Commit graph

21 commits

Author SHA1 Message Date
fanquake
74c9893989
guix: use glibc 2.27 for all Linux builds
Also point to the latest commit on the glibc 2.27 releases branch.

https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.27/master
2023-02-13 14:16:24 +00:00
fanquake
af2a7c8943
guix: consistently use -ffile-prefix-map
Aside from being the newer, more comprehensive option, it's what we
claim to use in the patch docs, and everywhere else in guix.
2022-09-06 09:51:55 +01:00
fanquake
7a0b129c41
guix: patch NSIS to remove .reloc sections from install stubs
With the release of binutils/ld 2.36, ld swapped to much improved
default settings when producing windows binaries with mingw-w64. One of
these changes was to stop stripping the .reloc section from binaries,
which is required for working ASLR.

.reloc section stripping is something we've accounted for previously,
see . The related upstream discussion is in this thread:
https://sourceware.org/bugzilla/show_bug.cgi?id=19011.

When we switched to using a newer Guix time-machine in , we begun
using binutils 2.37 to produce releases. Since then, our windows
installer (produced with makensis) has not functioned correctly when run on
a Windows system with the "Force randomization for images (Mandatory ASLR)"
option enabled. Note that all of our other release binaries, which all
contain .reloc sections, function fine under the same option, so it
cannot be just the presence of a .reloc section that is the issue.

For now, restore makensis to it's pre-binutils-2.36 behaviour, which
fixes the produced installer. The underlying issue can be further
investigated in future.
2022-08-05 18:15:12 +01:00
Andrew Chow
5bff18bce5 guix: patch gcc 10 with pthreads to remap guix store paths 2022-07-06 17:24:20 -04:00
fanquake
ca08e00a1b
Merge : guix: use elfesteem 2eb1e5384ff7a220fd1afacd4a0170acff54fe56
103c0d9f7e guix: use elfesteem 2eb1e5384ff7a220fd1afacd4a0170acff54fe56 (fanquake)

Pull request description:

  Our patch has been merged upstream, see https://github.com/LRGH/elfesteem/pull/3.

