mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-25 18:53:23 -03:00
ceae0eb7e3
4e569c8bd8guix: remove explicit glibc stack protector disabling (fanquake) Pull request description: While glibc 2.25 and newer *can* be built with stack-smashing-protection enabled, it isn't used by default, and still isn't, as of glibc 2.35, so I can't see a reason to explicitly disable it. I'd also like to move in the direction of enabling, by default, hardening options for the toolchains we build, so removing the explicit disabling is a step in that direction. Will be following up with some changes based on this change. Guix Build (x86_64): ```bash 954b393f5c775919e32b725a45aa93af8a5e75ead348f904304c0367583b41ff guix-build-4e569c8bd85e/output/aarch64-linux-gnu/SHA256SUMS.part 0ff27062ba2ac4c11a966de2d9aea070f54ab5c255068dd992b19fcb33661ffd guix-build-4e569c8bd85e/output/aarch64-linux-gnu/bitcoin-4e569c8bd85e-aarch64-linux-gnu-debug.tar.gz bf48baf97e21467ce439f6e733cf3a20732adee01bb1d98aa9519c2ec54b5f41 guix-build-4e569c8bd85e/output/aarch64-linux-gnu/bitcoin-4e569c8bd85e-aarch64-linux-gnu.tar.gz 041eac2a2e045e2283cc78361adcc2232c5eecc9ad465624499225a4ad44f5fe guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/SHA256SUMS.part 7a3bbca762f6c3c4fd851fbf74a2f00c21d98c211de5baa06d0ba2fc59505694 guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf-debug.tar.gz 89e0260075472d10d02de7e3bb382d87f9ffb3d548f533aab0ba7e39f4c796df guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf.tar.gz 96f893eefaa9fb5af41f46eece3831a3956a5a9ab1f825e4c17c5675bd020bbe guix-build-4e569c8bd85e/output/arm64-apple-darwin/SHA256SUMS.part 65865e481d33e1023adef769ca9a38ca8cdf03e8476a61f1724bb1ab0bc54750 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.dmg 38da0510c34d9c2bff98da60c873593c6a85bc6f73025990daaa8d5b022819c0 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.tar.gz a1b5ccda7780df15fda2131d260542e57601fed2c18092edaa3094c23eafd99d guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin.tar.gz f1e4fb6d96420865ee1cfdc10960d8b0407ae49d367d5df1901510a8a87a69bf guix-build-4e569c8bd85e/output/dist-archive/bitcoin-4e569c8bd85e.tar.gz 5cc5e3193435bdd0aafc1a43e1dfc7582e585a27453e92e3383ceb8ba6c162ad guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/SHA256SUMS.part 56bfeecb15b0c59dcccb31d1d5df978e7bb9c60bc0661638af7b263958cb8d4d guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu-debug.tar.gz 46e61a752ba3ac1e553c82f4615854c27b38b9c2e5abd318840d3d5383e1384d guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu.tar.gz 52ea9adf7b3a88fa88e89b53852d1d7917af959bee0b67c218959b1123f67c57 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/SHA256SUMS.part 2a1a65bd55cc9c83ccbb296e7fe41d5b313466cf8d70ef8aec81aa47e346e422 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu-debug.tar.gz b8dbcf97a83a1dd53d23eeafa714e3a3cb8d0b087c060978137e47fdab2b261f guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu.tar.gz 87e3823e246e139ad14c4d44c8e2ed5e1bebea1a02d3931e66232505a1b35463 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/SHA256SUMS.part 1307b92c608b1001628fda1792fbcb61183286cff707be930bcb1d887f5a4b02 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu-debug.tar.gz 0f660a9165a26f627be913e6bf1bb81cbabebee742031d0a75131a7e380e6c8a guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu.tar.gz d530151878bdf70c0913a12ba1aa49dad9ba62ac9edd70cda3982fd0fe327e93 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/SHA256SUMS.part dc3a9ee571854066ea03d60c1f2b8012fdff12ea1e74ab4ce02b1effc6689436 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.dmg 94c0522390e5650d91d63c6afa5bce895a60c17c1365e0d87a898c2868093dc9 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.tar.gz 364d72282e8824d5dffe184fc10bdcbc9cdf96e8c0ac379b8392e1e1992e3307 