09T12:34:56Z Syscall filter installed for thread "msghand"
  2021-06-09T12:34:56Z Syscall filter installed for thread "opencon"
  2021-06-09T12:34:56Z Syscall filter installed for thread "init"
  …
  # A simulated execve call to show the sandbox in action:
  2021-06-09T12:34:56Z ERROR: The syscall "execve" (syscall number 59) is not allowed by the syscall sandbox in thread "msghand". Please report.
  …
  Aborted (core dumped)
  $
  ```

  ---

  [About seccomp and seccomp-bpf](https://en.wikipedia.org/wiki/Seccomp):

  > In computer security, seccomp (short for secure computing mode) is a facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), and read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
  >
  > […]
  >
  > seccomp-bpf is an extension to seccomp that allows filtering of system calls using a configurable policy implemented using Berkeley Packet Filter rules. It is used by OpenSSH and vsftpd as well as the Google Chrome/Chromium web browsers on Chrome OS and Linux. (In this regard seccomp-bpf achieves similar functionality, but with more flexibility and higher performance, to the older systrace—which seems to be no longer supported for Linux.)

ACKs for top commit:
  laanwj:
    Code review and lightly tested ACK 4747da3a5b

Tree-SHA512: e1c28e323eb4409a46157b7cc0fc29a057ba58d1ee2de268962e2ade28ebd4421b5c2536c64a3af6e9bd3f54016600fec88d016adb49864b63edea51ad838e17
2021-10-04 22:45:43 +02:00
practicalswift
4747da3a5b Add syscall sandboxing (seccomp-bpf) 2021-10-01 13:51:10 +00:00
fanquake
182de7ba10
ci: update minimum compiler requirements for std::filesystem 2021-09-22 18:18:19 +08:00
fanquake
8f022a59b8
Merge bitcoin/bitcoin#22993: build: set OSX_MIN_VERSION to 10.15
a43b8e9555 build: set OSX_MIN_VERSION to 10.15 (fanquake)

Pull request description:

  Taken out of #20744, as splitting up some of the build changes was mentioned [here](https://github.com/bitcoin/bitcoin/pull/22937#discussion_r707303172).

  This is required to use `std::filesystem` on macOS, as support for it only landed in the libc++.dylib shipped with 10.15. So if we want to move to using `std::filesystem` for `23.0`, this bump is required.

  See also: https://developer.apple.com/documentation/xcode-release-notes/xcode-11-release-notes

  > Clang now supports the C++17 \<filesystem\> library for iOS 13, macOS 10.15, watchOS 6, and tvOS 13.

  macOS 10.15 was released in October 2019. macOS OS's seem to have a life of about 3 years, so it's possible that 10.14 will become officially unsupported by the end of 2021 and prior to the release of 23.0.

  Guix builds:
  ```bash
  bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
  abc8b749be65f1339dcdf44bd1ed6ade2533b8e3b5030ad1dde0ae0cede78136  guix-build-a43b8e955558/output/dist-archive/bitcoin-a43b8e955558.tar.gz
  1edcc301eb4c02f3baa379beb8d4c78e661abc24a293813bc9d900cf7255b790  guix-build-a43b8e955558/output/x86_64-apple-darwin19/SHA256SUMS.part
  e9dbb5594a664519da778dde9ed861c3f0f631525672e17a67eeda599f16ff44  guix-build-a43b8e955558/output/x86_64-apple-darwin19/bitcoin-a43b8e955558-osx-unsigned.dmg
  11b23a17c630dddc7594c25625eea3de42db50f355733b9ce9ade2d8eba3a8f3  guix-build-a43b8e955558/output/x86_64-apple-darwin19/bitcoin-a43b8e955558-osx-unsigned.tar.gz
  257ba64a327927f94d9aa0a68da3a2695cf880b3ed1a0113c5a966dcc426eb5e  guix-build-a43b8e955558/output/x86_64-apple-darwin19/bitcoin-a43b8e955558-osx64.tar.gz
  ```

ACKs for top commit:
  hebasto:
    ACK a43b8e9555
  jarolrod:
    ACK a43b8e9

Tree-SHA512: 9ac77be7cb56c068578860a3b2b8b7487c9e18b71b14aedd77a9c663f5d4bb19756d551770c02ddd12f1797beea5757b261588e7b67fb53509bb998ee8022369
2021-09-21 15:37:12 +08:00
MarcoFalke
fa660de2ac
ci: Update valgrind config
* Set missing DOCKER_NAME_TAG
* Update TEST_RUNNER_EXTRA
2021-09-17 12:54:48 +02:00
MarcoFalke
fad5dbc13c
ci: Update s390x config
* Bump to debian:bookworm to avoid crash in the zmq functional test
  (bitcoind: line 2: 33011 Illegal instruction     (core dumped)
  qemu-s390x)
* Remove RUN_UNIT_TESTS=true, because it is the default
* Add TEST_RUNNER_EXTRA --exclude to skip failing tests
2021-09-17 12:47:32 +02:00
W. J. van der Laan
698b4b8fac
Merge bitcoin/bitcoin#22930: build: remove glibc back compat
76630cbfb9 doc: add glibc to dependencies.md (fanquake)
a907704e7f compat: remove glibc_compat.cpp (fanquake)
62e45da945 build: remove glibc-back-compat from build system (fanquake)
2ef0accefc remove --enable-glibc-back-compat from CI and docs (fanquake)

Pull request description:

  This removes our glibc backwards compatibility code (glibcxx sanity checks remain), which is [no-longer used for release builds](https://github.com/bitcoin/bitcoin/pull/22405).

