With the release of binutils/ld 2.36, ld swapped to much improved
default settings when producing windows binaries with mingw-w64. One of
these changes was to stop stripping the .reloc section from binaries,
which is required for working ASLR.
.reloc section stripping is something we've accounted for previously,
see #18702. The related upstream discussion is in this thread:
https://sourceware.org/bugzilla/show_bug.cgi?id=19011.
When we switched to using a newer Guix time-machine in #23778, we begun
using binutils 2.37 to produce releases. Since then, our windows
installer (produced with makensis) has not functioned correctly when run on
a Windows system with the "Force randomization for images (Mandatory ASLR)"
option enabled. Note that all of our other release binaries, which all
contain .reloc sections, function fine under the same option, so it
cannot be just the presence of a .reloc section that is the issue.
For now, restore makensis to it's pre-binutils-2.36 behaviour, which
fixes the produced installer. The underlying issue can be further
investigated in future.
Similar to 8588591965.
```bash
ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft
validate_path(context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path
return _validate_path(validation_context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path
raise PathValidationError(pretty_message(
certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-07-27 12:00:00Z
```
Pass `--enable-default-pie` and `--enable-default-ssp` when configuring
our GCCs. This achieves the following:
--enable-default-pie
Turn on -fPIE and -pie by default.
--enable-default-ssp
Turn on -fstack-protector-strong by default.
Note that this isn't a replacement for passing hardneing flags
ourselves, but introduces some redundency, and there isn't really a
reason to not build a more "hardenings enabled" toolchain by default.
See also:
https://gcc.gnu.org/install/configure.html
Both glibcs we build support `--enable-bind-now`:
Disable lazy binding for installed shared objects and programs.
This provides additional security hardening because it enables full RELRO
and a read-only global offset table (GOT), at the cost of slightly
increased program load times.
See:
https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
Pass `--enable-stack-protector=all` when building the glibc used for the
RISC-V toolchain, to enable stack smashing protection on all functions,
in the glibc code.
71a751f6c3 test: add test for decoding PSBT with per-input preimage types (Sebastian Falbesoner)
faf43378e2 refactor: move helper `random_bytes` to util library (Sebastian Falbesoner)
fdc1ca3896 test: add constants for PSBT key types (BIP 174) (Sebastian Falbesoner)
1b035c03f9 refactor: move PSBT(Map) helpers from signet miner to test framework (Sebastian Falbesoner)
7c0dfec2dd refactor: move `from_binary` helper from signet miner to test framework (Sebastian Falbesoner)
597a4b35f6 scripted-diff: rename `FromBinary` helper to `from_binary` (signet miner) (Sebastian Falbesoner)
Pull request description:
This PR adds missing test coverage for the `decodepsbt` RPC in the case that a PSBT with on of the per-input preimage types (`PSBT_IN_RIPEMD160`, `PSBT_IN_SHA256`, `PSBT_IN_HASH160`, `PSBT_IN_HASH256`; see [BIP 174](https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki#Specification)) is passed. As preparation, the first four commits move the already existing helpers for (de)serialization of PSBTs and PSBTMaps from the signet miner to the test framework (in a new module `psbt.py`), which should be quite useful for further tests to easily create PSBTs.
ACKs for top commit:
achow101:
ACK 71a751f6c3
Tree-SHA512: 04f2671612d94029da2ac8dc15ff93c4c8fcb73fe0b8cf5970509208564df1f5e32319b53ae998dd6e544d37637a9b75609f27a3685da51f603f6ed0555635fb
ebe106a754 add glozow to trusted-keys (glozow)
Pull request description:
For maintaining mempool and policy areas of the codebase, as discussed yesterday's meeting: https://gnusha.org/bitcoin-core-dev/2022-06-30.log
ACKs for top commit:
Sjors:
ACK ebe106a754 and congrats!
achow101:
ACK ebe106a754
theuni:
ACK ebe106a754
dergoegge:
ACK ebe106a754
sipa:
ACK ebe106a754, though relying on others to verify the PGP key.
laanwj:
ACK ebe106a754
josibake:
ACK ebe106a754 (i have not personally signed this key, but verified it matches other places glozow has posted her key)
Xekyo:
ACK ebe106a754.
brunoerg:
ACK ebe106a754
fanquake:
ACK ebe106a754
hebasto:
ACK ebe106a754, confirming my approval given at the IRC meeting.