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin.tar.gz 0d3ce4cbf3444fc9a3c488f12ef7b73d07b85bcf3d4d9500b689d44506a79818 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/SHA256SUMS.part f584d494db5594ae2bc06e09f8e68c11e446bc82cb8a1dfa6afee5d3a079b5af guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu-debug.tar.gz ea0e9316dd25ebee9023f3c65cb99fe846de6fe56152d4926005f9da500a502c guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu.tar.gz a41966b6d13aa1e702cc357bbedfd51bcb431caa39bb904efd9611e3a945bf1c guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/SHA256SUMS.part 5f150613204341d91a4b755c74120e233567187ba4f9151a12e39e5304efb3a1 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-debug.zip 6a94dc9c5dcb2a4448a37573baab50f405e08af0d5a4de8a8046cba5445153e4 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-setup-unsigned.exe 31fe85ba31ed84ebbbc4cc42f593e1de1811c1ecc9a0a094d05b0914bd151174 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-unsigned.tar.gz 0a6d590c26a47c51192e4003ad97ecd6b7ad91c8f8612ea310fb324bce5dc15a guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64.zip ``` Guix Build (arm64): ```bash 2ce621cb469772c318a29b21bc4dd546353130a688a5ecb66373256c7be2c37a guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/SHA256SUMS.part 13abe55069581ca711529d058a8e5de732c6630a94b7e912e9c31f606241c264 guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf-debug.tar.gz 7a60cd7d9aee30bc8e08cf9d52bd032f82e48214c81130e2f61ca3da71c01477 guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf.tar.gz d614a4acfed70f61814a5c26bf51594e0cc666fc3dadc3df805e5cc608835550 guix-build-4e569c8bd85e/output/arm64-apple-darwin/SHA256SUMS.part c9d5705b947c461ade878d7a0110ae5b34b384991f5bf6e86db0b79f421d4f81 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.dmg c1897d204e75b9ef8a58fb3f2c85d9c306b05dbd6c8f74a2b4ccfbd85aed5574 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.tar.gz 1c9e188d76c18785d4500c1c7ab0e049cf35c878803266580913e8cc4bd01bf6 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin.tar.gz f1e4fb6d96420865ee1cfdc10960d8b0407ae49d367d5df1901510a8a87a69bf guix-build-4e569c8bd85e/output/dist-archive/bitcoin-4e569c8bd85e.tar.gz f3e7d6b6aca3ca4f150e0e91e9532f4eb21c4f60ab1c21b6ecfaa9c862f9f8a8 guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/SHA256SUMS.part 48e630949976ee298bccf01cfbbb7fea29c9bd0bc658cf0564d4a3e1997556e8 guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu-debug.tar.gz 9e30c4987f3657ba6499a78c5c578e430c55f71991fc9ad6f3ecf4847ed1814e guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu.tar.gz 128ce9194e377b013baceafc4ddba0f70c239e36057c9dc0a9213caa34c5064f guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/SHA256SUMS.part 8e4a41c07e9427de4054069c3af668157372cc6cd86d758c0b35b7ed906e5365 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu-debug.tar.gz da6924709b35f7fbaf9b7b772e0f14be5b583e9453b0cae58b6a5b1e159580c7 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu.tar.gz 2415604bf3651ea18dcbb4ec5bf73372bdc19c80aa316b864de20c8a5df4bf34 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/SHA256SUMS.part 8f6ee4b69fb33b40ad505c091684258ded340ab9936b554f8fa4e499d4da1155 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu-debug.tar.gz 0a941d44532287288a9859c35fdaa940c940c1e8f4a17b7994e3796c9a668d57 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu.tar.gz d530151878bdf70c0913a12ba1aa49dad9ba62ac9edd70cda3982fd0fe327e93 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/SHA256SUMS.part dc3a9ee571854066ea03d60c1f2b8012fdff12ea1e74ab4ce02b1effc6689436 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.dmg 94c0522390e5650d91d63c6afa5bce895a60c17c1365e0d87a898c2868093dc9 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.tar.gz 364d72282e8824d5dffe184fc10bdcbc9cdf96e8c0ac379b8392e1e1992e3307 