  With these changes our minimum required glibc remains at 2.17, as Guix builds [are done with `--disable-thread-local`](d2dd1697ce/contrib/guix/libexec/build.sh (L242)).

  Guix builds:
  ```bash
  d9024376ac06b836800b942fcbe8a6454866ded652e41c43d605255f840e8183  guix-build-76630cbfb924/output/aarch64-linux-gnu/SHA256SUMS.part
  bea9607f111b7a501e2410e59ccfca6f83ea075edb299d2f9b878860a4f1ad50  guix-build-76630cbfb924/output/aarch64-linux-gnu/bitcoin-76630cbfb924-aarch64-linux-gnu-debug.tar.gz
  b41d7eaec5b598f146ead32a40c0e2281d22138c02a7000fb154fe8ff341ab9d  guix-build-76630cbfb924/output/aarch64-linux-gnu/bitcoin-76630cbfb924-aarch64-linux-gnu.tar.gz
  9ec0e1b2cd4ca55d5c12354325d7c4552333f1bad7e620db247eb24e15500210  guix-build-76630cbfb924/output/arm-linux-gnueabihf/SHA256SUMS.part
  dbb3e92a3b7d6460e0d5319f49c91eb65593d8604807c1b3084c9d657b198271  guix-build-76630cbfb924/output/arm-linux-gnueabihf/bitcoin-76630cbfb924-arm-linux-gnueabihf-debug.tar.gz
  ff2fa70b01f92b9fba9f0216deebc3e511d84ff93a7316f6766a405160a20483  guix-build-76630cbfb924/output/arm-linux-gnueabihf/bitcoin-76630cbfb924-arm-linux-gnueabihf.tar.gz
  486586b4f3e81855a52e5410127b92f6dde9d1eede2720de260b13552a4b4823  guix-build-76630cbfb924/output/dist-archive/bitcoin-76630cbfb924.tar.gz
  466ccc848c39c0ca85c4575c2bfcd1bc7aba2caa5ba8a42147cce60be5120bf6  guix-build-76630cbfb924/output/powerpc64-linux-gnu/SHA256SUMS.part
  4c739da127df3738e993dcef48ec8f005b7d7938060197c718e771cdd18c2087  guix-build-76630cbfb924/output/powerpc64-linux-gnu/bitcoin-76630cbfb924-powerpc64-linux-gnu-debug.tar.gz
  2294fc23c170d63fc03085d56ba8653e3cf0cff15c8bd5680faa7b7552e1db07  guix-build-76630cbfb924/output/powerpc64-linux-gnu/bitcoin-76630cbfb924-powerpc64-linux-gnu.tar.gz
  7be025478c51a1ba7884a7c2f090a1311651fc218d706051b1830cbc4e82ee4d  guix-build-76630cbfb924/output/powerpc64le-linux-gnu/SHA256SUMS.part
  30600ad6d9bfe70b68a2a4bedc733b56b26232a45d4491b1a6fa30b76cd3f690  guix-build-76630cbfb924/output/powerpc64le-linux-gnu/bitcoin-76630cbfb924-powerpc64le-linux-gnu-debug.tar.gz
  70528805fae16b95d1df46011511ca1c2616fb89422c0164e30d02fa0193b6a1  guix-build-76630cbfb924/output/powerpc64le-linux-gnu/bitcoin-76630cbfb924-powerpc64le-linux-gnu.tar.gz
  20f4daaa095803e9c34ed8b119f948e3e61d03b4d5814e4b15ca285c2ba5a109  guix-build-76630cbfb924/output/riscv64-linux-gnu/SHA256SUMS.part
  6f969d6b6561ea87d1e54a3a643640da54e4e33d2470dbc607ad27f3a87a0f1d  guix-build-76630cbfb924/output/riscv64-linux-gnu/bitcoin-76630cbfb924-riscv64-linux-gnu-debug.tar.gz
  7c1e925d199d21781c96e9ee8d63d5eac995cbe2574ccedd81c0938531f694c1  guix-build-76630cbfb924/output/riscv64-linux-gnu/bitcoin-76630cbfb924-riscv64-linux-gnu.tar.gz
