Commit graph

67 commits

Author SHA1 Message Date
Wladimir J. van der Laan
a3d198c93c
Merge #17863: scripts: Add MACHO dylib checks to symbol-check.py
c491368d8c scripts: add MACHO dylib checking to symbol-check.py (fanquake)
76bf97213f scripts: fix check-symbols & check-security argument passing (fanquake)

Pull request description:

  Based on #17857.

  This adds dynamic library checks for MACHO executables to symbol-check.py. The script has been modified to function more like `security-check.py`. The error output is now also slightly different. i.e:
  ```bash
  # Linux x86
  bitcoin-cli: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4
  bitcoin-cli: export of symbol vtable for std::basic_ios<char, std::char_traits<char> > not allowed
  bitcoin-cli: NEEDED library libstdc++.so.6 is not allowed
  bitcoin-cli: failed IMPORTED_SYMBOLS EXPORTED_SYMBOLS LIBRARY_DEPENDENCIES

  # RISCV (skips exported symbols checks)
  bitcoin-tx: symbol operator new[](unsigned long) from unsupported version GLIBCXX_3.4
  bitcoin-tx: NEEDED library libstdc++.so.6 is not allowed
  bitcoin-tx: failed IMPORTED_SYMBOLS LIBRARY_DEPENDENCIES

  # macOS
  Checking macOS dynamic libraries...
  libboost_filesystem.dylib is not in ALLOWED_LIBRARIES!
  bitcoind: failed DYNAMIC_LIBRARIES
  ```

  Compared to `v0.19.0.1` the macOS allowed dylibs has been slimmed down somewhat:
  ```diff
   src/qt/bitcoin-qt:
   /usr/lib/libSystem.B.dylib
  -/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
   /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
   /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
   /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
   /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
   /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
   /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
  -/System/Library/Frameworks/Security.framework/Versions/A/Security
  -/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
   /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
  -/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
  -/System/Library/Frameworks/AGL.framework/Versions/A/AGL
   /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
   /usr/lib/libc++.1.dylib
  -/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
   /System/Library/Frameworks/CoreText.framework/Versions/A/CoreText
   /System/Library/Frameworks/ImageIO.framework/Versions/A/ImageIO
   /usr/lib/libobjc.A.dylib
  ```

ACKs for top commit:
  laanwj:
    ACK c491368d8c

Tree-SHA512: f8624e4964e80b3e0d34e8d3cc33f3107938f3ef7a01c07828f09b902b5ea31a53c50f9be03576e1896ed832cf2c399e03a7943a4f537a1e1c705f3804aed979
2020-01-22 20:33:44 +01:00
MarcoFalke
0a8b68cdf7
Merge #17483: build: Set gitian arch back to amd64
fae75306ba scripted-diff: Set gitian arch back to amd64 (MarcoFalke)

Pull request description:

  This was required to allow gitian builds on non-amd64 architecture, however, it seems to break the current builds (with lxc), see https://github.com/bitcoin/bitcoin/pull/17409#issuecomment-554099626

  Also, the gititan builds wouldn't be deterministic across arches anyway, see #17468

  So instead of wasting more time on this, revert the change and hope that guix allows to compile on non-amd64 architectures.

Top commit has no ACKs.

Tree-SHA512: 801e9a30ae1b0882ef45d5eb3a3cf80f3ace3b99db046069dbd95b6162119e977e3cf3134287d1ac5d09483906206acc71e1ac34d6b74dbc533d46aaf73f5cc2
2020-01-22 09:50:26 -05:00
fanquake
c491368d8c
scripts: add MACHO dylib checking to symbol-check.py 2020-01-04 11:24:42 +08:00
fanquake
4ca92dc6d3
scripts: add MACHO PIE check to security-check.py 2020-01-02 14:42:21 +08:00
Wladimir J. van der Laan
1f59885d27
Merge #17361: script: Lint Gitian descriptors with ShellCheck
17f81e9648 script: Enable SC2001 rule for Gitian scripts (Hennadii Stepanov)
61bb21b418 script: Enable SC2155 rule for Gitian scripts (Hennadii Stepanov)
577682d9e8 script: Enable SC2006 rule for Gitian scripts (Hennadii Stepanov)
14aded46df script: Lint Gitian descriptors with ShellCheck (Hennadii Stepanov)

Pull request description:

  This PR extracts shell scripts from Gitian descriptors (`contrib/gitian-descriptors/`) and checks for ShellCheck warnings as any other one.