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin.tar.gz 047d3eae54136b7f5fb20487fb2c57455dda6bb88594065b71843400fbc41824 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/SHA256SUMS.part 8bfb97bcab8d5e0a86a2a8d20be5215d8bb615a8b6c3ad69e1db5028caf2dd29 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu-debug.tar.gz 4962550d7d113e8544a33e2ffa5a0e77e172984c17bfa461a631bf08dc7cc545 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu.tar.gz 5ad1661c475308c6df102aee51261e36583fe0f5f73713d7f19384b63755a3c5 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/SHA256SUMS.part 62cf3e15e638f48bd0931a847ba5e5636422fb6bd00da41251c1f636d39c5822 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-debug.zip 6a94dc9c5dcb2a4448a37573baab50f405e08af0d5a4de8a8046cba5445153e4 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-setup-unsigned.exe 31fe85ba31ed84ebbbc4cc42f593e1de1811c1ecc9a0a094d05b0914bd151174 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-unsigned.tar.gz a3c7db0ca4b557810b5e5f1ec14cecaf47b5bf51631798d8675243bb6ecedf8f guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64.zip ``` ACKs for top commit: laanwj: Code review ACK4e569c8bd8Tree-SHA512: 7f75c304ec67d824ce17be1acb0d67c3946cc346444abcac0a13762365566d101aa784f92dd28ef15b664f1a5f64ae1f60ca91b2538de7ea08a7684bf33cda0d
612 lines
24 KiB
Scheme
612 lines
24 KiB
Scheme
(use-modules (gnu)
|
|
(gnu packages)
|
|
(gnu packages autotools)
|
|
(gnu packages base)
|
|
(gnu packages bash)
|
|
(gnu packages bison)
|
|
(gnu packages certs)
|
|
(gnu packages cdrom)
|
|
(gnu packages check)
|
|
(gnu packages cmake)
|
|
(gnu packages commencement)
|
|
(gnu packages compression)
|
|
(gnu packages cross-base)
|
|
(gnu packages curl)
|
|
(gnu packages file)
|
|
(gnu packages gawk)
|
|
(gnu packages gcc)
|
|
(gnu packages gnome)
|
|
(gnu packages installers)
|
|
(gnu packages linux)
|
|
(gnu packages llvm)
|
|
(gnu packages mingw)
|
|
(gnu packages moreutils)
|
|
(gnu packages perl)
|
|
(gnu packages pkg-config)
|
|
(gnu packages python)
|
|
(gnu packages python-crypto)
|
|
(gnu packages python-web)
|
|
(gnu packages shells)
|
|
(gnu packages tls)
|
|
(gnu packages version-control)
|
|
(guix build-system gnu)
|
|
(guix build-system python)
|
|
(guix build-system trivial)
|
|
(guix download)
|
|
(guix gexp)
|
|
(guix git-download)
|
|
((guix licenses) #:prefix license:)
|
|
(guix packages)
|
|
(guix profiles)
|
|
(guix utils))
|
|
|
|
(define-syntax-rule (search-our-patches file-name ...)
|
|
"Return the list of absolute file names corresponding to each
|
|
FILE-NAME found in ./patches relative to the current file."
|
|
(parameterize
|
|
((%patch-path (list (string-append (dirname (current-filename)) "/patches"))))
|
|
(list (search-patch file-name) ...)))
|
|
|
|
(define (make-ssp-fixed-gcc xgcc)
|
|
"Given a XGCC package, return a modified package that uses the SSP function
|
|
from glibc instead of from libssp.so. Our `symbol-check' script will complain if
|
|
we link against libssp.so, and thus will ensure that this works properly.
|
|
|
|
Taken from:
|
|
http://www.linuxfromscratch.org/hlfs/view/development/chapter05/gcc-pass1.html"
|
|
(package
|
|
(inherit xgcc)
|
|
(arguments
|
|
(substitute-keyword-arguments (package-arguments xgcc)
|
|
((#:make-flags flags)
|
|
`(cons "gcc_cv_libc_provides_ssp=yes" ,flags))))))
|
|
|
|
(define (make-gcc-rpath-link xgcc)
|
|
"Given a XGCC package, return a modified package that replace each instance of
|
|
-rpath in the default system spec that's inserted by Guix with -rpath-link"
|
|
(package
|
|
(inherit xgcc)
|
|
(arguments
|
|
(substitute-keyword-arguments (package-arguments xgcc)
|
|
((#:phases phases)
|
|
`(modify-phases ,phases
|
|
(add-after 'pre-configure 'replace-rpath-with-rpath-link
|
|
(lambda _
|
|