Tree-SHA512: 215ff8872ea3fa9ca35b25e74a668e50c2e7be3ff653f8d6fd213ac878c33b90bba9defc59a000c644a9df1b06a826eb5d97a89b3c6cca24b5a87c6ab739b01b
5bff18bce5 guix: patch gcc 10 with pthreads to remap guix store paths (Andrew Chow)
Pull request description:
The only thing preventing windows from being cross architecture reproducible is a single guix store winpthreads path in the debug symbols. This can be removed by patching libgcc to use `-ffile-prefix-map` so that the debug symbol will be mapped to a fixed `/usr` instead of the guix store path which depends on the building architecture.
x86_64
```
2e585c4a66e930b5e273e89b8aeddc9c3bd1c8375b19d988a6fff64f0d49edfd guix-build-5bff18bce5d9/output/dist-archive/bitcoin-5bff18bce5d9.tar.gz
b9235dc1a8541e840231cfafd0d971bd5e8a3ea7d5331c4d7af9dbfdabc6905b guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/SHA256SUMS.part
f82d861de60e22fc7dd731bef60a3e4399b5317eb16e41e92ded171490d1a578 guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-debug.zip
bfd59561c3cfce91b09d05b17cfc67cd70cb78eea39ea863119870260a8dbdec guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-setup-unsigned.exe
3d049d98c6add13b0eb4c7adcf0d3ae59d1eab09799292a2c900de0ad067912a guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-unsigned.tar.gz
7af4c34c47f349028ec1f4c2edea547bd9fa30d1c67977d482607a9c6bf2ddee guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64.zip
```
arm64
```
2e585c4a66e930b5e273e89b8aeddc9c3bd1c8375b19d988a6fff64f0d49edfd guix-build-5bff18bce5d9/output/dist-archive/bitcoin-5bff18bce5d9.tar.gz
b9235dc1a8541e840231cfafd0d971bd5e8a3ea7d5331c4d7af9dbfdabc6905b guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/SHA256SUMS.part
f82d861de60e22fc7dd731bef60a3e4399b5317eb16e41e92ded171490d1a578 guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-debug.zip
bfd59561c3cfce91b09d05b17cfc67cd70cb78eea39ea863119870260a8dbdec guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-setup-unsigned.exe
3d049d98c6add13b0eb4c7adcf0d3ae59d1eab09799292a2c900de0ad067912a guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-unsigned.tar.gz
7af4c34c47f349028ec1f4c2edea547bd9fa30d1c67977d482607a9c6bf2ddee guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64.zip
```
ACKs for top commit:
fanquake:
ACK 5bff18bce5
hebasto:
ACK 5bff18bce5, I have reviewed the code and it looks OK. Confirming reproducibility for `x86_64` and `arm64` platforms.
Tree-SHA512: 7cc34e6348e4cab847a7b8745179fceced0f37d639cf2ae81748dd73820809ea8f5e049b5b3ce2b912528491967e33fafd56e75aa47714e09b41859091433c5d
54faac9689 guix: Remove guix store paths from glibc (Andrew Chow)
1d4d711de2 guix: Map all guix store prefixes to /usr (Andrew Chow)
Pull request description:
This cherry-picks two commits from #24615, with minor edits. When building master, only the `x86_64-apple-darwin` build is reproducible across x86_64 and arm64. With these two changes we get x86_64 -> arm64 reproducibility for:
* `powerpc64-linux-gnu`
* `powerpc64le-linux-gnu`
* `x86_64-apple-darwin`
* `x86_64-linux-gnu`
We can't compare `aarch64-linux-gnu`, because we can't currently build for `aarch64-linux-gnu` on `aarch64-linux-gnu`/`arm64`. See (#22458).
For all the other hosts, the reproducibility issues are known / being worked on (see discussion in #24615). However there's no real reason to wait for those to be fixed before merging these changes, as it'd be great to have cross arch reproducibility just for `x86_64-linux-gnu`. I'm also unsure about the approach taken in that PR in regards to the libtool changes (and think there might even be a Guix bug involved).
As I've added to the patch file, we may be able to drop these patches and use `--with-nonshared-cflags` when we are building newer versions of glibc.