  d0f13a7a9fcd95669cbab3b637940c2014632405037959989768ec2ffa7fd861  guix-build-76630cbfb924/output/x86_64-apple-darwin18/SHA256SUMS.part
  ff23fbdd72fd42140bf11773866061cd5571b66d65bbd769b1345969d195b7ce  guix-build-76630cbfb924/output/x86_64-apple-darwin18/bitcoin-76630cbfb924-osx-unsigned.dmg
  1b51f4a7611b85d4f599291f42887643ddd59babfc6fb71284793123d8a6be33  guix-build-76630cbfb924/output/x86_64-apple-darwin18/bitcoin-76630cbfb924-osx-unsigned.tar.gz
  e0dc9be66c3dc9ba30c5224cf0499ef02b3b7e213081561a6d57d5cc76b3e9a7  guix-build-76630cbfb924/output/x86_64-apple-darwin18/bitcoin-76630cbfb924-osx64.tar.gz
  ae3fb0320a0f39dae48354fe74f3d071b16b33920b3b7b27244658439fdfbc93  guix-build-76630cbfb924/output/x86_64-linux-gnu/SHA256SUMS.part
  9545ccf26a930a3f876058bb0c4965e1320a354ee2d9ce27d95f8bdd2e8679a6  guix-build-76630cbfb924/output/x86_64-linux-gnu/bitcoin-76630cbfb924-x86_64-linux-gnu-debug.tar.gz
  4827206220eaa2b36ebb44b68035c6bda0cec0c2f1b27c08b8349f2f7b3f56d5  guix-build-76630cbfb924/output/x86_64-linux-gnu/bitcoin-76630cbfb924-x86_64-linux-gnu.tar.gz
  c2ad3ed62b2ac41a25a43e1c38869a588bf93853cae4502880adf0b66ce30369  guix-build-76630cbfb924/output/x86_64-w64-mingw32/SHA256SUMS.part
  a88ee3a0cb715d32cf12cb164d8fe4d9c4c810cc417426f3aacc4e7f08460271  guix-build-76630cbfb924/output/x86_64-w64-mingw32/bitcoin-76630cbfb924-win-unsigned.tar.gz
  7673ac8df641d185ea7a150ed27eeee9645168e126d186c6ae935eefdff9edae  guix-build-76630cbfb924/output/x86_64-w64-mingw32/bitcoin-76630cbfb924-win64-debug.zip
  b90d243d292d1b603d744639e5061917035bd8fba6acd0bb61f10479a200f5aa  guix-build-76630cbfb924/output/x86_64-w64-mingw32/bitcoin-76630cbfb924-win64-setup-unsigned.exe
  fe69d000da647e0fb7ab19252149be4b45af742223b4c37630200b1d5b43de33  guix-build-76630cbfb924/output/x86_64-w64-mingw32/bitcoin-76630cbfb924-win64.zip
  ```

ACKs for top commit:
  laanwj:
    Code review ACK 76630cbfb9

Tree-SHA512: 6bd1e344f0f37cfb0017fb8b2b0eee41c6a043f23f8ccb2ad1d59e7f2a47f4b84fe431d7d059c409b63263a0af38be955961c4b2ba7b03538f77a0597abb7880
2021-09-16 19:03:42 +02:00
fanquake
a43b8e9555
build: set OSX_MIN_VERSION to 10.15
This is required to use std::filesystem on macOS as support for it only
landed in the libc++ dylib shipped with 10.15.

See also: https://developer.apple.com/documentation/xcode-release-notes/xcode-11-release-notes

Clang now supports the C++17 <filesystem> library for iOS 13, macOS 10.15, watchOS 6, and tvOS 13.
2021-09-16 17:50:19 +08:00
fanquake
252d1a70fb
ci: use Debian Bullseye in ARM CI
This works around an issue when trying to use `std::filesystem::remove_all`
with the ARM GCC on Buster. Has been split out of #20744.

