mirrors/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-03-12 10:30:08 +01:00
Code Issues Projects Releases Wiki Activity

guix: build x86_64-linux bitcoind fully statically

Browse source 
-static-pie
Produce a static position independent executable on targets that support it.
A static position independent executable is similar to a static executable,
but can be loaded at any address without a dynamic linker.

See https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html
This commit is contained in:
fanquake 2022-08-23 12:43:33 +01:00
parent 338b1decf4
commit 41720e2e26
No known key found for this signature in database
GPG key ID: 2EEB9F5CC09526C1
4 changed files with 17 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
contrib/devtools/security-check.py
View file

@ -248,7 +248,9 @@ BASE_MACHO = [
CHECKS = { CHECKS = {
lief.EXE_FORMATS.ELF: { lief.EXE_FORMATS.ELF: {
lief.ARCHITECTURES.X86: BASE_ELF + [('CONTROL_FLOW', check_ELF_CONTROL_FLOW), ('FORTIFY', check_ELF_FORTIFY)], # no imported fortified funcs if we are fully static, fortification is still applied
# the check could be changed to include all symbols later
lief.ARCHITECTURES.X86: BASE_ELF + [('CONTROL_FLOW', check_ELF_CONTROL_FLOW)],
lief.ARCHITECTURES.ARM: BASE_ELF + [('FORTIFY', check_ELF_FORTIFY)], lief.ARCHITECTURES.ARM: BASE_ELF + [('FORTIFY', check_ELF_FORTIFY)],
lief.ARCHITECTURES.ARM64: BASE_ELF + [('FORTIFY', check_ELF_FORTIFY)], lief.ARCHITECTURES.ARM64: BASE_ELF + [('FORTIFY', check_ELF_FORTIFY)],
lief.ARCHITECTURES.PPC: BASE_ELF + [('FORTIFY', check_ELF_FORTIFY)], lief.ARCHITECTURES.PPC: BASE_ELF + [('FORTIFY', check_ELF_FORTIFY)],

9
contrib/devtools/symbol-check.py
View file

@ -34,7 +34,7 @@ import lief
MAX_VERSIONS = { MAX_VERSIONS = {
'GCC': (4,3,0), 'GCC': (4,3,0),
'GLIBC': { 'GLIBC': {
lief.ELF.ARCH.x86_64: (2,31), lief.ELF.ARCH.x86_64: (0,0),
lief.ELF.ARCH.ARM: (2,31), lief.ELF.ARCH.ARM: (2,31),
lief.ELF.ARCH.AARCH64:(2,31), lief.ELF.ARCH.AARCH64:(2,31),
lief.ELF.ARCH.PPC64: (2,31), lief.ELF.ARCH.PPC64: (2,31),
@ -54,7 +54,7 @@ IGNORE_EXPORTS = {
# https://sourceware.org/glibc/wiki/ABIList?action=recall&rev=16 # https://sourceware.org/glibc/wiki/ABIList?action=recall&rev=16
ELF_INTERPRETER_NAMES: dict[lief.ELF.ARCH, dict[lief.ENDIANNESS, str]] = { ELF_INTERPRETER_NAMES: dict[lief.ELF.ARCH, dict[lief.ENDIANNESS, str]] = {
lief.ELF.ARCH.x86_64: { lief.ELF.ARCH.x86_64: {
lief.ENDIANNESS.LITTLE: "/lib64/ld-linux-x86-64.so.2", lief.ENDIANNESS.LITTLE: "",
}, },
lief.ELF.ARCH.ARM: { lief.ELF.ARCH.ARM: {
lief.ENDIANNESS.LITTLE: "/lib/ld-linux-armhf.so.3", lief.ENDIANNESS.LITTLE: "/lib/ld-linux-armhf.so.3",
@ -98,7 +98,6 @@ ELF_ALLOWED_LIBRARIES = {
'libpthread.so.0', # threading 'libpthread.so.0', # threading
'libm.so.6', # math library 'libm.so.6', # math library
'libatomic.so.1', 'libatomic.so.1',
'ld-linux-x86-64.so.2', # 64-bit dynamic linker
'ld-linux.so.2', # 32-bit dynamic linker 'ld-linux.so.2', # 32-bit dynamic linker
'ld-linux-aarch64.so.1', # 64-bit ARM dynamic linker 'ld-linux-aarch64.so.1', # 64-bit ARM dynamic linker
'ld-linux-armhf.so.3', # 32-bit ARM dynamic linker 'ld-linux-armhf.so.3', # 32-bit ARM dynamic linker
@ -219,6 +218,10 @@ def check_RUNPATH(binary) -> bool:
def check_ELF_libraries(binary) -> bool: def check_ELF_libraries(binary) -> bool:
ok: bool = True ok: bool = True
if binary.header.machine_type == lief.ELF.ARCH.x86_64:
return len(binary.libraries) == 0
for library in binary.libraries: for library in binary.libraries:
if library not in ELF_ALLOWED_LIBRARIES: if library not in ELF_ALLOWED_LIBRARIES:
print(f'{filename}: {library} is not in ALLOWED_LIBRARIES!') print(f'{filename}: {library} is not in ALLOWED_LIBRARIES!')