Guix Build (x86_64):
```bash
1eadc59775a209e707539a6bdfe4c96e13a17f5373bfaf6477a65c1a44b2459d guix-build-54faac968971/output/arm-linux-gnueabihf/SHA256SUMS.part
1f424e448223a1e1ee1658efeb3bcc0d8b08a2a2bdc9d2dc779c931b956b527f guix-build-54faac968971/output/arm-linux-gnueabihf/bitcoin-54faac968971-arm-linux-gnueabihf-debug.tar.gz
212f55cf55dac34a3a6471bf0585f5ba1ed0a4801e9c0003961617881edb7ee7 guix-build-54faac968971/output/arm-linux-gnueabihf/bitcoin-54faac968971-arm-linux-gnueabihf.tar.gz
f920fdc9407371be8fc5638a0f5ce2f1202889d820bda4451096d162b5d28d94 guix-build-54faac968971/output/arm64-apple-darwin/SHA256SUMS.part
066098fe095a3dd46fa3c84e459aca1e8e4b3d564ab3f20a2542c8c46dd37b5a guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin-unsigned.dmg
d2dc320975f8ec67595c274fcb7eda56c18ba72b905160537be97408cfdf1baf guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin-unsigned.tar.gz
68013ac011ebac25e8ee2d2421266c66d1e20d309133eb6121ba89807e17fda5 guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin.tar.gz
d992dd9f50fec89e0bdf63e8e9352ebcd2b503424cb441f01c06074aa0b63b0e guix-build-54faac968971/output/dist-archive/bitcoin-54faac968971.tar.gz
e26ea298d15a87ce484afa59ca0c36ecfd173314b440e091cd93de11fe2dd91c guix-build-54faac968971/output/powerpc64-linux-gnu/SHA256SUMS.part
1a17091e7e515cc89a2e0a91a08ea0deb48847d5650be936f3365449002a59a5 guix-build-54faac968971/output/powerpc64-linux-gnu/bitcoin-54faac968971-powerpc64-linux-gnu-debug.tar.gz
63ce21f6ee3a971a7a4533934ec559c727d2e3fc123fb65b2dec622168af76d5 guix-build-54faac968971/output/powerpc64-linux-gnu/bitcoin-54faac968971-powerpc64-linux-gnu.tar.gz
267ff9d9ed3d8108033d676218399c4e56ba83eb30a3b4a6417cac8d1ce5e2f4 guix-build-54faac968971/output/powerpc64le-linux-gnu/SHA256SUMS.part
a0db19b9829bd65067e2075c2d3e55065d03a4456a31ccb3ed8a70f7f3dcf1a0 guix-build-54faac968971/output/powerpc64le-linux-gnu/bitcoin-54faac968971-powerpc64le-linux-gnu-debug.tar.gz
9971ba819854a77306358b31ddc2d21074b8cca57cfd8ce7f2ca83a1cc8f0a46 guix-build-54faac968971/output/powerpc64le-linux-gnu/bitcoin-54faac968971-powerpc64le-linux-gnu.tar.gz
e18fe6d4db3048368db25846555a30ec97f71dcfdfcc3e86d7fe46c33c762a26 guix-build-54faac968971/output/riscv64-linux-gnu/SHA256SUMS.part
4879fd332bee8570e6edfe5d0cbd3eea7df18f058ed25286aedb377858e27793 guix-build-54faac968971/output/riscv64-linux-gnu/bitcoin-54faac968971-riscv64-linux-gnu-debug.tar.gz
470fafbab9d7328e172c658f58fd6f62f7890ce5d3dfe3bbfacd717b6d2c00f3 guix-build-54faac968971/output/riscv64-linux-gnu/bitcoin-54faac968971-riscv64-linux-gnu.tar.gz
6b119a38b8ac1dd50e3cee69e8464ab21d624217cb3f50a1aef216e9ece27946 guix-build-54faac968971/output/x86_64-apple-darwin/SHA256SUMS.part
afff2a8184007d6a3eaf7b6735417e7b9b404a801306c71f7d653907055d442c guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin-unsigned.dmg
775298169fa45197f5b560e5581d6e3c021ed009487065f7e3a042914396b3cd guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin-unsigned.tar.gz
51b0d2adae63aeca021621ec25278c202e82d8bc3ef5e7a9d2bfd93bd7a3fcab guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin.tar.gz