See comments starting here:
https://github.com/bitcoin/bitcoin/pull/20744#issuecomment-810279549.
Also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93201.
2021-09-16 16:01:31 +08:00
fanquake
2ef0accefc
remove --enable-glibc-back-compat from CI and docs 2021-09-10 11:18:58 +08:00
MarcoFalke
fae0295a79
ci: Switch multiprocess to i686 build 2021-09-08 20:17:04 +02:00
MarcoFalke
e567dd53d1
Merge bitcoin/bitcoin#22841: ci: Fuzz with -ftrivial-auto-var-init=pattern
fa0a5fa744 ci: Fuzz with -ftrivial-auto-var-init=pattern (MarcoFalke)

Pull request description:

  This makes memory bugs deterministic. `-ftrivial-auto-var-init=pattern` is incompatible with other memory sanitizers (like valgrind and msan), but that is irrelevant here, because the address sanitizer in this fuzz CI config is already incompatible with them.

  `-ftrivial-auto-var-init=pattern` goes well with `-fsanitize=bool` and `-fsanitize=enum`, but those are already enabled via `-fsanitize=undefined`. See  https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#available-checks

ACKs for top commit:
  practicalswift:
    cr ACK fa0a5fa744

Tree-SHA512: ed6be953cd99eadb1ba245ba30170747eff66be54d2773c8d26a3a6aee0fdcd6967c596f4f4ab1d238de6a6526623dac5211f0ba77f1986639395d7921bdc19f
2021-09-06 09:59:50 +02:00
MarcoFalke
fa0a5fa744
ci: Fuzz with -ftrivial-auto-var-init=pattern 2021-08-31 13:42:28 +02:00
fanquake
ab9c34237a
release: remove gitian 2021-08-31 09:37:23 +08:00
W. J. van der Laan
19364c0ddf
Merge bitcoin/bitcoin#20586: Fix Windows build with --enable-werror
b367745cfe ci: Make Cirrus CI Windows build with --enable-werror (Hennadii Stepanov)
c713bb2b24 Fix Windows build with --enable-werror on Ubuntu Focal (Hennadii Stepanov)

Pull request description:

  This PR makes possible to cross-compile Windows build with `--enable-werror --enable-suppress-external-warnings`.
  Some problems are fixed, others are silenced.

  Also `--enable-werror` is enabled for Cirrus CI Windows build (the last one on Cirrus CI without `--enable-werror`).

ACKs for top commit:
  practicalswift:
    cr ACK b367745cfe: patch looks correct
  laanwj:
    Code review ACK b367745cfe
  vasild:
    ACK b367745cfe
  jarolrod:
    ACK b367745cfe

Tree-SHA512: 64f5c99b7dad4c0efce80cd45d7074f275bd8411235dc9e0841287bdab64b812c6f8f9d632c35531d0b8210148531f53aaaac77be7699b29d2d6aaae304dbee0
2021-08-27 08:31:45 +02:00
Hennadii Stepanov
acaac6e86a
ci: Bump Android NDK to r22 which supports std::filesystem 2021-07-18 12:10:28 +03:00
MarcoFalke
531c2b7c04
Merge bitcoin/bitcoin#20354: test: Add feature_taproot.py --previous_release
fa80e10d94 test: Add feature_taproot.py --previous_release (MarcoFalke)
85ccffa266 test: move releases download incantation to README (Sjors Provoost)
29d6b1da2a test: previous releases: add v0.20.1 (Sjors Provoost)

Pull request description:

  Disabling the new consensus code at runtime is fine, but potentially fragile and incomplete. Fix that by giving the option to run with a version that has been compiled without any taproot code.

ACKs for top commit:
  Sjors:
    tACK fa80e10
  NelsonGaldeman:
    tACK fa80e10d94

Tree-SHA512: 1a1feef823f08c05268759645a8974e1b2d39a024258f5e6acecbe25097aae3fa9302c27262978b40f1aa8e7b525b60c0047199010f2a5d6017dd6434b4066f0
2021-07-14 10:57:06 +02:00
fanquake
bda62eab38
ci: skip running the Linux test-security-check target for now
The CI environment is a moving target, and these tests are somewhat
fragile, so for now, disable them.
2021-07-07 19:31:37 +08:00
fanquake
7fc1e14ce6
ci: use Ubuntu 20.04 as the default Docker container
All but 2 of the Ubuntu CIs are already using 20.04 or 21.04.
