glibc absorbed clock_gettime in 2.17. To retain backward
compatibility with systems that package glibc < 2.17, we need to
include it anyway. Until gcc-7, librt still got included with all
relevant symbols, so there was no issue and we could just use
that instead of gcc-native clock_gettime.
Since gcc-9, we need to explicitly add lrt outside the scope of
"as-needed" packages, because ld finds no reason to add a
DT_NEEDED tag for it, despite our inclusion, as the function
gets pulled from libc.so.6. Therefore, we:
1. disable "as-needed"
2. add librt
3. re-enable "as-needed" again
This way, we both force include librt, but still not link any
other unneeded libraries.
Because this is only valid for backward compatible binaries where
our build system is newer than the oldest supported OS (i.e. when
cross-compiling, running CI or gitian built releases) the -lrt flag
is now part of COMPAT_LDFLAGS instead of global "LIBS" when
configuring with --with-glibc-back-compat.
This explicit link can be removed when we drop support for glibc
versions < 2.17 (i.e. in the next major version)
cause: msft/gha doesn't support the i386 winehq ppa, therefore we
have to use a workaround to download necessary i386 dependencies
for winehq-stable.
This adds winehq-focal.sources to and removes microsoft-prod.list
from the i686 build.
Implemented by the "add architecture" CI step into a script that
can now be customized per job.
Co-authored-by: Patrick Lodder <patricklodder@users.noreply.github.com>
Co-Authored-By: Cory Fields <cory-nospam-@coryfields.com>
Cherry-picked from: ca5055a
Cherry-pick notes: undid the removal of -mlinker-version, as this
was done erroneously upstream
On 32-bit platforms, glibc wraps fcntl to 64-bit address space
fcntl64, for reading files > 2GB. Since we don't open any files
of that size, we do not need this and can safely wrap to the old
32-bit fcntl.
Co-authored-by: Patrick Lodder <patricklodder@users.noreply.github.com>
wraps pow.3 exp.3 and log.3 to explicitly use backward compatible
glibc symbols. this is needed to stay compatible with old linux
versions with minor releases
I have made an attempt to update fee rate in p2p-feefilter.py to recommended minimum transaction fee of 0.01 DOGE/kb to reflect fee rate changes made in 1.14.4 release , it is linked with issue #3201
An attempt to fix bug tx confirmation window is getting out of the screen and can't click on "send" by setting a maximum of 45 characters to not wrap lines in the label and be able to add ... if the size exceeds that.
On boost 1.81 std::array is no longer included by default and
causes a compile error on net_processing.cpp:
macOS with apple clang 14.0:
CXX libdogecoin_server_a-net_processing.o
net_processing.cpp:1112:47: error: implicit instantiation of undefined template 'std::array<std::pair<unsigned long long, CNode *>, 2>'
std::array<std::pair<uint64_t, CNode*>,2> best{{{0, nullptr}, {0, nullptr}}};
debian:exprimental with gcc 12.1:
net_processing.cpp: In function 'void RelayAddress(const CAddress&, bool, CConnman&)':
net_processing.cpp:1112:47: error: variable 'std::array<std::pair<long unsigned int, CNode*>, 2> best' has initializer but incomplete type
1112 | std::array<std::pair<uint64_t, CNode*>,2> best{{{0, nullptr}, {0, nullptr}}};
|
this commit fixes the problem by explicitly including <array>.
Integrates modernized security and symbol checks into all bionic
gitian descriptors - uses the precompiled bionic-specific lief
wheel from depends.dogecoincore.org to save an hour build time on
each gitian host. This does require pre-downloading the wheel file
like done for the osx SDK.
- replaces python2 with python3 in descriptors
- adds python3-setuptools and python3-pip
- now requires lief-0.12.3-cp36-cp36m-linux_x86_64.whl to be
present in the gitian-builder/inputs folder
- installs the wheel prior to installing dependencies
- enables symbol check for windows
- enables security check for osx
- adds automatic wheel download to gitian-build.sh
This enables running of security checks for macOS and symbol
checks for windows and ARM linux targets with each CI run.