ca9cd0083083ec1632a37396076fef638c00fed99efbb9e39521195867746301 guix-build-54faac968971/output/x86_64-linux-gnu/SHA256SUMS.part
0e5a017bca3c0a2a466d230a470ec9c44b5d0bfd60d98f62a3a54f4cccb8cd23 guix-build-54faac968971/output/x86_64-linux-gnu/bitcoin-54faac968971-x86_64-linux-gnu-debug.tar.gz
3b26566a553f17ccbcbf548675d0e8ce47a58a1e23c6b7c9792565117a223855 guix-build-54faac968971/output/x86_64-linux-gnu/bitcoin-54faac968971-x86_64-linux-gnu.tar.gz
fa2f240f7bd7cfadfeb08188c044c8e34fd9c24785f4e2035c1256c3173c5589 guix-build-54faac968971/output/x86_64-w64-mingw32/SHA256SUMS.part
0212ae95d100c9a4dbe062a14b49952279c91cbf352c786369320c3ed006c23a guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-debug.zip
750aa7c31cfa1bd5e0ae3f2ea52e526a73f1d3879b9f1a365967bbc317d4cca4 guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-setup-unsigned.exe
f7bdda020d299df778fd68ad556d8124d87f7f9f0c4a77b62e05db20f5bbec2b guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-unsigned.tar.gz
d7f8b16634ceb95db3d28a024827a51f689dc0ab34ed40f205861bbc254f6206 guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64.zip
```
Guix Build (arm64):
```bash
e4492294c284054e8378f8ac0c08b5d2efe5eeeec57ca12c3192da87a4dd4266 guix-build-54faac968971/output/arm-linux-gnueabihf/SHA256SUMS.part
1f424e448223a1e1ee1658efeb3bcc0d8b08a2a2bdc9d2dc779c931b956b527f guix-build-54faac968971/output/arm-linux-gnueabihf/bitcoin-54faac968971-arm-linux-gnueabihf-debug.tar.gz
b2c454f589afea22d5126be14d1b9eb3aed7d99d59e50591db18c2cc3f190b23 guix-build-54faac968971/output/arm-linux-gnueabihf/bitcoin-54faac968971-arm-linux-gnueabihf.tar.gz
575bbf78dd6002a7a5653277c24cd8d98471b6454e0801b558ac2a754788f2fa guix-build-54faac968971/output/arm64-apple-darwin/SHA256SUMS.part
03d8175e0db26b56fee757b307b8b519e4df0c639caa6afdfdea5ce7de63ecc4 guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin-unsigned.dmg
8ab4e3a65f09168b42c40ec736e507eb3e9b787d27a56db21a3c601e81d81262 guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin-unsigned.tar.gz
43024487cf0120a0a42aeba228f01f2a5303d2940d838f59106fa246a484662d guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin.tar.gz
d992dd9f50fec89e0bdf63e8e9352ebcd2b503424cb441f01c06074aa0b63b0e guix-build-54faac968971/output/dist-archive/bitcoin-54faac968971.tar.gz
e26ea298d15a87ce484afa59ca0c36ecfd173314b440e091cd93de11fe2dd91c guix-build-54faac968971/output/powerpc64-linux-gnu/SHA256SUMS.part
1a17091e7e515cc89a2e0a91a08ea0deb48847d5650be936f3365449002a59a5 guix-build-54faac968971/output/powerpc64-linux-gnu/bitcoin-54faac968971-powerpc64-linux-gnu-debug.tar.gz
63ce21f6ee3a971a7a4533934ec559c727d2e3fc123fb65b2dec622168af76d5 guix-build-54faac968971/output/powerpc64-linux-gnu/bitcoin-54faac968971-powerpc64-linux-gnu.tar.gz
267ff9d9ed3d8108033d676218399c4e56ba83eb30a3b4a6417cac8d1ce5e2f4 guix-build-54faac968971/output/powerpc64le-linux-gnu/SHA256SUMS.part
a0db19b9829bd65067e2075c2d3e55065d03a4456a31ccb3ed8a70f7f3dcf1a0 guix-build-54faac968971/output/powerpc64le-linux-gnu/bitcoin-54faac968971-powerpc64le-linux-gnu-debug.tar.gz