2021-07-02 10:29:03 +08:00
Kiminuo
30450a1bd5 Do not clone qa-assets git repository if not necessary 2021-06-30 11:59:49 +02:00
Tushar Singla
057750c09d ci: Upgrading pip version in macos environment
During each CI run, for macos native environment, python packages lief
and zmq are rebuilt everytime which wastes a lot of resources and time.
The latest version of pip directly fetches pre-built binaries. Through
this commit pip version is upgraded in macos environment before
installation of these packages.
2021-06-28 11:57:19 +05:30
Sjors Provoost
5be90c907e
build: enable external signer by default 2021-06-16 10:48:57 +02:00
MarcoFalke
fa3bbcf81e
ci: Properly pass msan cflags 2021-05-05 21:47:12 +02:00
glozow
d48565d109 fix permissions on 00_setup_env_native_fuzz_with_msan 2021-05-05 11:45:12 -07:00
W. J. van der Laan
1b9a5236e9
Merge bitcoin/bitcoin#21740: test: add new python linter to check file names and permissions
46b025e00d test: add new python linter to check file names and permissions (windsok)
6f6bb3ebc7 test: fix file permissions on various scripts (windsok)

Pull request description:

  Adds a new python linter test which tests for correct filenames and file permissions in the repository.

  Replaces the existing tests in the `test/lint/lint-filenames.sh` and `test/lint/lint-shebang.sh` linter tests, as well as adding some new and increased testing. This increased coverage is intended to catch issues such as in #21728 and https://github.com/bitcoin/bitcoin/pull/16807/files#r345547050

  Summary of tests:
  * Checks every file in the repository against an allowed regexp to make sure only lowercase or uppercase alphanumerics (a-zA-Z0-9), underscores (_), hyphens (-), at (@) and dots (.) are used in repository filenames.

  * Checks only source files (*.cpp, *.h, *.py, *.sh) against a stricter allowed regexp to make sure only lowercase alphanumerics (a-z0-9), underscores (_), hyphens (-) and dots (.) are used in source code filenames. Additionally there is an exception regexp for directories or files which are excepted from matching this regexp (This should replicate the existing `test/lint/lint-filenames.sh` test)

  * Checks all files in the repository match an allowed executable or non-executable file permission octal. Additionally checks that for executable files, the file contains a shebang line.

  * Checks that for executable `.py` and `.sh` files, the shebang line used matches an allowable list of shebangs (This should replicate the existing `test/lint/lint-shebang.sh` test)

  * Checks every file that contains a shebang line to ensure it has an executable permission

  Additionally updates the permissions on various files to comply with the new tests.

  Fixes #21729

ACKs for top commit:
  practicalswift:
    cr re-ACK 46b025e00d: patch still looks correct
  kiminuo:
    code review ACK 46b025e00d if `contrib/gitian-descriptors/assign_DISTNAME` permission change is deemed OK.
  laanwj:
    Code review ACK 46b025e00d

Tree-SHA512: 1c8201a2cee0d9cbce15652b68cec9a6458a8b493fcd5392f98560aca0b1a12e668baab65a47100f116f626dadc3f591deb47f7368468c6a46c6c712c2533455
2021-05-05 17:14:22 +02:00
W. J. van der Laan
b7c2625703
Merge bitcoin/bitcoin#21664: contrib: use LIEF for macOS and Windows symbol & security checks
7fc5e865b9 test: install lief in CI (fanquake)
955140b326 contrib: consolidate PIE and NX security checks (fanquake)
2aa1631822 contrib: use LIEF in PE symbol checks (fanquake)
e93ac26b85 contrib: use LIEF in macOS symbol checks (fanquake)
a632cbcee5 contrib: use f strings in symbol-check.py (fanquake)
0f5d77c8e4 contrib: add PE PIE check to security checks (fanquake)
8e1f40dd9a contrib: use LIEF for PE security checks (fanquake)
a25b2e965c contrib: use LIEF for macOS security checks (fanquake)
7e7eae7aa8 contrib: use f strings in security-check.py (fanquake)
2e7a9f7ade guix: install LIEF in Guix container (fanquake)
465967b5ef gitian: install LIEF in gitian container (fanquake)

Pull request description:

  This PR is a proof of concept for using [LIEF](https://github.com/lief-project/LIEF) for the PE and MACHO symbol and security checks. It replaces our current approach of manually parsing the output of `objdump` & `otool`. If the consensus is that using LIEF is ok, then I also plan on replacing [pixie.py](https://github.com/bitcoin/bitcoin/blob/master/contrib/devtools/pixie.py), and using LIEF for all checks. LIEF for Linux is also currently blocked (on the next release, unless we want to build master) on one change for RISC-V that I [sent upstream](https://github.com/lief-project/LIEF/pull/562).