(substitute* (cons "gcc/config/rs6000/sysv4.h"
|
|
(find-files "gcc/config"
|
|
"^gnu-user.*\\.h$"))
|
|
(("-rpath=") "-rpath-link="))
|
|
#t))))))))
|
|
|
|
(define (make-cross-toolchain target
|
|
base-gcc-for-libc
|
|
base-kernel-headers
|
|
base-libc
|
|
base-gcc)
|
|
"Create a cross-compilation toolchain package for TARGET"
|
|
(let* ((xbinutils (cross-binutils target))
|
|
;; 1. Build a cross-compiling gcc without targeting any libc, derived
|
|
;; from BASE-GCC-FOR-LIBC
|
|
(xgcc-sans-libc (cross-gcc target
|
|
#:xgcc base-gcc-for-libc
|
|
#:xbinutils xbinutils))
|
|
;; 2. Build cross-compiled kernel headers with XGCC-SANS-LIBC, derived
|
|
;; from BASE-KERNEL-HEADERS
|
|
(xkernel (cross-kernel-headers target
|
|
base-kernel-headers
|
|
xgcc-sans-libc
|
|
xbinutils))
|
|
;; 3. Build a cross-compiled libc with XGCC-SANS-LIBC and XKERNEL,
|
|
;; derived from BASE-LIBC
|
|
(xlibc (cross-libc target
|
|
base-libc
|
|
xgcc-sans-libc
|
|
xbinutils
|
|
xkernel))
|
|
;; 4. Build a cross-compiling gcc targeting XLIBC, derived from
|
|
;; BASE-GCC
|
|
(xgcc (cross-gcc target
|
|
#:xgcc base-gcc
|
|
#:xbinutils xbinutils
|
|
#:libc xlibc)))
|
|
;; Define a meta-package that propagates the resulting XBINUTILS, XLIBC, and
|
|
;; XGCC
|
|
(package
|
|
(name (string-append target "-toolchain"))
|
|
(version (package-version xgcc))
|
|
(source #f)
|
|
(build-system trivial-build-system)
|
|
(arguments '(#:builder (begin (mkdir %output) #t)))
|
|
(propagated-inputs
|
|
`(("binutils" ,xbinutils)
|
|
("libc" ,xlibc)
|
|
("libc:static" ,xlibc "static")
|
|
("gcc" ,xgcc)
|
|
("gcc-lib" ,xgcc "lib")))
|
|
(synopsis (string-append "Complete GCC tool chain for " target))
|
|
(description (string-append "This package provides a complete GCC tool
|
|
chain for " target " development."))
|
|
(home-page (package-home-page xgcc))
|
|
(license (package-license xgcc)))))
|
|
|
|
(define base-gcc gcc-10)
|
|
(define base-linux-kernel-headers linux-libre-headers-5.15)
|
|
|
|
(define* (make-bitcoin-cross-toolchain target
|
|
#:key
|
|
(base-gcc-for-libc base-gcc)
|
|
(base-kernel-headers base-linux-kernel-headers)
|
|
(base-libc (make-glibc-without-werror glibc-2.24))
|
|
(base-gcc (make-gcc-rpath-link base-gcc)))
|
|
"Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values
|
|
desirable for building Bitcoin Core release binaries."
|
|
(make-cross-toolchain target
|
|
base-gcc-for-libc
|
|
base-kernel-headers
|
|
base-libc
|
|
base-gcc))
|
|
|
|
(define (make-gcc-with-pthreads gcc)
|
|
(package-with-extra-configure-variable gcc "--enable-threads" "posix"))
|
|
|
|
(define (make-mingw-w64-cross-gcc cross-gcc)
|
|
(package-with-extra-patches cross-gcc
|
|
(search-our-patches "vmov-alignment.patch"
|
|
"gcc-broken-longjmp.patch")))
|
|
|
|
(define (make-mingw-pthreads-cross-toolchain target)
|
|
"Create a cross-compilation toolchain package for TARGET"
|
|
(let* ((xbinutils (cross-binutils target))
|
|
(pthreads-xlibc mingw-w64-x86_64-winpthreads)
|
|
(pthreads-xgcc (make-gcc-with-pthreads
|
|
(cross-gcc target
|
|
#:xgcc (make-ssp-fixed-gcc (make-mingw-w64-cross-gcc base-gcc))
|
|
#:xbinutils xbinutils
|
|
#:libc pthreads-xlibc))))
|
|
;; Define a meta-package that propagates the resulting XBINUTILS, XLIBC, and
|
|
;; XGCC
|
|
(package
|
|
(name (string-append target "-posix-toolchain"))
|
|
(version (package-version pthreads-xgcc))
|
|
(source #f)
|
|
(build-system trivial-build-system)
|
|
(arguments '(#:builder (begin (mkdir %output) #t)))
|
|
(propagated-inputs
|
|
`(("binutils" ,xbinutils)
|
|
("libc" ,pthreads-xlibc)
|
|
("gcc" ,pthreads-xgcc)
|
|
("gcc-lib" ,pthreads-xgcc "lib")))
|
|
(synopsis (string-append "Complete GCC tool chain for " target))
|
|
(description (string-append "This package provides a complete GCC tool
|
|
chain for " target " development."))