9971ba819854a77306358b31ddc2d21074b8cca57cfd8ce7f2ca83a1cc8f0a46 guix-build-54faac968971/output/powerpc64le-linux-gnu/bitcoin-54faac968971-powerpc64le-linux-gnu.tar.gz
603e09db23e20ee834cfdeaa58517fa6795779131f76c8e67c79ee4118043ba6 guix-build-54faac968971/output/riscv64-linux-gnu/SHA256SUMS.part
4879fd332bee8570e6edfe5d0cbd3eea7df18f058ed25286aedb377858e27793 guix-build-54faac968971/output/riscv64-linux-gnu/bitcoin-54faac968971-riscv64-linux-gnu-debug.tar.gz
aad8eb83730dbf079ee2c894e33ebf6df78e302500493b10e72a2aab9fa51b49 guix-build-54faac968971/output/riscv64-linux-gnu/bitcoin-54faac968971-riscv64-linux-gnu.tar.gz
6b119a38b8ac1dd50e3cee69e8464ab21d624217cb3f50a1aef216e9ece27946 guix-build-54faac968971/output/x86_64-apple-darwin/SHA256SUMS.part
afff2a8184007d6a3eaf7b6735417e7b9b404a801306c71f7d653907055d442c guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin-unsigned.dmg
775298169fa45197f5b560e5581d6e3c021ed009487065f7e3a042914396b3cd guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin-unsigned.tar.gz
51b0d2adae63aeca021621ec25278c202e82d8bc3ef5e7a9d2bfd93bd7a3fcab guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin.tar.gz
ca9cd0083083ec1632a37396076fef638c00fed99efbb9e39521195867746301 guix-build-54faac968971/output/x86_64-linux-gnu/SHA256SUMS.part
0e5a017bca3c0a2a466d230a470ec9c44b5d0bfd60d98f62a3a54f4cccb8cd23 guix-build-54faac968971/output/x86_64-linux-gnu/bitcoin-54faac968971-x86_64-linux-gnu-debug.tar.gz
3b26566a553f17ccbcbf548675d0e8ce47a58a1e23c6b7c9792565117a223855 guix-build-54faac968971/output/x86_64-linux-gnu/bitcoin-54faac968971-x86_64-linux-gnu.tar.gz
da10e58c2616b7d96fb00d24f34834b737b190c91bd533fc11130c5faf77d697 guix-build-54faac968971/output/x86_64-w64-mingw32/SHA256SUMS.part
7b69ac09edb7795b61242d8b929808b7615e4011f1d312d495cc9410ded6c574 guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-debug.zip
750aa7c31cfa1bd5e0ae3f2ea52e526a73f1d3879b9f1a365967bbc317d4cca4 guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-setup-unsigned.exe
f7bdda020d299df778fd68ad556d8124d87f7f9f0c4a77b62e05db20f5bbec2b guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-unsigned.tar.gz
e90e9a7e86839cbbde7b17610b7fb6eb9a960703232d3b92040dce8df55861bd guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64.zip
```
ACKs for top commit:
laanwj:
ACK 54faac9689
Tree-SHA512: 258e7de8e8df00995b6e952ef10d054ad127237265811eaafa537501be84459ae8f8f638618365d81e4eee8b7013db768b61c343d68e46d1d90a194bdc26b852
4e569c8bd8 guix: remove explicit glibc stack protector disabling (fanquake)
Pull request description:
While glibc 2.25 and newer *can* be built with stack-smashing-protection
enabled, it isn't used by default, and still isn't, as of glibc 2.35,
so I can't see a reason to explicitly disable it.
I'd also like to move in the direction of enabling, by default,
hardening options for the toolchains we build, so removing the explicit
disabling is a step in that direction.
Will be following up with some changes based on this change.
