wraps pow.3 exp.3 and log.3 to explicitly use backward compatible
glibc symbols. this is needed to stay compatible with old linux
versions with minor releases
I have made an attempt to update fee rate in p2p-feefilter.py to recommended minimum transaction fee of 0.01 DOGE/kb to reflect fee rate changes made in 1.14.4 release , it is linked with issue #3201
An attempt to fix bug tx confirmation window is getting out of the screen and can't click on "send" by setting a maximum of 45 characters to not wrap lines in the label and be able to add ... if the size exceeds that.
On boost 1.81 std::array is no longer included by default and
causes a compile error on net_processing.cpp:
macOS with apple clang 14.0:
CXX libdogecoin_server_a-net_processing.o
net_processing.cpp:1112:47: error: implicit instantiation of undefined template 'std::array<std::pair<unsigned long long, CNode *>, 2>'
std::array<std::pair<uint64_t, CNode*>,2> best{{{0, nullptr}, {0, nullptr}}};
debian:exprimental with gcc 12.1:
net_processing.cpp: In function 'void RelayAddress(const CAddress&, bool, CConnman&)':
net_processing.cpp:1112:47: error: variable 'std::array<std::pair<long unsigned int, CNode*>, 2> best' has initializer but incomplete type
1112 | std::array<std::pair<uint64_t, CNode*>,2> best{{{0, nullptr}, {0, nullptr}}};
|
this commit fixes the problem by explicitly including <array>.
Integrates modernized security and symbol checks into all bionic
gitian descriptors - uses the precompiled bionic-specific lief
wheel from depends.dogecoincore.org to save an hour build time on
each gitian host. This does require pre-downloading the wheel file
like done for the osx SDK.
- replaces python2 with python3 in descriptors
- adds python3-setuptools and python3-pip
- now requires lief-0.12.3-cp36-cp36m-linux_x86_64.whl to be
present in the gitian-builder/inputs folder
- installs the wheel prior to installing dependencies
- enables symbol check for windows
- enables security check for osx
- adds automatic wheel download to gitian-build.sh
This enables running of security checks for macOS and symbol
checks for windows and ARM linux targets with each CI run.
Symbol checks remain disabled for debug and experimental targets
because those aren't production binary releases.
macOS symbol checks need build system patches before it will
work as intended so these have to stay disabled at this point.
Integrates the lief-based scripts into the GH Actions CI. This
allows the CI to maintain consistent checks for an upcoming
upgrade to Ubuntu focal for CI and Gitian.
Because lief is not distributed as a wheel for glibc < 2.17, a
custom .whl file for Ubuntu Bionic is made available on
depends.dogecoincore.org to save up to an hour that would otherwise
be spent on compiling lief from source. For current focal-based
CI jobs, this is not needed because that provides glibc > 2.17.
Each CI job has received 2 extra steps that are mutually exclusive
to make sure that the correct version is installed. When there are
no longer any Ubuntu Bionic based bionic jobs, this can be deleted
in favor of a single command in the "install packages" step.
python3-pip and python3-setuptools are now installed by default
for all CI jobs, where before this was only used for jobs that ran
the full qa test suite.
Fixes calls to make check-security and make check-symbols
to have better integration with the CI and Gitian
The condition in the check-symbols target requiring the configure
flag --enable-glibc-back-compat is removed because that is
exclusive to Linux. By removing it, we enable the check for all
binaries, including those built for Windows and macOs.
Finally, removes configure.ac lines for readelf and cppfilt. Those
are no longer needed because lief is used in their stead.
squash into:
build: clean up security and symbol checks from makefile
Reconfigures the Bitcoin 24.0.1 symbol-check.py script to honor
the maximum versions of dynamic symbols, the allowed system
dependencies and allowed symbol exports. This is important to
maintain when doing minor releases, because changes in these
would potentially lock people out of security updates.
This adds specification of the linker-loader name for i686
binaries because Bitcoin Core no longer supports that
architecture.
The spec was taken from:
https://sourceware.org/glibc/wiki/ABIList?action=recall&rev=16
Please note that:
- aarch64 binaries have had a glibc 2.17 requirement since the
first release with 1.14.0, and therefore have a higher glibc
target than all other linux binaries.
- All other values have been taken from the Dogecoin Core v1.14.6
tag, commit 3a29ba6d4.
- Additional win32 and win64 needed libraries have been reverse
engineered from 1.14.6 release binaries.
- Windows minimum version checks have been disabled, as these
need to be set on the release binaries before we check for it.
Disables checks from Bitcoin 24.0.1 security-check.py code that
we currently cannot support on Dogecoin Core without changes to
the build process
- separate-code needs linking using binutils 2.31 and/or
explicit linking with -z,separate-code on binutils 2.30+
- CONTROL_FLOW can be enabled after building with gcc-8
or later. This would require at least a Ubuntu Focal
Gitian implementation, and -fcf-protection enabled on
the boost dependency.
- HIGH_ENTROPY_VA and RELOC_SECTION checks for Windows
binaries need fixes for dogecoin-cli, dogecoin-tx and
test binaries, so that ASLR can be used for these binaries
the same way it was done for dogecoind and dogecoin-qt.
These checks can be re-enabled once these security features are
enabled on release binaries (i.e. those built with Gitian)
Takes the security and symbol checkers from Bitcoin Core v24.0.1
because this uses the python3 capable lief module for reading
multi-platform binaries. This helps getting rid of
incompatibilities when using these tools in Ubuntu releases newer
than Bionic (18.04) and by using the external module, reduces risk
and maintenance cost of custom code.
This commit does NOT reconfigure for Dogecoin 1.14.7 parametrization
Backported from state at: b3f866a8@bitcoin/bitcoin
These constants, when defined at the point of each new release, give us
the ability to detect when a running node may be out of date with
respect to an expected upcoming release.
This is the starting point for adding out-of-date notifications to the
daemon, CLI tool, and Qt binary.
The CC override in intel-ipsec-mb.mk fails for linux builds
when done in a docker container due to it inserting "pc" into
the host variable when not otherwise specified.
This fixes it by only overriding if we're building with mingw.