  Guix Build (x86_64):
  ```bash
  3deb66d386587e7ce29b92528170081d9e74443ddf50d07b72aacaee31c11641  guix-build-103c0d9f7e08/output/aarch64-linux-gnu/SHA256SUMS.part
  5f53a059ccf07181fa1154dc6ab741a9beda663a48d123d2aa4256ca7d38497a  guix-build-103c0d9f7e08/output/aarch64-linux-gnu/bitcoin-103c0d9f7e08-aarch64-linux-gnu-debug.tar.gz
  20cdb705439ff54822f7c3cad12254b46f8ff93aae58f1716253f39bd734eaf1  guix-build-103c0d9f7e08/output/aarch64-linux-gnu/bitcoin-103c0d9f7e08-aarch64-linux-gnu.tar.gz
  ae51fb2ef8e76326bde4693f778444a5c21df1feba42b161e667c5f069aae967  guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/SHA256SUMS.part
  0ffeaa089582871a578069c0251bf51823624274c23c2fd65f04d2a3e50f3296  guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/bitcoin-103c0d9f7e08-arm-linux-gnueabihf-debug.tar.gz
  71f3da47678d8169414ef0072271604fa550e84ce86979706b3b289a1521a119  guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/bitcoin-103c0d9f7e08-arm-linux-gnueabihf.tar.gz
  f5d13de726f7705e946a2b3a63d182d8c7e70e3adc9a92552676898e9819db27  guix-build-103c0d9f7e08/output/arm64-apple-darwin/SHA256SUMS.part
  e411e8f0cc3ab18981ccb65768a6af1622748c14b6e0513401179bcd0df519a7  guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin-unsigned.dmg
  d7e9aa52f9b0a0249445e926753978d6845bab0c02639d162879b921f237b8ce  guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin-unsigned.tar.gz
  cefde91f0b75a27e945f190194dbe0dab5653a6bcc91b18bec34d952aebd72d7  guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin.tar.gz
  0b399fd5f7a85974ab25933575a0173c814d4ab578d16ab13896bb51e408b92f  guix-build-103c0d9f7e08/output/dist-archive/bitcoin-103c0d9f7e08.tar.gz
  22d6a771d2eab73ab328c8b472160333dd52c6f734761f466c79251a37bd1895  guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/SHA256SUMS.part
  a6e598b022683e0858be8bd4a6d75bc15f2fbc7632c45f8b03c7a8dff367343a  guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/bitcoin-103c0d9f7e08-powerpc64-linux-gnu-debug.tar.gz
  04ea54706ac47f8880ae0fcddabb0f4fe899a0bacf52d0d936dbbc1149e14e10  guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/bitcoin-103c0d9f7e08-powerpc64-linux-gnu.tar.gz
  059a7018ce96e141c258d516b85c3ee95f02b61dc2db4931fa14993b2bd945e3  guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/SHA256SUMS.part
  aacaa0e4827808ed189152c6f1a4e0d9300b89136a7dc064fd045f700ee06084  guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/bitcoin-103c0d9f7e08-powerpc64le-linux-gnu-debug.tar.gz
  4041f8de495b4633df0e28d75ab6cfd0bfe7ec9292384ce4d3331383d06da310  guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/bitcoin-103c0d9f7e08-powerpc64le-linux-gnu.tar.gz
  1586a47797a803cab03a9ebcd207eb395e1651c443e9192ac2b144b85e014762  guix-build-103c0d9f7e08/output/riscv64-linux-gnu/SHA256SUMS.part
  74f088bca4e7c0d44e6b7161ee4c835b38bc9291c78f37e53d3ede2da98d52c0  guix-build-103c0d9f7e08/output/riscv64-linux-gnu/bitcoin-103c0d9f7e08-riscv64-linux-gnu-debug.tar.gz
  12cfe35b28de03f2355d6fb5ed9393001d3b5a06b12a2792cb863ca4ae61db17  guix-build-103c0d9f7e08/output/riscv64-linux-gnu/bitcoin-103c0d9f7e08-riscv64-linux-gnu.tar.gz
  b021e117d1e92ad105234661468efeab98246db79d51267a766399776999bafe  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/SHA256SUMS.part
  0a6c9d00f9ea2d67ca58c867258bb1b595a3141d5f199ffb047f7235bb2863a6  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin-unsigned.dmg
  a7df5f759e792e4fae46ab7ddca5db8cff8973aa33d7d99c4bfbf7c04c2d3013  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin-unsigned.tar.gz
  801ec4f81af5f184cc0e0fcf650f4e5822d895a4202c35575f46e1c63498b1aa  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin.tar.gz
  813e9c9c6e0ce430d2096963dbffeb141f239d67b334e44b3fd1f1bc9246758d  guix-build-103c0d9f7e08/output/x86_64-linux-gnu/SHA256SUMS.part
  43e7afc360267fea8e1620e0c2ea40c45af07debbd646abf9fe631465c2e2c47  guix-build-103c0d9f7e08/output/x86_64-linux-gnu/bitcoin-103c0d9f7e08-x86_64-linux-gnu-debug.tar.gz
  0c5fc4b3c5bf4a53f1f9710cd738d5c0bbe6a2f0dc45e91f92065ae766b63635  guix-build-103c0d9f7e08/output/x86_64-linux-gnu/bitcoin-103c0d9f7e08-x86_64-linux-gnu.tar.gz
  08c031137c2c472a944f3220cf3812a8ec1dd70da9b0f264361ba16badb65b9f  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/SHA256SUMS.part
  4bbdc405075001b61e7cc48974e4b987c887a861add6db419fb51eccd914fbb0  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-debug.zip
  8de95b683500300a787dd1d0d74580e9d6ab448f00f4c32e58ad830b763f2755  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-setup-unsigned.exe
  36202c352d1f3b238daa00126f7ad369e53a510a32bb2585d69f967ef02aff48  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-unsigned.tar.gz
  6255922a31502a23ea323095dec2d176bca22977222936fc7857a55ac001f6e9  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64.zip
  ```

ACKs for top commit:
  hebasto:
    ACK 103c0d9f7e, I have reviewed the code and it looks OK.

Tree-SHA512: 421956999d2daedbce2e94a13dffa20b2dafb36ca5ffa094d8dca79eb5e60ec91bfade59cd24da548b45aec00f688d570e61a3567ea8075c25d198ac7fc4efff
2022-07-01 10:41:31 +01:00
fanquake
103c0d9f7e
guix: use elfesteem 2eb1e5384ff7a220fd1afacd4a0170acff54fe56
Our patch has been merged upstream, see
https://github.com/LRGH/elfesteem/pull/3
2022-06-30 11:21:06 +01:00
Andrew Chow
54faac9689
guix: Remove guix store paths from glibc
Without ffile-prefix-map, the debug symbols will contain paths for the
guix store which will include the hashes of each package. However, the
hash for the same package will differ when on different architectures.
In order to be reproducible regardless of the architecture used to build
the package, map all guix store prefixes to something fixed, e.g. /usr.

We might be able to drop this in favour of using --with-nonshared-cflags
when we being using newer versions of glibc.
2022-06-28 14:19:33 +01:00
fanquake
5f082ad4e4
guix: patch LIEF to fix PPC64 NX default
This patches our LIEF build using the change merged upstream:
https://github.com/lief-project/LIEF/pull/718.

This can be dropped the next time we update LIEF.
2022-06-25 10:04:10 +01:00
fanquake
88fd3f81ec
guix: use -fcommon when building glibc 2.24
GCC 10 started using -fno-common by default, which causes issues with
the powerpc builds using gibc 2.24. A patch was commited to glibc to fix
the issue, 18363b4f010da9ba459b13310b113ac0647c2fcc but is non-trvial
to backport, and was broken in at least one way, see the followup in
commit 7650321ce037302bfc2f026aa19e0213b8d02fe6.

