We do not need libx11 to compile Qt with some very minor patches.
Removing this removes attack surface from dogecoin-qt and reduces
future maintenance cost.
- Removes packages:
- libX11
- libXext
- xextproto
- xtrans
- Patches Qt to not try to include X11 anywhere
- Removes x11-xcb check from bitcoin_qt.m4
- Remove permission to depend on libX11*so in release binaries
Backported-from: 1ec30b8f
aa53cb7a
92456991
0c55d8b5
689d3b4a
Co-Authored-By: Carl Dong <contact@carldong.me>
dbus is not used by qt in depends per documentation of the
-dbus-runtime configuration flag - it uses the packaged interface
and can be removed as a managed dependency.
Since dbus interfaces are only used on linux, remove it from the
windows and macOS configurations.
Backported-from: e8fabd92
6fdf5dab
Co-authored-by: fanquake <fanquake@gmail.com>
Remove functionality of Qt that we do not need, resulting in a
smaller dogecoin-qt binary and a reduced attack surface.
- removes all image support except png
(xpm is needed for qt binary build tools)
- no longer use Qt's built-in libjpeg
- disable all unused features
Items that cannot be removed vs Bitcoin Core:
For paper wallets:
- printer dialogs and pdf
- html rendering
For BIP70 payment requests:
- network configuration
- openssl
- socks5 support
Co-Authored-By: Cory Fields <cory-nospam-@coryfields.com>
Cherry-picked from: ca5055a
Cherry-pick notes: undid the removal of -mlinker-version, as this
was done erroneously upstream
The CC override in intel-ipsec-mb.mk fails for linux builds
when done in a docker container due to it inserting "pc" into
the host variable when not otherwise specified.
This fixes it by only overriding if we're building with mingw.
For normal users, --no-same-owner is default, but not so for root, where
it is assumed that root can change ownership willy-nilly. This is not
the case for privilege-limited container environments where we gaslight
the process into thinking it's root.
Cherry-picked from: 89bee1b
-After updating clang+llvm, QT 5.7.1's qfontengine_coretext.mm file's variable QFixed errors out as it's a constructor rather than a type in this context. This patch fixes that error.
Changes the fallback dependency source repository from Bitcoin's
bitcoincore.org to dogecoincore.org. Both are centrally hosted,
as a fallback. Ideally this would be utilizing a decentralized
protocol like IPFS, but this is harder to integrate with the CI
tooling.
Note: because some dependencies have identical filenames in their
source URLs (currently ds_store and mac_alias) we host the target
filename on the mirror, to prevent conflicts.
We may eventually want to break out harfbuzz and build it in depends, but
for now just ensure that runtime dependencies don't depend on whether or not
harfbuzz was present on the builder.
Cherry-picked from: bitcoin/bitcoin 3272e34f
and bitcoin/bitcoin cc25f892
and bitcoin/bitcoin a33381ac
Conflicts resolved:
- removed ci script and guix file changes that we don't have
- removed changes to libxcb
- squashed commits as cc25f892 was a fixup
- rewrote the change to depends/README
Co-authored-by: fanquake <fanquake@gmail.com>
Co-authored-by: W. J. van der Laan <laanwj@protonmail.com>
Instead of doing the awkward /bin path prepending at config.site
creation time, set darwin_{CC,CXX} in a way that fully determines the
program's path (clang/clang++)
Also see the added comment block in depends/Makefile for more context on
determining $PATH for our config.site.
Cherry-picked from: 880660ac
Conflicts: cherry-picked from a Bitcoin Core build system that is
optimized for supporting system-provided clang builds
which Dogecoin Core does not have at this time. I have
removed all code regarding that functionality and only
kept the code relevant to Dogecoin Core for this
major version (1.14), i.e. those lines that use the
pinned clang from the depends system.
Patches openssl 1.0.2's usage of secure_getenv to always use the
fallback OPENSSL_issetugid() instead, to remove reliance on a
higher glibc than the minimum we currently support (2.11)
See depends/patches/openssl/secure_getenv.patch for a full
description of the patch.
