the .99 makes sure that code in master is never mistaken for
release code, and is always a higher version than the last minor
release
Also set the last release date to match 1.14.8 instead of 1.14.7
This will allow compiling with the c++17 standard, which on some
distributions (macOS, FreeBSD) is required when using system
dependencies.
The ./configure script will now allow specifying --enable-c++17 to
enable c++17. The default remains c++11, and c++14 also remains
available.
change sys/random.h to random.h in AC_MSG_CHECK
remove definitions that are applicable to macos which include unistd.h
additionally change comparator argument from NULL to nullptr when evaluating &getentropy
Inspired by: c13c97dbf846cf0e6a5581ac414ef96a215b0dc6
These are available in sandboxes without access to files or
devices. Also [they are safer and more straightforward](https://en.wikipedia.org/wiki/Entropy-supplying_system_calls)
to use than `/dev/urandom` as reading from a file has quite a few edge
cases:
- Linux: `getrandom(buf, buflen, 0)`. [getrandom(2)](http://man7.org/linux/man-pages/man2/getrandom.2.html)
was introduced in version 3.17 of the Linux kernel.
- OpenBSD: `getentropy(buf, buflen)`. The [getentropy(2)](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2)
function appeared in OpenBSD 5.6.
- FreeBSD and NetBSD: `sysctl(KERN_ARND)`. Not sure when this was added
but it has existed for quite a while.
Alternatives:
- Linux has sysctl `CTL_KERN` / `KERN_RANDOM` / `RANDOM_UUID`
which gives 16 bytes of randomness. This may be available
on older kernels, however [sysctl is deprecated on Linux](https://lwn.net/Articles/605392/)
and even removed in some distros so we shouldn't use it.
Add tests for `GetOSRand()`:
- Test that no error happens (otherwise `RandFailure()` which aborts)
- Test that all 32 bytes are overwritten (initialize with zeros, try multiple times)
Discussion:
- When to use these? Currently they are always used when available.
Another option would be to use them only when `/dev/urandom` is not
available. But this would mean these code paths receive less testing,
and I'm not sure there is any reason to prefer `/dev/urandom`.
Closes: #9676
Cherry-picked from: 224e6eb089a0f4977d22f3803fc27e44b5e7eea5
Contains squashed commit of aa09ccbb74ea9febd83ce3362238ac5339069909 squashme: comment that NUM_OS_RANDOM_BYTES should not be changed lightly
Fixes the detection of bdb on brew enabled systems by using
dogecoin_find_bdb53.m4 parametrization and checking if the
brew-located files actually work.
Searches brew installed packages in the order: 5.x, 4.x, default.
The reason for this order is that 4.x is still fully readable by
5.3.27NC that is distributed by default, and therefore prefered
over newer-than 5.x versions.
glibc absorbed clock_gettime in 2.17. To retain backward
compatibility with systems that package glibc < 2.17, we need to
include it anyway. Until gcc-7, librt still got included with all
relevant symbols, so there was no issue and we could just use
that instead of gcc-native clock_gettime.
Since gcc-9, we need to explicitly add lrt outside the scope of
"as-needed" packages, because ld finds no reason to add a
DT_NEEDED tag for it, despite our inclusion, as the function
gets pulled from libc.so.6. Therefore, we:
1. disable "as-needed"
2. add librt
3. re-enable "as-needed" again
This way, we both force include librt, but still not link any
other unneeded libraries.
Because this is only valid for backward compatible binaries where
our build system is newer than the oldest supported OS (i.e. when
cross-compiling, running CI or gitian built releases) the -lrt flag
is now part of COMPAT_LDFLAGS instead of global "LIBS" when
configuring with --with-glibc-back-compat.
This explicit link can be removed when we drop support for glibc
versions < 2.17 (i.e. in the next major version)
On 32-bit platforms, glibc wraps fcntl to 64-bit address space
fcntl64, for reading files > 2GB. Since we don't open any files
of that size, we do not need this and can safely wrap to the old
32-bit fcntl.
Co-authored-by: Patrick Lodder <patricklodder@users.noreply.github.com>
wraps pow.3 exp.3 and log.3 to explicitly use backward compatible
glibc symbols. this is needed to stay compatible with old linux
versions with minor releases
Fixes calls to make check-security and make check-symbols
to have better integration with the CI and Gitian
The condition in the check-symbols target requiring the configure
flag --enable-glibc-back-compat is removed because that is
exclusive to Linux. By removing it, we enable the check for all
binaries, including those built for Windows and macOs.
Finally, removes configure.ac lines for readelf and cppfilt. Those
are no longer needed because lief is used in their stead.
squash into:
build: clean up security and symbol checks from makefile
These constants, when defined at the point of each new release, give us
the ability to detect when a running node may be out of date with
respect to an expected upcoming release.
This is the starting point for adding out-of-date notifications to the
daemon, CLI tool, and Qt binary.
Introduces a configure flag --enable-experimental that controls at
configure time whether or not experimental features can be
enabled. This serves as a circuit breaker to both make sure that
CI jobs are configured properly, and ensures manual compilations
are intentionally configuring experimental / non-production code.
Additionally, experimental features get listed in the summary after
configuration completes if enabled.
Further work can insert compile time checks with static_asserts
against the ALLOW_DOGECOIN_EXPERIMENTAL macro.
This reverts commit e78cfc630dbb712662328eb6c8b401bd3fab8969.
Besides adding runtime checks, this also removes experimental
guards and makes the features leak into release code as we have
no way of disabling them.
Additionally, this breaks on non-gnu systems which currently have
no released binaries, like arm-apple-darwin20 (Apple silicon macs)
- Add --enable/disable-scrypt-sse2 configuration flag
- use bitcoin-config.h instead of CPPFLAGS, like all other
features
- make the scrypt.h header guard to be similar to everything else
Updated cross build for ci environment
Updated experimental build to focal
Unified cross and native ARMv8.2 build options
Updated experimental build in ci