|
|
(home-page (package-home-page pthreads-xgcc))
|
|
(license (package-license pthreads-xgcc)))))
|
|
|
|
(define (make-nsis-for-gcc-10 base-nsis)
|
|
(package-with-extra-patches base-nsis
|
|
(search-our-patches "nsis-gcc-10-memmove.patch")))
|
|
|
|
(define (fix-ppc64-nx-default lief)
|
|
(package-with-extra-patches lief
|
|
(search-our-patches "lief-fix-ppc64-nx-default.patch")))
|
|
|
|
(define-public lief
|
|
(package
|
|
(name "python-lief")
|
|
(version "0.12.1")
|
|
(source
|
|
(origin
|
|
(method git-fetch)
|
|
(uri (git-reference
|
|
(url "https://github.com/lief-project/LIEF.git")
|
|
(commit version)))
|
|
(file-name (git-file-name name version))
|
|
(sha256
|
|
(base32
|
|
"1xzbh3bxy4rw1yamnx68da1v5s56ay4g081cyamv67256g0qy2i1"))))
|
|
(build-system python-build-system)
|
|
(arguments
|
|
`(#:phases
|
|
(modify-phases %standard-phases
|
|
(add-after 'unpack 'parallel-jobs
|
|
;; build with multiple cores
|
|
(lambda _
|
|
(substitute* "setup.py" (("self.parallel if self.parallel else 1") (number->string (parallel-job-count)))))))))
|
|
(native-inputs
|
|
`(("cmake" ,cmake)))
|
|
(home-page "https://github.com/lief-project/LIEF")
|
|
(synopsis "Library to Instrument Executable Formats")
|
|
(description "Python library to to provide a cross platform library which can
|
|
parse, modify and abstract ELF, PE and MachO formats.")
|
|
(license license:asl2.0)))
|
|
|
|
(define osslsigncode
|
|
(package
|
|
(name "osslsigncode")
|
|
(version "2.0")
|
|
(source (origin
|
|
(method url-fetch)
|
|
(uri (string-append "https://github.com/mtrojnar/"
|
|
name "/archive/" version ".tar.gz"))
|
|
(sha256
|
|
(base32
|
|
"0byri6xny770wwb2nciq44j5071122l14bvv65axdd70nfjf0q2s"))))
|
|
(build-system gnu-build-system)
|
|
(native-inputs
|
|
`(("pkg-config" ,pkg-config)
|
|
("autoconf" ,autoconf)
|
|
("automake" ,automake)
|
|
("libtool" ,libtool)))
|
|
(inputs
|
|
`(("openssl" ,openssl)))
|
|
(arguments
|
|
`(#:configure-flags
|
|
`("--without-gsf"
|
|
"--without-curl"
|
|
"--disable-dependency-tracking")))
|
|
(home-page "https://github.com/mtrojnar/osslsigncode")
|
|
(synopsis "Authenticode signing and timestamping tool")
|
|
(description "osslsigncode is a small tool that implements part of the
|
|
functionality of the Microsoft tool signtool.exe - more exactly the Authenticode
|
|
signing and timestamping. But osslsigncode is based on OpenSSL and cURL, and
|
|
thus should be able to compile on most platforms where these exist.")
|
|
(license license:gpl3+))) ; license is with openssl exception
|
|
|
|
(define-public python-elfesteem
|
|
(let ((commit "87bbd79ab7e361004c98cc8601d4e5f029fd8bd5"))
|
|
(package
|
|
(name "python-elfesteem")
|
|
(version (git-version "0.1" "1" commit))
|
|
(source
|
|
(origin
|
|
(method git-fetch)
|
|
(uri (git-reference
|
|
(url "https://github.com/LRGH/elfesteem")
|
|
(commit commit)))
|
|
(file-name (git-file-name name commit))
|
|
(sha256
|
|
(base32
|
|
"1nyvjisvyxyxnd0023xjf5846xd03lwawp5pfzr8vrky7wwm5maz"))
|
|
(patches (search-our-patches "elfsteem-value-error-python-39.patch"))))
|
|
(build-system python-build-system)
|
|
;; There are no tests, but attempting to run python setup.py test leads to
|
|
;; PYTHONPATH problems, just disable the test
|
|
(arguments '(#:tests? #f))
|
|
(home-page "https://github.com/LRGH/elfesteem")
|
|
(synopsis "ELF/PE/Mach-O parsing library")
|
|
(description "elfesteem parses ELF, PE and Mach-O files.")