Guix Build (x86_64):
```bash
954b393f5c775919e32b725a45aa93af8a5e75ead348f904304c0367583b41ff guix-build-4e569c8bd85e/output/aarch64-linux-gnu/SHA256SUMS.part
0ff27062ba2ac4c11a966de2d9aea070f54ab5c255068dd992b19fcb33661ffd guix-build-4e569c8bd85e/output/aarch64-linux-gnu/bitcoin-4e569c8bd85e-aarch64-linux-gnu-debug.tar.gz
bf48baf97e21467ce439f6e733cf3a20732adee01bb1d98aa9519c2ec54b5f41 guix-build-4e569c8bd85e/output/aarch64-linux-gnu/bitcoin-4e569c8bd85e-aarch64-linux-gnu.tar.gz
041eac2a2e045e2283cc78361adcc2232c5eecc9ad465624499225a4ad44f5fe guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/SHA256SUMS.part
7a3bbca762f6c3c4fd851fbf74a2f00c21d98c211de5baa06d0ba2fc59505694 guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf-debug.tar.gz
89e0260075472d10d02de7e3bb382d87f9ffb3d548f533aab0ba7e39f4c796df guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf.tar.gz
96f893eefaa9fb5af41f46eece3831a3956a5a9ab1f825e4c17c5675bd020bbe guix-build-4e569c8bd85e/output/arm64-apple-darwin/SHA256SUMS.part
65865e481d33e1023adef769ca9a38ca8cdf03e8476a61f1724bb1ab0bc54750 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.dmg
38da0510c34d9c2bff98da60c873593c6a85bc6f73025990daaa8d5b022819c0 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.tar.gz
a1b5ccda7780df15fda2131d260542e57601fed2c18092edaa3094c23eafd99d guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin.tar.gz
f1e4fb6d96420865ee1cfdc10960d8b0407ae49d367d5df1901510a8a87a69bf guix-build-4e569c8bd85e/output/dist-archive/bitcoin-4e569c8bd85e.tar.gz
5cc5e3193435bdd0aafc1a43e1dfc7582e585a27453e92e3383ceb8ba6c162ad guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/SHA256SUMS.part
56bfeecb15b0c59dcccb31d1d5df978e7bb9c60bc0661638af7b263958cb8d4d guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu-debug.tar.gz
46e61a752ba3ac1e553c82f4615854c27b38b9c2e5abd318840d3d5383e1384d guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu.tar.gz
52ea9adf7b3a88fa88e89b53852d1d7917af959bee0b67c218959b1123f67c57 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/SHA256SUMS.part
2a1a65bd55cc9c83ccbb296e7fe41d5b313466cf8d70ef8aec81aa47e346e422 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu-debug.tar.gz
b8dbcf97a83a1dd53d23eeafa714e3a3cb8d0b087c060978137e47fdab2b261f guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu.tar.gz
87e3823e246e139ad14c4d44c8e2ed5e1bebea1a02d3931e66232505a1b35463 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/SHA256SUMS.part
1307b92c608b1001628fda1792fbcb61183286cff707be930bcb1d887f5a4b02 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu-debug.tar.gz
0f660a9165a26f627be913e6bf1bb81cbabebee742031d0a75131a7e380e6c8a guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu.tar.gz
d530151878bdf70c0913a12ba1aa49dad9ba62ac9edd70cda3982fd0fe327e93 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/SHA256SUMS.part
dc3a9ee571854066ea03d60c1f2b8012fdff12ea1e74ab4ce02b1effc6689436 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.dmg
94c0522390e5650d91d63c6afa5bce895a60c17c1365e0d87a898c2868093dc9 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.tar.gz
364d72282e8824d5dffe184fc10bdcbc9cdf96e8c0ac379b8392e1e1992e3307 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin.tar.gz
0d3ce4cbf3444fc9a3c488f12ef7b73d07b85bcf3d4d9500b689d44506a79818 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/SHA256SUMS.part
f584d494db5594ae2bc06e09f8e68c11e446bc82cb8a1dfa6afee5d3a079b5af guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu-debug.tar.gz
ea0e9316dd25ebee9023f3c65cb99fe846de6fe56152d4926005f9da500a502c guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu.tar.gz
a41966b6d13aa1e702cc357bbedfd51bcb431caa39bb904efd9611e3a945bf1c guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/SHA256SUMS.part
5f150613204341d91a4b755c74120e233567187ba4f9151a12e39e5304efb3a1 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-debug.zip
6a94dc9c5dcb2a4448a37573baab50f405e08af0d5a4de8a8046cba5445153e4 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-setup-unsigned.exe
31fe85ba31ed84ebbbc4cc42f593e1de1811c1ecc9a0a094d05b0914bd151174 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-unsigned.tar.gz
0a6d590c26a47c51192e4003ad97ecd6b7ad91c8f8612ea310fb324bce5dc15a guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64.zip
```
Guix Build (arm64):
```bash
2ce621cb469772c318a29b21bc4dd546353130a688a5ecb66373256c7be2c37a guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/SHA256SUMS.part
13abe55069581ca711529d058a8e5de732c6630a94b7e912e9c31f606241c264 guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf-debug.tar.gz