  Some non-controversial warnings are fixed.

ACKs for top commit:
  practicalswift:
    ACK 17f81e9648 -- diff looks correct

Tree-SHA512: bdfa3d35bbb65ff634c90835d75c3df63e958b558599771d21366724f5cf64da83a68957d926e926a99c3704b9529e96a17697dc8d9ff3adf7154d9cb1999a8d
2019-11-28 10:18:22 +01:00
Hennadii Stepanov
17f81e9648
script: Enable SC2001 rule for Gitian scripts 2019-11-27 19:27:56 +02:00
Hennadii Stepanov
61bb21b418
script: Enable SC2155 rule for Gitian scripts
Also pwd command is replaced with $PWD variable everywhere for
consistency.
2019-11-27 19:25:29 +02:00
fanquake
7d7bf2ff4a
build: set minimum supported macOS to 10.12 2019-11-21 11:08:47 -05:00
MarcoFalke
fae75306ba
scripted-diff: Set gitian arch back to amd64
-BEGIN VERIFY SCRIPT-
sed -i -e 's|"linux64"|"amd64"|g' $(git grep -l '"linux64"')
-END VERIFY SCRIPT-
2019-11-14 17:10:18 -05:00
MarcoFalke
333362991c
doc: Explain $LIB in LD_PRELOAD in gitian descriptors 2019-11-12 12:06:34 -05:00
MarcoFalke
fab9850ef4
scripted-diff: Avoid hardcoded libfaketime dir in gitian
-BEGIN VERIFY SCRIPT-
sed -i -e "s|'export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1'|\"export LD_PRELOAD='/usr/\\\\\$LIB/faketime/libfaketime.so.1'\"|g" $(git grep -l 'x86_64-linux-gnu/faketime')
sed -i -e 's|"amd64"|"linux64"|g' $(git grep -l '"amd64"')
-END VERIFY SCRIPT-
2019-11-07 22:35:51 -05:00
Hennadii Stepanov
577682d9e8
script: Enable SC2006 rule for Gitian scripts 2019-11-06 15:11:54 +02:00
MarcoFalke
fa1ad8f06e
build: Bump gitian descriptor versions 2019-10-04 09:17:57 -04:00
Carl Dong
993aa414d3
scripted-diff: gitian: Use REFERENCE_DATETIME directly.
Fixes regression introduced by #16141

-BEGIN VERIFY SCRIPT-
sed -i 's#\$REFERENCE_DATE\\\\\\ \$REFERENCE_TIME#\$REFERENCE_DATETIME#g' contrib/gitian-descriptors/*
-END VERIFY SCRIPT-
2019-06-10 15:14:05 -04:00
fanquake
bc8863b819
depends: remove usage of TAR_OPTIONS 2019-06-05 15:39:17 +02:00
fanquake
3ff1f2a319
build: remove export GZIP from gitian descriptors 2019-06-03 15:51:59 -04:00
Hennadii Stepanov
b8705a0915
Set 'distro' explicitly 2019-03-16 07:40:50 +02:00
Wladimir J. van der Laan
12408d33c6
Merge #15549: gitian: Improve error handling
32da92bdf6 gitian: Improve error handling (Wladimir J. van der Laan)

Pull request description:

  Improve error handling in gitian builds:

  - Set fail-on-error and pipefail flag, this causes a command to fail when either of the pipe stages fails, not only when the last of the stages fails, so this improves error detection.
  - Also use `xargs` instead of `find -exec`, because `find` will not propagate errors in the executed command, but `xargs` will.

  This will avoid some issues like #15541 where non-determinism is silently introduced due to errors caused by environment conditions (such as lack of disk space in that case).