|
|
(license license:lgpl2.1))))
|
|
|
|
(define-public python-oscrypto
|
|
(package
|
|
(name "python-oscrypto")
|
|
(version "1.2.1")
|
|
(source
|
|
(origin
|
|
(method git-fetch)
|
|
(uri (git-reference
|
|
(url "https://github.com/wbond/oscrypto")
|
|
(commit version)))
|
|
(file-name (git-file-name name version))
|
|
(sha256
|
|
(base32
|
|
"1d4d8s4z340qhvb3g5m5v3436y3a71yc26wk4749q64m09kxqc3l"))
|
|
(patches (search-our-patches "oscrypto-hard-code-openssl.patch"))))
|
|
(build-system python-build-system)
|
|
(native-search-paths
|
|
(list (search-path-specification
|
|
(variable "SSL_CERT_FILE")
|
|
(file-type 'regular)
|
|
(separator #f) ;single entry
|
|
(files '("etc/ssl/certs/ca-certificates.crt")))))
|
|
|
|
(propagated-inputs
|
|
`(("python-asn1crypto" ,python-asn1crypto)
|
|
("openssl" ,openssl)))
|
|
(arguments
|
|
`(#:phases
|
|
(modify-phases %standard-phases
|
|
(add-after 'unpack 'hard-code-path-to-libscrypt
|
|
(lambda* (#:key inputs #:allow-other-keys)
|
|
(let ((openssl (assoc-ref inputs "openssl")))
|
|
(substitute* "oscrypto/__init__.py"
|
|
(("@GUIX_OSCRYPTO_USE_OPENSSL@")
|
|
(string-append openssl "/lib/libcrypto.so" "," openssl "/lib/libssl.so")))
|
|
#t)))
|
|
(add-after 'unpack 'disable-broken-tests
|
|
(lambda _
|
|
;; This test is broken as there is no keyboard interrupt.
|
|
(substitute* "tests/test_trust_list.py"
|
|
(("^(.*)class TrustListTests" line indent)
|
|
(string-append indent
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
line)))
|
|
(substitute* "tests/test_tls.py"
|
|
(("^(.*)class TLSTests" line indent)
|
|
(string-append indent
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
line)))
|
|
#t))
|
|
(replace 'check
|
|
(lambda _
|
|
(invoke "python" "run.py" "tests")
|
|
#t)))))
|
|
(home-page "https://github.com/wbond/oscrypto")
|
|
(synopsis "Compiler-free Python crypto library backed by the OS")
|
|
(description "oscrypto is a compilation-free, always up-to-date encryption library for Python.")
|
|
(license license:expat)))
|
|
|
|
(define-public python-oscryptotests
|
|
(package (inherit python-oscrypto)
|
|
(name "python-oscryptotests")
|
|
(propagated-inputs
|
|
`(("python-oscrypto" ,python-oscrypto)))
|
|
(arguments
|
|
`(#:tests? #f
|
|
#:phases
|
|
(modify-phases %standard-phases
|
|
(add-after 'unpack 'hard-code-path-to-libscrypt
|
|
(lambda* (#:key inputs #:allow-other-keys)
|
|
(chdir "tests")
|
|
#t)))))))
|
|
|
|
(define-public python-certvalidator
|
|
(let ((commit "a145bf25eb75a9f014b3e7678826132efbba6213"))
|
|
(package
|
|
(name "python-certvalidator")
|
|
(version (git-version "0.1" "1" commit))
|
|
(source
|
|
(origin
|
|
(method git-fetch)
|
|
(uri (git-reference
|
|
(url "https://github.com/achow101/certvalidator")
|
|
(commit commit)))
|
|
(file-name (git-file-name name commit))
|
|
(sha256
|
|
(base32
|
|
"1qw2k7xis53179lpqdqyylbcmp76lj7sagp883wmxg5i7chhc96k"))))
|
|
(build-system python-build-system)
|
|
(propagated-inputs
|
|
`(("python-asn1crypto" ,python-asn1crypto)
|
|
("python-oscrypto" ,python-oscrypto)
|
|
("python-oscryptotests", python-oscryptotests))) ;; certvalidator tests import oscryptotests
|
|
(arguments
|
|
`(#:phases
|
|
(modify-phases %standard-phases
|
|
(add-after 'unpack 'disable-broken-tests
|
|
(lambda _
|
|
(substitute* "tests/test_certificate_validator.py"
|
|
(("^(.*)class CertificateValidatorTests" line indent)
|
|
(string-append indent
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
line)))
|
|
(substitute* "tests/test_crl_client.py"
|
|
(("^(.*)def test_fetch_crl" line indent)
|
|
(string-append indent
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
line)))
|
|
(substitute* "tests/test_ocsp_client.py"
|
|
(("^(.*)def test_fetch_ocsp" line indent)
|
|
(string-append indent
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
line)))
|
|
(substitute* "tests/test_registry.py"
|
|
(("^(.*)def test_build_paths" line indent)
|
|
(string-append indent
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
line)))
|
|
(substitute* "tests/test_validate.py"
|
|
(("^(.*)def test_revocation_mode_hard" line indent)
|
|
(string-append indent
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
line)))
|
|
#t))
|
|
(replace 'check
|
|
(lambda _
|
|
(invoke "python" "run.py" "tests")
|
|
#t)))))
|
|
(home-page "https://github.com/wbond/certvalidator")
|
|
(synopsis "Python library for validating X.509 certificates and paths")
|
|
(description "certvalidator is a Python library for validating X.509
|
|
certificates or paths. Supports various options, including: validation at a
|
|
specific moment in time, whitelisting and revocation checks.")