7a60cd7d9aee30bc8e08cf9d52bd032f82e48214c81130e2f61ca3da71c01477 guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf.tar.gz
d614a4acfed70f61814a5c26bf51594e0cc666fc3dadc3df805e5cc608835550 guix-build-4e569c8bd85e/output/arm64-apple-darwin/SHA256SUMS.part
c9d5705b947c461ade878d7a0110ae5b34b384991f5bf6e86db0b79f421d4f81 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.dmg
c1897d204e75b9ef8a58fb3f2c85d9c306b05dbd6c8f74a2b4ccfbd85aed5574 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.tar.gz
1c9e188d76c18785d4500c1c7ab0e049cf35c878803266580913e8cc4bd01bf6 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin.tar.gz
f1e4fb6d96420865ee1cfdc10960d8b0407ae49d367d5df1901510a8a87a69bf guix-build-4e569c8bd85e/output/dist-archive/bitcoin-4e569c8bd85e.tar.gz
f3e7d6b6aca3ca4f150e0e91e9532f4eb21c4f60ab1c21b6ecfaa9c862f9f8a8 guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/SHA256SUMS.part
48e630949976ee298bccf01cfbbb7fea29c9bd0bc658cf0564d4a3e1997556e8 guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu-debug.tar.gz
9e30c4987f3657ba6499a78c5c578e430c55f71991fc9ad6f3ecf4847ed1814e guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu.tar.gz
128ce9194e377b013baceafc4ddba0f70c239e36057c9dc0a9213caa34c5064f guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/SHA256SUMS.part
8e4a41c07e9427de4054069c3af668157372cc6cd86d758c0b35b7ed906e5365 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu-debug.tar.gz
da6924709b35f7fbaf9b7b772e0f14be5b583e9453b0cae58b6a5b1e159580c7 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu.tar.gz
2415604bf3651ea18dcbb4ec5bf73372bdc19c80aa316b864de20c8a5df4bf34 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/SHA256SUMS.part
8f6ee4b69fb33b40ad505c091684258ded340ab9936b554f8fa4e499d4da1155 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu-debug.tar.gz
0a941d44532287288a9859c35fdaa940c940c1e8f4a17b7994e3796c9a668d57 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu.tar.gz
d530151878bdf70c0913a12ba1aa49dad9ba62ac9edd70cda3982fd0fe327e93 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/SHA256SUMS.part
dc3a9ee571854066ea03d60c1f2b8012fdff12ea1e74ab4ce02b1effc6689436 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.dmg
94c0522390e5650d91d63c6afa5bce895a60c17c1365e0d87a898c2868093dc9 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.tar.gz
364d72282e8824d5dffe184fc10bdcbc9cdf96e8c0ac379b8392e1e1992e3307 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin.tar.gz
047d3eae54136b7f5fb20487fb2c57455dda6bb88594065b71843400fbc41824 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/SHA256SUMS.part
8bfb97bcab8d5e0a86a2a8d20be5215d8bb615a8b6c3ad69e1db5028caf2dd29 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu-debug.tar.gz
4962550d7d113e8544a33e2ffa5a0e77e172984c17bfa461a631bf08dc7cc545 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu.tar.gz
5ad1661c475308c6df102aee51261e36583fe0f5f73713d7f19384b63755a3c5 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/SHA256SUMS.part
62cf3e15e638f48bd0931a847ba5e5636422fb6bd00da41251c1f636d39c5822 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-debug.zip
6a94dc9c5dcb2a4448a37573baab50f405e08af0d5a4de8a8046cba5445153e4 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-setup-unsigned.exe
31fe85ba31ed84ebbbc4cc42f593e1de1811c1ecc9a0a094d05b0914bd151174 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-unsigned.tar.gz
a3c7db0ca4b557810b5e5f1ec14cecaf47b5bf51631798d8675243bb6ecedf8f guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64.zip
```
ACKs for top commit:
laanwj:
Code review ACK 4e569c8bd8
Tree-SHA512: 7f75c304ec67d824ce17be1acb0d67c3946cc346444abcac0a13762365566d101aa784f92dd28ef15b664f1a5f64ae1f60ca91b2538de7ea08a7684bf33cda0d
Without ffile-prefix-map, the debug symbols will contain paths for the
guix store which will include the hashes of each package. However, the
hash for the same package will differ when on different architectures.
In order to be reproducible regardless of the architecture used to build
the package, map all guix store prefixes to something fixed, e.g. /usr.
We might be able to drop this in favour of using --with-nonshared-cflags
when we being using newer versions of glibc.
Without ffile-prefix-map, the debug symbols will contain paths for the
guix store which will include the hashes of each package. However, the
hash for the same package will differ when on different architectures.
In order to be reproducible regardless of the architecture used to build
the package, map all guix store prefixes to something fixed, e.g. /usr.