  LIEF is seemingly well maintained, and is the basis for a number of other tools. It also has some very nice documentation; i.e the [Python API for ELF](https://lief.quarkslab.com/doc/latest/api/python/elf.html). It also has many builtins we can take advantage of. i.e [`is_pie`](https://lief.quarkslab.com/doc/latest/api/python/macho.html#lief.MachO.Binary.is_pie), [`has_nx`](https://lief.quarkslab.com/doc/latest/api/python/macho.html#lief.MachO.Binary.has_nx) etc. This means we can [consolidate some of our checks](9c5eeb5484). If/when end up using LIEF for lightning then we can consolidate further, and cleanup these scripts. i.e to not parse the binary inside the checks, but once at the start of the script.

  Guix builds:
  ```bash
  # find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
  963a08638c46f9a3d75cd4b0c155d1ca091bbeba27167291adcd3dca03fd4c3d  guix-build-f51237d94d98/output/aarch64-linux-gnu/bitcoin-f51237d94d98-aarch64-linux-gnu-debug.tar.gz
  a3ce927c46b103789a010c41a6ebfafe4548d90ee7d88f2a735c9183b775da5c  guix-build-f51237d94d98/output/aarch64-linux-gnu/bitcoin-f51237d94d98-aarch64-linux-gnu.tar.gz
  2503ac8901068805d5e7251fd5cfeb7c1f8ba3528bdfcf3aa1e0c40bfd5c1cbc  guix-build-f51237d94d98/output/arm-linux-gnueabihf/bitcoin-f51237d94d98-arm-linux-gnueabihf-debug.tar.gz
  5798697e58e1788df85aa9e2e4d33fef0456169fcbd2521f13b3b5806ac0d84d  guix-build-f51237d94d98/output/arm-linux-gnueabihf/bitcoin-f51237d94d98-arm-linux-gnueabihf.tar.gz
  4185adebc6a0abe7241a3cd409a6ab7be031c26f1c4245e30bb5f87eef0925d2  guix-build-f51237d94d98/output/dist-archive/bitcoin-f51237d94d98.tar.gz
  9b4b8756c5c84295eb6b61b6b32a07a8d07723fb38aaa8f519b6133935061bda  guix-build-f51237d94d98/output/powerpc64-linux-gnu/bitcoin-f51237d94d98-powerpc64-linux-gnu-debug.tar.gz
  cbd821aa464a9c16f7979dbec1a5e66939e777a567f55f7081499a8d528d42c5  guix-build-f51237d94d98/output/powerpc64-linux-gnu/bitcoin-f51237d94d98-powerpc64-linux-gnu.tar.gz
  abed530a82e97e3cf621c90a13c0881b0e39ccce2a6f42a3ff80de76e2abc5f7  guix-build-f51237d94d98/output/powerpc64le-linux-gnu/bitcoin-f51237d94d98-powerpc64le-linux-gnu-debug.tar.gz
  8b6d2bdd8b58ff1f6072bf8693abe3ce773ff3a7d8d2b7218207e69945b9d31b  guix-build-f51237d94d98/output/powerpc64le-linux-gnu/bitcoin-f51237d94d98-powerpc64le-linux-gnu.tar.gz
  d99cc705032d22ae819975992216899ed960ba25871a05c8789d00b80418511f  guix-build-f51237d94d98/output/riscv64-linux-gnu/bitcoin-f51237d94d98-riscv64-linux-gnu-debug.tar.gz
  5240ca4f4ef7c62088185224ac319ad9a4a9b40075df10af18d8a6355bca32fb  guix-build-f51237d94d98/output/riscv64-linux-gnu/bitcoin-f51237d94d98-riscv64-linux-gnu.tar.gz
  adc16eaee4b51e8615ce8b3be9f6c018698237df4ad6e0886cf0d4ab6bc9e5c4  guix-build-f51237d94d98/output/x86_64-apple-darwin18/bitcoin-f51237d94d98-osx-unsigned.dmg
  b188af0572ee682d74cc82c7e6e464115205fc130a457cfe19d42ac9ddd267f8  guix-build-f51237d94d98/output/x86_64-apple-darwin18/bitcoin-f51237d94d98-osx-unsigned.tar.gz