For now, retain the legacy GCC behaviour by passing -fcommon when
building glibc 2.24.

https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html.
https://sourceware.org/git/?p=glibc.git;a=commit;h=18363b4f010da9ba459b13310b113ac0647c2fcc
https://sourceware.org/git/?p=glibc.git;a=commit;h=7650321ce037302bfc2f026aa19e0213b8d02fe6
2022-05-12 08:21:16 +01:00
fanquake
0e51913595
guix: fix glibc 2.27 multiple definition warnings with GCC 10 2022-05-12 08:21:16 +01:00
fanquake
508bd4d357
guix: adjust RISC-V __has_include() patch to work with GCC 10
The actual macro is __has_include(), not __has_include__(), using the
later would result in build failures when using GCC 10. i.e:
```bash
../sysdeps/unix/sysv/linux/riscv/flush-icache.c:24:5: warning: "__has_include__" is not defined, evaluates to 0 [-Wundef]
   24 | #if __has_include__ (<asm/syscalls.h>)
```

Looks like at least someone else has run into the same thing, see:
http://lists.busybox.net/pipermail/buildroot/2020-July/590376.html.

See also:
https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005finclude.html
https://clang.llvm.org/docs/LanguageExtensions.html#has-include
2022-05-12 08:21:15 +01:00
fanquake
457148a803
guix: fix GCC 10.3.0 + mingw-w64 setjmp/longjmp issues
This commit backports a patch to the GCC 10.3.0 we build for Windows
cross-compilation in Guix. The commit has been backported to the GCC
releases/gcc-10 branch, but hasn't yet made it into a release.

The patch corrects a regression from an earlier GCC commit, see:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=357c4350680bf29f0c7a115424e3da11c53b5582
and
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=074226d5aa86cd3de517014acfe34c7f69a2ccc7,
related to the way newer versions of mingw-w64 implement setjmp/longjmp.

Ultimately this was causing a crash for us when Windows users were
viewing the network traffic tab inside the GUI. After some period, long
enough that a buffer would need reallocating, a call into FreeTypes
gray_record_cell() would result in a call to ft_longjmp (longjmp), which
would then trigger a crash.

Fixes: https://github.com/bitcoin-core/gui/issues/582.

See also:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e8d1ca7d2c344a411779892616c423e157f4aea8.
https://bugreports.qt.io/browse/QTBUG-93476.
2022-04-13 13:10:03 +01:00
fanquake
d6fae988ef
guix: fix vmov alignment issues with gcc 10.3.0 & mingw-w64
This introduces a patch to our GCC (10.3.0) mingw-w64 compiler, in Guix, to make
it avoid using aligned vmov instructions. This works around a longstanding issue
in GCC, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=54412, which was recently
discovered to be causing issues, see .

Note that distros like Debian are also patching around this issue, and that is
where this patch comes from. This would also explain why we haven't run into this
problem earlier, in development builds. See:
https://salsa.debian.org/mingw-w64-team/gcc-mingw-w64/-/blob/master/debian/patches/vmov-alignment.patch.

Fixes .
Alternative to .

See also:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939559
2022-04-01 13:24:22 +01:00
fanquake
b1e8f0b96e
guix: use uptream nsis-x86_64
Our patch is now used upstream.
2022-01-05 10:32:24 +08:00
fanquake
3ccfba1c7f
guix: use GCC 10 (over GCC 8) to build releases
This currently points to the version-1.4.0 branch.
2022-01-05 10:32:19 +08:00
Carl Dong
678348db51
guix: Patch binutils to add security-related disable flags
We use these flags in our test-security-check make target, but they are
only available because debian patches them in.

We can patch them in for our Guix builds so that we can check the sanity
of our security/symbol checking suite before running them.
2021-07-07 19:31:37 +08:00
fanquake
15fc9a0299
guix: add additional documentation to patches 2021-07-06 20:50:47 +08:00
Carl Dong
16b0a936e1 guix: Rebase toolchain on glibc 2.24 (2.27 for riscv64)
Support for riscv64 in glibc landed in 2.27 so it's unavoidable that we
use 2.27.

Running a Bitcoin build with toolchains based on 2.24 for platforms
other than riscv64 seem to produce binaries which do not have 2.17
symbols. So use 2.24 since it's more recent and maintained by Debian
Stretch.
2021-07-01 16:17:03 -04:00
Carl Dong
ee883201cf guix: repro: Sort find output in libtool for gcc-8
Otherwise the resulting .a static libraries (e.g. libstdc++.a) will not
be reproducible and end up making the Bitcoin binaries non-reproducible
as well.

See: https://reproducible-builds.org/docs/archives/#gnu-libtool
2021-05-19 15:29:10 -04:00
Carl Dong
bac2690e6f guix: Package codesigning tools 2021-05-13 15:41:56 -04:00
Carl Dong
a91c46c57d guix: Make nsis reproducible by respecting SOURCE-DATE-EPOCH
When building nsis, if VERSION is not specified, it defaults to
cvs_version which is non-deterministic as it includes the current date.

This patches nsis to default to SOURCE_DATE_EPOCH if it exists so that
nsis is reproducible.

Upstream change: https://github.com/kichik/nsis/pull/13
2021-01-17 18:43:58 -05:00