adds a line when no copyright for Dogecoin Core Developers exists
but the file has been edited by us, to the last year found in git
log, or extends the year range on an existing line when a file
has been modified since the year previously listed.
Excludes subtrees.
We do not need libx11 to compile Qt with some very minor patches.
Removing this removes attack surface from dogecoin-qt and reduces
future maintenance cost.
- Removes packages:
- libX11
- libXext
- xextproto
- xtrans
- Patches Qt to not try to include X11 anywhere
- Removes x11-xcb check from bitcoin_qt.m4
- Remove permission to depend on libX11*so in release binaries
Backported-from: 1ec30b8f
aa53cb7a
92456991
0c55d8b5
689d3b4a
Co-Authored-By: Carl Dong <contact@carldong.me>
Integrates modernized security and symbol checks into all bionic
gitian descriptors - uses the precompiled bionic-specific lief
wheel from depends.dogecoincore.org to save an hour build time on
each gitian host. This does require pre-downloading the wheel file
like done for the osx SDK.
- replaces python2 with python3 in descriptors
- adds python3-setuptools and python3-pip
- now requires lief-0.12.3-cp36-cp36m-linux_x86_64.whl to be
present in the gitian-builder/inputs folder
- installs the wheel prior to installing dependencies
- enables symbol check for windows
- enables security check for osx
- adds automatic wheel download to gitian-build.sh
Reconfigures the Bitcoin 24.0.1 symbol-check.py script to honor
the maximum versions of dynamic symbols, the allowed system
dependencies and allowed symbol exports. This is important to
maintain when doing minor releases, because changes in these
would potentially lock people out of security updates.
This adds specification of the linker-loader name for i686
binaries because Bitcoin Core no longer supports that
architecture.
The spec was taken from:
https://sourceware.org/glibc/wiki/ABIList?action=recall&rev=16
Please note that:
- aarch64 binaries have had a glibc 2.17 requirement since the
first release with 1.14.0, and therefore have a higher glibc
target than all other linux binaries.
- All other values have been taken from the Dogecoin Core v1.14.6
tag, commit 3a29ba6d4.
- Additional win32 and win64 needed libraries have been reverse
engineered from 1.14.6 release binaries.
- Windows minimum version checks have been disabled, as these
need to be set on the release binaries before we check for it.
Disables checks from Bitcoin 24.0.1 security-check.py code that
we currently cannot support on Dogecoin Core without changes to
the build process
- separate-code needs linking using binutils 2.31 and/or
explicit linking with -z,separate-code on binutils 2.30+
- CONTROL_FLOW can be enabled after building with gcc-8
or later. This would require at least a Ubuntu Focal
Gitian implementation, and -fcf-protection enabled on
the boost dependency.
- HIGH_ENTROPY_VA and RELOC_SECTION checks for Windows
binaries need fixes for dogecoin-cli, dogecoin-tx and
test binaries, so that ASLR can be used for these binaries
the same way it was done for dogecoind and dogecoin-qt.
These checks can be re-enabled once these security features are
enabled on release binaries (i.e. those built with Gitian)
Takes the security and symbol checkers from Bitcoin Core v24.0.1
because this uses the python3 capable lief module for reading
multi-platform binaries. This helps getting rid of
incompatibilities when using these tools in Ubuntu releases newer
than Bionic (18.04) and by using the external module, reduces risk
and maintenance cost of custom code.
This commit does NOT reconfigure for Dogecoin 1.14.7 parametrization
Backported from state at: b3f866a8@bitcoin/bitcoin
- explain apt-cacher post-installation tasks
- change doc example to 1.14.5 because 1.14.4 expects trusty
- remove pressure on bitcoincore.org by downloading files from
dogecoincore.org
Use simple invocation type instead of forking daemon
Add alternative unit file for /usr/local installs
Add /opt/ systemd unit variant
Fix comments
Add 3GB memory limit to systemd unit
Restore newlines at end of systemd unit files
Remove "via official sources" comment from the opt systemd unit file
Use term "variant" instead of "variation" since the former is more
specific and correct for this context
Correct dogecoin package directory from "dogecoind" to "dogecoin"
Use tarball bin path
Co-authored-by: Patrick Lodder <patricklodder@users.noreply.github.com>
This workaround was added as part of the switch to gitian building using Ubuntu 14.04 (#6900).
However, it should no longer be required, as we have switched to Bionic (#13171), and that
has a far newer version of binutils.
binutils patch: https://sourceware.org/bugzilla/show_bug.cgi?id=16192
Cherry-picked from: bd3f5a90
- all: change suite to bionic instead of trusty
- linux: change gcc version to 7
- win: remove g++ from faketime_progs
- win: wrap *-posix compilers rather than plain mingw
- win: install 'rename'
Cherry-picked from: bitcoin/bitcoin 3272e34f
and bitcoin/bitcoin cc25f892
and bitcoin/bitcoin a33381ac
Conflicts resolved:
- removed ci script and guix file changes that we don't have
- removed changes to libxcb
- squashed commits as cc25f892 was a fixup
- rewrote the change to depends/README
Co-authored-by: fanquake <fanquake@gmail.com>
Co-authored-by: W. J. van der Laan <laanwj@protonmail.com>
Refine Snap verification message to accurately reflect it's checking secure hashes,
not signatures. Checking signature would entail verifying there is a signature from a
trusted person, not just that the hash matches a value in the known values list.
FIX:
GIT: fatal unknown date format format-local:%F %T
OSSLSIGNCODE: new depedency url
LXC: lxcbr0: ERROR while getting interface flags: No such device
DOGECOIN: branding