  e764062fde144e6fb5d6dd776c10fc2daa8d775831f7e43247d17a6c6e060c97  guix-build-f51237d94d98/output/x86_64-apple-darwin18/bitcoin-f51237d94d98-osx64.tar.gz
  dab3d26ac94c669140f7329d14e57ef02b0fe92b8a8f9d96c32a416adea0da0f  guix-build-f51237d94d98/output/x86_64-linux-gnu/bitcoin-f51237d94d98-x86_64-linux-gnu-debug.tar.gz
  ca59d4379fbe2b9a52deebeaf88508e0eda4215f28d319aff0781289dd159712  guix-build-f51237d94d98/output/x86_64-linux-gnu/bitcoin-f51237d94d98-x86_64-linux-gnu.tar.gz
  52b7c35321a85c4f6c95bf0e687574454b71ede9bec1c9cf17f37c578c888a94  guix-build-f51237d94d98/output/x86_64-w64-mingw32/bitcoin-f51237d94d98-win-unsigned.tar.gz
  a543895a00f8ffb3ba50ca68396d52ad5a18dd8efe38730e0049dd70d283a092  guix-build-f51237d94d98/output/x86_64-w64-mingw32/bitcoin-f51237d94d98-win64-debug.zip
  aec050d03c65268a986148500f7341cceb8c5f85287e0e3cde8933ce4b4dee32  guix-build-f51237d94d98/output/x86_64-w64-mingw32/bitcoin-f51237d94d98-win64-setup-unsigned.exe
  57ba33ed6ee8d3a885e342471359301473e83037d5442895beb686921a4c50e9  guix-build-f51237d94d98/output/x86_64-w64-mingw32/bitcoin-f51237d94d98-win64.zip
  ```

  Gitian builds:
  ```bash
  # macOS:
  2f066e852bdd30ac46e5ecdf7619d19d408035c318a3edf0f1893ec2e25efb69  bitcoin-41a1b3d1b130-osx-unsigned.dmg
  8cf8ac4d21740f490262453c330b5f4a5c5b8139dfc1b322efefce3f3b93d1b2  bitcoin-41a1b3d1b130-osx-unsigned.tar.gz
  cf1b84efdd9d2588a1ce9513580fb56b38bfafe60e18f8adbeedf03521c6c2b2  bitcoin-41a1b3d1b130-osx64.tar.gz
  14995244b0bb3e80e7b79975c9c70fdfb3ee3c04fda3efd5358ce1c4efa3a312  src/bitcoin-41a1b3d1b130.tar.gz
  93881069d5e1dc385c08895a7b035a94eb010325afc2776c99b6aafa21096eb8  bitcoin-core-osx-22-res.yml

  # Windows:
  4d56dd7713121684b7eaa448679c65df2fd0aa5319bf8d12fb6cfa9f0b005cf7  bitcoin-f51237d94d98-win-unsigned.tar.gz
  4558f4173152b084bcba25aa1a53c605208a70fe20392141b63cefb476528c85  bitcoin-f51237d94d98-win64-debug.zip
  b63feaca010e86d514cfe38d716e3c8a8b8058e4f969b868aaaeb8a8a3d3dc81  bitcoin-f51237d94d98-win64-setup-unsigned.exe
  de7d8586cc91ba391fe911853a99d9fd15fc6f9a60f9b91a0447940173aac67a  bitcoin-f51237d94d98-win64.zip
  4185adebc6a0abe7241a3cd409a6ab7be031c26f1c4245e30bb5f87eef0925d2  src/bitcoin-f51237d94d98.tar.gz
  45efaca35b5fad0a04dfd06e44f7c00b990aa91c7bf2faea57e020d3491a6cf0  bitcoin-core-win-22-res.yml

  # Linux:
  055d646c5f8cf4708008374546176012ff758566a2645a3a01e1a33eab1002fe  bitcoin-f51237d94d98-aarch64-linux-gnu-debug.tar.gz
  bfc8b0efc36b0474c88546b12d2723c04b4dc629ae311082025c7e0b8f0d1aa9  bitcoin-f51237d94d98-aarch64-linux-gnu.tar.gz
  9dfaa5acfffadad8942b32996458013a155d12ed07be76601f232233627b5cb9  bitcoin-f51237d94d98-arm-linux-gnueabihf-debug.tar.gz
  54eb57905ff8513b9f628707b61aa4659c362fb2f6d17e0ee240b4da3674907d  bitcoin-f51237d94d98-arm-linux-gnueabihf.tar.gz
  ad98d876616eff578ad8cfd17dfbabe48ed14200823579687d66694bae3d2fe3  bitcoin-f51237d94d98-powerpc64-linux-gnu-debug.tar.gz
  fe1b421dd1cb6e04d5dc5d341459dc15fa6e15b80906e5d8e0405cf43495e0f7  bitcoin-f51237d94d98-powerpc64-linux-gnu.tar.gz