While glibc 2.25 and newer *can* be built with stack-smashing-protection
enabled, it isn't used by default, and still isn't, as of glibc 2.35,
so I can't see a reason to explicitly disable it.
I'd also like to move in the direction of enabling, by default,
hardening options for the toolchains we build, so removing the explicit
disabling is a step in that direction.
Will be following up with some changes based on this PR.
667e316bcb contrib: Update makeseeds to asmap-nextgen (laanwj)
ae00b9e02c contrib: add seeds progress indicator and remove asmap one in makeseeds script (Jon Atack)
b54180303d contrib: Use asmap for ASN lookup in makeseeds (laanwj)
Pull request description:
Add an argument `-a` to provide a asmap file to do the IP to ASN lookups.
This speeds up the script greatly, and makes the output deterministic. Also removes the dependency on `dns.lookup`.
I've annotated the output with ASxxxx comments to provide a way to verify the functionality.
For now I've added instructions in README.md to download and use the `demo.map` from the asmap repository. When we have some other mechanism for distributing asmap files we could switch to that.
This continues #24824. I've removed the fallbacks and extra complexity, as everyone will be using the same instructions anyway.
Co-authored-by: Pieter Wuille <pieter.wuille@gmail.com>
Co-authored-by: russeree <reese.russell@ymail.com>
ACKs for top commit:
sipa:
ACK 667e316bcb
dunxen:
re-ACK 667e316
Tree-SHA512: c4cedfbd1dee6be7547aa92dd9e262c46f0ff8099e647559b2a40eab0cc9874e9a813706630dd5c880390d23f432e789fb3e7e8a09f376f567071e68f5904c65
As of version 2.4.7, libtool now respects ARFLAGS, which we use, and has
changed the default ARFLAGS from cru to cr (which we also do, see
configure).
This eliminates spammy `ar` output such as:
```bash
CXXLD libunivalue.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
AR libbitcoin_zmq.a
AR libbitcoin_consensus.a
CXXLD crypto/libbitcoin_crypto_base.la
CXXLD crypto/libbitcoin_crypto_sse41.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
CXXLD crypto/libbitcoin_crypto_avx2.la
CXXLD crypto/libbitcoin_crypto_x86_shani.la
CXXLD leveldb/libleveldb.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
CXXLD crc32c/libcrc32c.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
CXXLD leveldb/libmemenv.la
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
/root/.guix-profile/bin/x86_64-linux-gnu-ar: `u' modifier ignored since `D' is the default (see `U')
AR libbitcoin_cli.a
```
Libtool 2.4.7 release notes:
https://lists.gnu.org/archive/html/autotools-announce/2022-03/msg00000.html
Mostly changes to remove src/univalue exceptions from the various linters,
and the required code changes to make them happy. As well as minor doc
changes.
Now that we use GCC 10 for release builds, we no-longer need to
pass-Wl,-z,noexecstack to get a non-executable stack in RISC-V binaries.
This was originally removed in #21036, but then re-added in #21799, when
we reverted to using GCC 8.
Add an argument `-a` to provide a asmap file to do the IP to ASN
lookups.
This speeds up the script greatly, and makes the output deterministic.
Also removes the dependency on `dns.lookup`.
I've annotated the output with ASxxxx comments to provide a way to
verify the functionality.
For now I've added instructions in README.md to download and use the
`demo.map` from the asmap repository. When we have some other mechanism
for distributing asmap files we could switch to that.
This continues #24824. I've removed all the fallbacks and extra
complexity, as everyone will be using the same instructions anyway.
Co-authored-by: Pieter Wuille <pieter.wuille@gmail.com>
Co-authored-by: James O'Beirne <james.obeirne@pm.me>
Co-authored-by: russeree <reese.russell@ymail.com>
7e9fe6d800 windeploy: Renewed windows code signing certificate (Andrew Chow)
Pull request description:
The current windows code signing certificate expires on May 26 23:59:59 2022 GMT. I have purchased a new code signing certificate which will expire on May 29 23:59:59 2024 GMT.
ACKs for top commit:
laanwj:
ACK 7e9fe6d800
fanquake:
ACK 7e9fe6d800 - tested above with OpenSSL 3 & faketime.
Tree-SHA512: 283eb863d4db0573c7e78fe9d8f1b855533fc45b0995cd2d66e40b5242eb9bc9317b01e1b151fe49d512cd4aa6c48e2390017070f79db46493813fdd0a0f568a