Symbol checks remain disabled for debug and experimental targets
because those aren't production binary releases.
macOS symbol checks need build system patches before it will
work as intended so these have to stay disabled at this point.
Integrates the lief-based scripts into the GH Actions CI. This
allows the CI to maintain consistent checks for an upcoming
upgrade to Ubuntu focal for CI and Gitian.
Because lief is not distributed as a wheel for glibc < 2.17, a
custom .whl file for Ubuntu Bionic is made available on
depends.dogecoincore.org to save up to an hour that would otherwise
be spent on compiling lief from source. For current focal-based
CI jobs, this is not needed because that provides glibc > 2.17.
Each CI job has received 2 extra steps that are mutually exclusive
to make sure that the correct version is installed. When there are
no longer any Ubuntu Bionic based bionic jobs, this can be deleted
in favor of a single command in the "install packages" step.
python3-pip and python3-setuptools are now installed by default
for all CI jobs, where before this was only used for jobs that ran
the full qa test suite.
Fixes calls to make check-security and make check-symbols
to have better integration with the CI and Gitian
The condition in the check-symbols target requiring the configure
flag --enable-glibc-back-compat is removed because that is
exclusive to Linux. By removing it, we enable the check for all
binaries, including those built for Windows and macOs.
Finally, removes configure.ac lines for readelf and cppfilt. Those
are no longer needed because lief is used in their stead.
squash into:
build: clean up security and symbol checks from makefile
Reconfigures the Bitcoin 24.0.1 symbol-check.py script to honor
the maximum versions of dynamic symbols, the allowed system
dependencies and allowed symbol exports. This is important to
maintain when doing minor releases, because changes in these
would potentially lock people out of security updates.
This adds specification of the linker-loader name for i686
binaries because Bitcoin Core no longer supports that
architecture.
The spec was taken from:
https://sourceware.org/glibc/wiki/ABIList?action=recall&rev=16
Please note that:
- aarch64 binaries have had a glibc 2.17 requirement since the
first release with 1.14.0, and therefore have a higher glibc
target than all other linux binaries.
- All other values have been taken from the Dogecoin Core v1.14.6
tag, commit 3a29ba6d4.
- Additional win32 and win64 needed libraries have been reverse
engineered from 1.14.6 release binaries.
- Windows minimum version checks have been disabled, as these
need to be set on the release binaries before we check for it.
Disables checks from Bitcoin 24.0.1 security-check.py code that
we currently cannot support on Dogecoin Core without changes to
the build process
- separate-code needs linking using binutils 2.31 and/or
explicit linking with -z,separate-code on binutils 2.30+
- CONTROL_FLOW can be enabled after building with gcc-8
or later. This would require at least a Ubuntu Focal
Gitian implementation, and -fcf-protection enabled on
the boost dependency.
- HIGH_ENTROPY_VA and RELOC_SECTION checks for Windows
binaries need fixes for dogecoin-cli, dogecoin-tx and
test binaries, so that ASLR can be used for these binaries
the same way it was done for dogecoind and dogecoin-qt.
These checks can be re-enabled once these security features are
enabled on release binaries (i.e. those built with Gitian)
Takes the security and symbol checkers from Bitcoin Core v24.0.1
because this uses the python3 capable lief module for reading
multi-platform binaries. This helps getting rid of
incompatibilities when using these tools in Ubuntu releases newer
than Bionic (18.04) and by using the external module, reduces risk
and maintenance cost of custom code.
This commit does NOT reconfigure for Dogecoin 1.14.7 parametrization
Backported from state at: b3f866a8@bitcoin/bitcoin
These constants, when defined at the point of each new release, give us
the ability to detect when a running node may be out of date with
respect to an expected upcoming release.
This is the starting point for adding out-of-date notifications to the
daemon, CLI tool, and Qt binary.