  9001d95cc7d2722d9d7dd83d9da8e5adf575fddf91b615b76b9bcfece30ecf6f  bitcoin-f51237d94d98-powerpc64le-linux-gnu-debug.tar.gz
  9e0650ad2aba70c0fd1608a077e95f335dc1bb4a79eab9b0b56ac87427a4fd4f  bitcoin-f51237d94d98-powerpc64le-linux-gnu.tar.gz
  fbfde0134944d3dbd32991455b0a8abdd334853ab8a4c1a1a4c060d9de071c50  bitcoin-f51237d94d98-riscv64-linux-gnu-debug.tar.gz
  2fa2cfddce98c44c65305326fc623a7f065129208337503d813a08d51580cb8a  bitcoin-f51237d94d98-riscv64-linux-gnu.tar.gz
  b2d6caeee0e3c350a43165c39876ebed8e588958007af0d06996e341c7060683  bitcoin-f51237d94d98-x86_64-linux-gnu-debug.tar.gz
  bfdb827e75d43d61462513c9a843620b93c9160d9d246cad13278baaa07f64ea  bitcoin-f51237d94d98-x86_64-linux-gnu.tar.gz
  4185adebc6a0abe7241a3cd409a6ab7be031c26f1c4245e30bb5f87eef0925d2  src/bitcoin-f51237d94d98.tar.gz
  34820a093916fa35b0fd98806a50092f46b20271af7422f43e2a4223ef6f9bb7  bitcoin-core-linux-22-res.yml
  ```

ACKs for top commit:
  laanwj:
    re-ACK 7fc5e865b9

Tree-SHA512: 0c30838413448ecfcf55e6273f607fdb01cb1acafa1d2762afad59360fca7d8efa78ec55064f50cba56cb2c9e98741e13665cba8e9b4b8e5b62b8a53f9bf8990
2021-05-05 13:22:59 +02:00
MarcoFalke
a1c6434e19
Merge bitcoin/bitcoin#21852: ci: Add msan fuzz config
fa0422c251 ci: Add msan fuzz config (MarcoFalke)
fa399a76c6 ci: Use clang-12 in msan task (MarcoFalke)
fab30174af ci: Set BASE_SCRATCH_DIR early, so that it can be used in test configs (MarcoFalke)

Pull request description:

  Similar to the valgrind config, this config is not run by any ci task in this repo, but it can be used by other repos or self-hosted infrastructure.

ACKs for top commit:
  practicalswift:
    cr ACK fa0422c251: patch looks correct

Tree-SHA512: 2122ac0948978a7b952efc80d4aa3674b27d48c6166e0ce917c61ac4ee6b68d701a83e5f71ee6868c208885ee45aae409ca022ebcb23ccbe37819a8c36e34872
2021-05-04 17:04:49 +02:00
MarcoFalke
fa0422c251
ci: Add msan fuzz config 2021-05-04 15:06:00 +02:00
MarcoFalke
fa399a76c6
ci: Use clang-12 in msan task 2021-05-04 15:04:11 +02:00
MarcoFalke
fab30174af
ci: Set BASE_SCRATCH_DIR early, so that it can be used in test configs
Can be reviewed with --color-moved=dimmed-zebra
2021-05-04 15:03:14 +02:00
fanquake
7fc5e865b9
test: install lief in CI 2021-05-04 20:48:53 +08:00
fanquake
0ca8b7e7ec
Merge bitcoin/bitcoin#21812: ci: Enable D_GLIBCXX_DEBUG for multiprocess task
fa44f5119a ci: Clarify that previous_releases task is using DEBUG (MarcoFalke)
fad0f21c3c ci: Use clang in multiprocess task to avoid OOM (MarcoFalke)
faeabef4f3 ci: Enable D_GLIBCXX_DEBUG for multiprocess task (MarcoFalke)

Pull request description:

  Enable `-D_GLIBCXX_DEBUG` via the depends `DEBUG` flag. Also `--enable-debug` to get debug symbols in traces.

ACKs for top commit:
  hebasto:
    ACK fa44f5119a, I have reviewed the code and it looks OK, I agree it can be merged, and CI is green.

Tree-SHA512: ab2a216bb44ee462f9dd181ec9025962502bd4201a1118ff52b6a193398e7ea3ca465a45a5eb341e308758fc3ef34ea3521f8a1f85ed64478ef3c1f6c1b8b141
2021-05-04 19:18:35 +08:00