Tree-SHA512: d5d3f22ce2d04a75e5c25e935744327c3adc704c2d303133f2918113573a564dff3d3243d5569a2b93ee7eb0e97f8e1b1ba81767e966af9015ea711a14091035
2019-03-09 06:45:19 +01:00
MarcoFalke
923d87497c
Merge #15528: contrib: Bump gitian descriptors for 0.19
fa58a2e335 contrib: Bump gitian descriptors for 0.19 (MarcoFalke)

Pull request description:

  Bump the cache directory (as in 263b3777e7)

Tree-SHA512: 2f9a4f8c14c3c6cef30bcdfed638486c6b957068b1e2380cbde1719c9bf8b53bcaff35833272a879af5b031e3ea0a32cc16f78cc7e4d7399037de89132311c5b
2019-03-08 09:12:03 -05:00
Wladimir J. van der Laan
32da92bdf6 gitian: Improve error handling 2019-03-07 17:21:46 +01:00
MarcoFalke
fa58a2e335
contrib: Bump gitian descriptors for 0.19 2019-03-04 14:44:23 -05:00
MarcoFalke
fab5a1e0f4
build: Require python 3.5 2019-03-02 10:40:23 -05:00
fanquake
263b3777e7
gitian: bump descriptors for (0.)18 2018-08-13 21:44:22 +08:00
MarcoFalke
e8ffec69f7
Merge #13732: Depends: Fix Qt's rcc determinism
6b5506a286 Fix Qt's rcc determinism for depends/gitian (Fuzzbawls)

Pull request description:

  With the update to Qt 5.9 having been merged, Qt's `rcc` tool now embeds a file's last modified time in it's output. Since the build system generates temporary files for all locale translations (`*.qm` files) at build time, the resulting `qrc_bitcoin_locale.cpp` file was always being generated in a non-deterministic way.

  This is a backport of https://bugreports.qt.io/browse/QTBUG-62511, which is included in Qt versions 5.11+, that allows for an environment variable (`QT_RCC_SOURCE_DATE_OVERRIDE`) to override the behavior described above. This environment variable is in turn set in the gitian descriptors, as that is where determinism is vital for release purposes.

  Prior to this, the `qt_libbitcoinqt_a-qrc_bitcoin_locale.o` object file (included into `libbitcoinqt.a`) was returning a different `sha256sum` for each and every build, regardless of file contents change, thus breaking determinism in the resulting binaries.

  This should fix #13731

Tree-SHA512: 174017e41f9afc3950ef54a9419de81577ec900db9aec3c78ccd3d879c6aecaaeb944fde0615b933f43e6ca9d7898a27ec071cdd0b91cb772755a3012de96725
2018-07-29 08:06:45 -04:00
Fuzzbawls
6b5506a286
Fix Qt's rcc determinism for depends/gitian
Backport of https://bugreports.qt.io/browse/QTBUG-62511 to resolve
locale determinism during the build process.
2018-07-25 13:53:53 -07:00
fanquake
26b15df99d
depends: set OSX_MIN_VERSION to 10.10 2018-07-25 07:30:27 +08:00
Chun Kuan Lee
c1afe3232f Change gitian-descriptors to use bionic instead 2018-07-16 10:42:32 +00:00
DesWurstes
000000035b Obsolete #!/bin/bash shebang 2018-06-20 11:12:41 +03:00
Cory Fields
d7f438a026 gitian: bump descriptors for (0.)17 2018-02-15 17:29:39 -05:00
Cory Fields
4452829b10 gitian: quick hack to fix version string in releases
Release version strings were broken in Gitian by 7522. This is a minimal fix
suitable for 0.15.