6
contrib/guix/libexec/build.sh
View file

@ -142,10 +142,10 @@ export GUIX_LD_WRAPPER_DISABLE_RPATH=yes
# Determine the correct value for -Wl,--dynamic-linker for the current $HOST # Determine the correct value for -Wl,--dynamic-linker for the current $HOST
case "$HOST" in case "$HOST" in
x86_64-linux-gnu) ;;
*linux*) *linux*)
glibc_dynamic_linker=$( glibc_dynamic_linker=$(
case "$HOST" in case "$HOST" in
x86_64-linux-gnu) echo /lib64/ld-linux-x86-64.so.2 ;;
arm-linux-gnueabihf) echo /lib/ld-linux-armhf.so.3 ;; arm-linux-gnueabihf) echo /lib/ld-linux-armhf.so.3 ;;
aarch64-linux-gnu) echo /lib/ld-linux-aarch64.so.1 ;; aarch64-linux-gnu) echo /lib/ld-linux-aarch64.so.1 ;;
riscv64-linux-gnu) echo /lib/ld-linux-riscv64-lp64d.so.1 ;; riscv64-linux-gnu) echo /lib/ld-linux-riscv64-lp64d.so.1 ;;
@ -176,7 +176,8 @@ make -C depends --jobs="$JOBS" HOST="$HOST" \
x86_64_linux_AR=x86_64-linux-gnu-gcc-ar \ x86_64_linux_AR=x86_64-linux-gnu-gcc-ar \
x86_64_linux_RANLIB=x86_64-linux-gnu-gcc-ranlib \ x86_64_linux_RANLIB=x86_64-linux-gnu-gcc-ranlib \
x86_64_linux_NM=x86_64-linux-gnu-gcc-nm \ x86_64_linux_NM=x86_64-linux-gnu-gcc-nm \
x86_64_linux_STRIP=x86_64-linux-gnu-strip x86_64_linux_STRIP=x86_64-linux-gnu-strip \
NO_QT=1 # Don't bother with static
case "$HOST" in case "$HOST" in
*darwin*) *darwin*)
@ -225,6 +226,7 @@ esac
# LDFLAGS # LDFLAGS
case "$HOST" in case "$HOST" in
x86_64-linux-gnu) HOST_LDFLAGS=" -static-pie -static-libgcc -Wl,-O2" ;;
*linux*) HOST_LDFLAGS="-Wl,--as-needed -Wl,--dynamic-linker=$glibc_dynamic_linker -static-libstdc++ -Wl,-O2" ;; *linux*) HOST_LDFLAGS="-Wl,--as-needed -Wl,--dynamic-linker=$glibc_dynamic_linker -static-libstdc++ -Wl,-O2" ;;
*mingw*) HOST_LDFLAGS="-Wl,--no-insert-timestamp" ;; *mingw*) HOST_LDFLAGS="-Wl,--no-insert-timestamp" ;;
esac esac

4
contrib/guix/manifest.scm
View file

@ -590,6 +590,10 @@ inspecting signatures in Mach-O binaries.")
(package-with-c-toolchain nsis-x86_64 `(("toolchain" ,toolchain)))) (package-with-c-toolchain nsis-x86_64 `(("toolchain" ,toolchain))))
nss-certs nss-certs
osslsigncode)) osslsigncode))
((string-contains target "x86_64-linux-")
(list (list gcc-toolchain-12 "static")
(make-bitcoin-cross-toolchain target
#:base-libc glibc-2.40)))
((string-contains target "-linux-") ((string-contains target "-linux-")
(list bison (list bison
pkg-config pkg-config