|
|
(license license:expat))))
|
|
|
|
(define-public python-altgraph
|
|
(package
|
|
(name "python-altgraph")
|
|
(version "0.17")
|
|
(source
|
|
(origin
|
|
(method git-fetch)
|
|
(uri (git-reference
|
|
(url "https://github.com/ronaldoussoren/altgraph")
|
|
(commit (string-append "v" version))))
|
|
(file-name (git-file-name name version))
|
|
(sha256
|
|
(base32
|
|
"09sm4srvvkw458pn48ga9q7ykr4xlz7q8gh1h9w7nxpf001qgpwb"))))
|
|
(build-system python-build-system)
|
|
(home-page "https://github.com/ronaldoussoren/altgraph")
|
|
(synopsis "Python graph (network) package")
|
|
(description "altgraph is a fork of graphlib: a graph (network) package for
|
|
constructing graphs, BFS and DFS traversals, topological sort, shortest paths,
|
|
etc. with graphviz output.")
|
|
(license license:expat)))
|
|
|
|
|
|
(define-public python-macholib
|
|
(package
|
|
(name "python-macholib")
|
|
(version "1.14")
|
|
(source
|
|
(origin
|
|
(method git-fetch)
|
|
(uri (git-reference
|
|
(url "https://github.com/ronaldoussoren/macholib")
|
|
(commit (string-append "v" version))))
|
|
(file-name (git-file-name name version))
|
|
(sha256
|
|
(base32
|
|
"0aislnnfsza9wl4f0vp45ivzlc0pzhp9d4r08700slrypn5flg42"))))
|
|
(build-system python-build-system)
|
|
(propagated-inputs
|
|
`(("python-altgraph" ,python-altgraph)))
|
|
(arguments
|
|
'(#:phases
|
|
(modify-phases %standard-phases
|
|
(add-after 'unpack 'disable-broken-tests
|
|
(lambda _
|
|
;; This test is broken as there is no keyboard interrupt.
|
|
(substitute* "macholib_tests/test_command_line.py"
|
|
(("^(.*)class TestCmdLine" line indent)
|
|
(string-append indent
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
line)))
|
|
(substitute* "macholib_tests/test_dyld.py"
|
|
(("^(.*)def test_\\S+_find" line indent)
|
|
(string-append indent
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
line))
|
|
(("^(.*)def testBasic" line indent)
|
|
(string-append indent
|
|
"@unittest.skip(\"Disabled by Guix\")\n"
|
|
line))
|
|
)
|
|
#t)))))
|
|
(home-page "https://github.com/ronaldoussoren/macholib")
|
|
(synopsis "Python library for analyzing and editing Mach-O headers")
|
|
(description "macholib is a Macho-O header analyzer and editor. It's
|
|
typically used as a dependency analysis tool, and also to rewrite dylib
|
|
references in Mach-O headers to be @executable_path relative. Though this tool
|
|
targets a platform specific file format, it is pure python code that is platform
|
|
and endian independent.")
|
|
(license license:expat)))
|
|
|
|
(define-public python-signapple
|
|
(let ((commit "8a945a2e7583be2665cf3a6a89d665b70ecd1ab6"))
|
|
(package
|
|
(name "python-signapple")
|
|
(version (git-version "0.1" "1" commit))
|
|
(source
|
|
(origin
|
|
(method git-fetch)
|
|
(uri (git-reference
|
|
(url "https://github.com/achow101/signapple")
|
|
(commit commit)))
|
|
(file-name (git-file-name name commit))
|
|
(sha256
|
|
(base32
|
|
"0fr1hangvfyiwflca6jg5g8zvg3jc9qr7vd2c12ff89pznf38dlg"))))
|
|
(build-system python-build-system)
|
|
(propagated-inputs
|
|
`(("python-asn1crypto" ,python-asn1crypto)
|
|
("python-oscrypto" ,python-oscrypto)
|
|
("python-certvalidator" ,python-certvalidator)
|
|
("python-elfesteem" ,python-elfesteem)
|
|
("python-requests" ,python-requests)
|
|
("python-macholib" ,python-macholib)))
|
|
;; There are no tests, but attempting to run python setup.py test leads to
|
|
;; problems, just disable the test
|
|
(arguments '(#:tests? #f))
|
|
(home-page "https://github.com/achow101/signapple")
|
|
(synopsis "Mach-O binary signature tool")
|
|
(description "signapple is a Python tool for creating, verifying, and
|
|
inspecting signatures in Mach-O binaries.")