After this, we should fix up version handling for good so that gitian packages
the correct string in the release tarball, so that git is not required to get
the tag name.
2017-08-20 00:31:05 -04:00
Wladimir J. van der Laan
140de14a12
gitian: bump descriptors for master
Tree-SHA512: dc56ab285ea3fd293794341d7e2f8452730d3efb59f793112d4e1b036a051f9d221a7e577a460b426ecfb1578558203fa6a432efc62e6cabc534059719a2b437
2017-08-14 17:38:10 +02:00
Wladimir J. van der Laan
d25449f858
Merge #7522: Bugfix: Only use git for build info if the repository is actually the right one
ed1fcdc Bugfix: Detect genbuild.sh in repo correctly (Luke Dashjr)
e98e3dd Bugfix: Only use git for build info if the repository is actually the right one (Luke Dashjr)

Tree-SHA512: 510d7ec8cfeff4e8e0c7ac53631eb32c7acaada7017e7f8cc2e6f60d86afe1cd131870582e01022f961c85a783a130bcb8fef971f8b110070c9c02afda020726
2017-05-17 11:07:01 +02:00
Cory Fields
8e5cca027f gitian: bump descriptors for master
This was skipped for the 0.14 cycle.
2017-02-17 16:11:43 -05:00
Luke Dashjr
df634908ba Merge tag 'branch-0.13' into bugfix_gitdir 2016-08-09 05:45:50 +00:00
Jonas Schnelli
6194d9a501
Fix bitcoin_qt.m4 and fix-xcb-include-order.patch 2016-06-17 15:56:05 +02:00
MarcoFalke
fa61756842 [gitian] set correct PATH for wrappers 2016-06-12 14:22:07 +02:00
Wladimir J. van der Laan
fd9881ae67
Merge #7283: [gitian] Default reference_datetime to commit author date
fa42a67 [gitian] hardcode datetime for depends (MarcoFalke)
fa58c76 [gitian] Default reference_datetime to commit author date (MarcoFalke)
2016-06-09 11:14:20 +02:00
Cory Fields
ad38204e6e gitian: use CONFIG_SITE rather than hijacking the prefix 2016-06-07 22:11:43 -04:00
MarcoFalke
fa42a675c0 [gitian] hardcode datetime for depends 2016-04-10 22:58:16 +02:00
Wladimir J. van der Laan
f063863d1f build: Remove unnecessary executables from gitian release
This removes the following executables from the binary gitian release:

- test_bitcoin-qt[.exe]
- bench_bitcoin[.exe]

@jonasschnelli and me discussed this on IRC a few days ago - unlike the
normal `bitcoin_tests` which is useful to see if it is safe to run
bitcoin on a certain OS/environment combination, there is no good reason
to include these. Better to leave them out to reduce the download
size.

Sizes from the 0.12 release:
```
2.4M bitcoin-0.12.0/bin/bench_bitcoin.exe
 22M bitcoin-0.12.0/bin/test_bitcoin-qt.exe
```
2016-04-03 15:11:44 +02:00
MarcoFalke
fa58c76b9f [gitian] Default reference_datetime to commit author date 2016-03-01 19:47:27 +01:00
Luke Dashjr
e5daa2e2ae Merge branch 'master' into depends_curl 2016-02-27 06:11:37 +00:00
Luke Dashjr
5c70a6d6d1 Bugfix: gitian: Add curl to packages (now needed for depends) 2016-02-27 06:09:18 +00:00
Luke Dashjr
e98e3dde6a Bugfix: Only use git for build info if the repository is actually the right one
Also adds ability to disable check with BITCOIN_GENBUILD_NO_GIT=1 in the environment
2016-02-12 05:38:01 +00:00
Luke Dashjr
a68bb9f5e7 Merge branch 'master' into single_prodname 2016-02-03 05:41:13 +00:00
Wladimir J. van der Laan
3b468a0e60 gitian: Need ca-certificates and python for LXC builds 2016-01-18 10:59:14 +01:00
Wladimir J. van der Laan
eb2b74526a
Merge pull request #7251
fa09562 [gitian] Set reference date to something more recent (MarcoFalke)
2016-01-04 09:29:58 +01:00
MarcoFalke
fa095622c2 [gitian] Set reference date to something more recent 2016-01-02 18:11:49 +01:00
Luke Dashjr
4d5a3df9d4 Bugfix: gitian-descriptors: Add missing python-setuptools requirement for OS X (biplist module) 2015-12-22 13:27:26 +00:00
Luke Dashjr
c39a6fffd7 Travis & gitian-osx: Use depends for ds_store and mac_alias modules 2015-12-22 04:37:47 +00:00