|
|
(license license:expat))))
|
|
|
|
(define (make-glibc-without-werror glibc)
|
|
(package-with-extra-configure-variable glibc "enable_werror" "no"))
|
|
|
|
(define-public glibc-2.24
|
|
(package
|
|
(inherit glibc-2.31)
|
|
(version "2.24")
|
|
(source (origin
|
|
(method git-fetch)
|
|
(uri (git-reference
|
|
(url "https://sourceware.org/git/glibc.git")
|
|
(commit "0d7f1ed30969886c8dde62fbf7d2c79967d4bace")))
|
|
(file-name (git-file-name "glibc" "0d7f1ed30969886c8dde62fbf7d2c79967d4bace"))
|
|
(sha256
|
|
(base32
|
|
"0g5hryia5v1k0qx97qffgwzrz4lr4jw3s5kj04yllhswsxyjbic3"))
|
|
(patches (search-our-patches "glibc-ldd-x86_64.patch"
|
|
"glibc-versioned-locpath.patch"
|
|
"glibc-2.24-elfm-loadaddr-dynamic-rewrite.patch"
|
|
"glibc-2.24-no-build-time-cxx-header-run.patch"
|
|
"glibc-2.24-fcommon.patch"))))))
|
|
|
|
(define-public glibc-2.27/bitcoin-patched
|
|
(package
|
|
(inherit glibc-2.31)
|
|
(version "2.27")
|
|
(source (origin
|
|
(method git-fetch)
|
|
(uri (git-reference
|
|
(url "https://sourceware.org/git/glibc.git")
|
|
(commit "23158b08a0908f381459f273a984c6fd328363cb")))
|
|
(file-name (git-file-name "glibc" "23158b08a0908f381459f273a984c6fd328363cb"))
|
|
(sha256
|
|
(base32
|
|
"1b2n1gxv9f4fd5yy68qjbnarhf8mf4vmlxk10i3328c1w5pmp0ca"))
|
|
(patches (search-our-patches "glibc-ldd-x86_64.patch"
|
|
"glibc-2.27-riscv64-Use-__has_include-to-include-asm-syscalls.h.patch"
|
|
"glibc-2.27-dont-redefine-nss-database.patch"))))))
|
|
|
|
(packages->manifest
|
|
(append
|
|
(list ;; The Basics
|
|
bash
|
|
which
|
|
coreutils
|
|
util-linux
|
|
;; File(system) inspection
|
|
file
|
|
grep
|
|
diffutils
|
|
findutils
|
|
;; File transformation
|
|
patch
|
|
gawk
|
|
sed
|
|
moreutils
|
|
;; Compression and archiving
|
|
tar
|
|
bzip2
|
|
gzip
|
|
xz
|
|
;; Build tools
|
|
gnu-make
|
|
libtool-2.4.7
|
|
autoconf-2.71
|
|
automake
|
|
pkg-config
|
|
bison
|
|
;; Native GCC 10 toolchain
|
|
gcc-toolchain-10
|
|
(list gcc-toolchain-10 "static")
|
|
;; Scripting
|
|
perl
|
|
python-3
|
|
;; Git
|
|
git
|
|
;; Tests
|
|
(fix-ppc64-nx-default lief))
|
|
(let ((target (getenv "HOST")))
|
|
(cond ((string-suffix? "-mingw32" target)
|
|
;; Windows
|
|
(list zip
|
|
(make-mingw-pthreads-cross-toolchain "x86_64-w64-mingw32")
|
|
(make-nsis-for-gcc-10 nsis-x86_64)
|
|
osslsigncode))
|
|
((string-contains target "-linux-")
|
|
(list (cond ((string-contains target "riscv64-")
|
|
(make-bitcoin-cross-toolchain target
|
|
#:base-libc (make-glibc-without-werror glibc-2.27/bitcoin-patched)
|
|
#:base-kernel-headers base-linux-kernel-headers))
|
|
(else
|
|
(make-bitcoin-cross-toolchain target)))))
|
|
((string-contains target "darwin")
|
|
(list clang-toolchain-10 binutils cmake xorriso python-signapple))
|
|
(else '())))))
|