Add security/export checks to gitian and fix current failures #7424

Merged
merged 5 commits into from Jan 27, 2016

Conversation

Projects
None yet
3 participants
@theuni
Member

theuni commented Jan 27, 2016

Fixes #7420. This was discussed and agreed upon a long time ago, but I never got around to actually doing it. Sorry to do this during the rc stage, @laanwj, but at least it was discovered before final release.

Thanks very much to @dlogemann for testing the rcs and reporting the issue.

This fixes glibc back-compat issues with the current toolchain, and adds the checks to gitian so that breakage won't go unnoticed again. With a few more tweaks, it should be safe enough to add to 'make check' so that Travis tests with each build, but not quite yet.

I've verified that Gitian builds for Linux/Win are successful, OSX should be unchanged.

theuni added some commits Jan 26, 2016

release: add check-symbols and check-security make targets
These are not added to the default checks because some of them depend on
release-build configs.
release: always link librt for glibc back-compat builds
glibc absorbed clock_gettime in 2.17. librt (its previous location) is safe to
link in anyway for back-compat.

Fixes #7420
@theuni

This comment has been minimized.

Show comment
Hide comment
@theuni

theuni Jan 27, 2016

Member

Note that I was actually testing these changes cherry-picked into the 0.12 branch. They should move with no conflicts.

Member

theuni commented Jan 27, 2016

Note that I was actually testing these changes cherry-picked into the 0.12 branch. They should move with no conflicts.

@jonasschnelli

This comment has been minimized.

Show comment
Hide comment
@jonasschnelli

jonasschnelli Jan 27, 2016

Member

Concept ACK.

Member

jonasschnelli commented Jan 27, 2016

Concept ACK.

@laanwj

This comment has been minimized.

Show comment
Hide comment
@laanwj

laanwj Jan 27, 2016

Member

Yay, thanks
utACK

Member

laanwj commented Jan 27, 2016

Yay, thanks
utACK

@laanwj laanwj added this to the 0.12.0 milestone Jan 27, 2016

@laanwj laanwj merged commit a81c87f into bitcoin:master Jan 27, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

laanwj added a commit that referenced this pull request Jan 27, 2016

Merge #7424: Add security/export checks to gitian and fix current fai…
…lures


a81c87f release: add security/symbol checks to gitian (Cory Fields)
a8ce872 release: always link librt for glibc back-compat builds (Cory Fields)
f3d3eaf release: add check-symbols and check-security make targets (Cory Fields)
475813b release: add _IO_stdin_used to ignored exports (Cory Fields)
cd27bf5 release: fix parsing of BIND_NOW with older readelf (Cory Fields)

laanwj added a commit that referenced this pull request Jan 27, 2016

release: Add security/export checks to gitian and fix current failures
- fix parsing of BIND_NOW with older readelf
- add _IO_stdin_used to ignored exports

For details see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109

- add check-symbols and check-security make targets

These are not added to the default checks because some of them depend on
release-build configs.

- always link librt for glibc back-compat builds

glibc absorbed clock_gettime in 2.17. librt (its previous location) is safe to
link in anyway for back-compat.

Fixes #7420

- add security/symbol checks to gitian

Github-Pull: #7424
Rebased-From: cd27bf5 475813b f3d3eaf a8ce872 a81c87f
@laanwj

This comment has been minimized.

Show comment
Hide comment
@laanwj

laanwj Jan 27, 2016

Member

Backported to 0.12 as aa26ee0.
Looks like this forces another RC. I wasn't sure yet whether the hardcoded seed update was enough necessity, but this fixes a critical issue.

Member

laanwj commented Jan 27, 2016

Backported to 0.12 as aa26ee0.
Looks like this forces another RC. I wasn't sure yet whether the hardcoded seed update was enough necessity, but this fixes a critical issue.

@str4d str4d referenced this pull request in zcash/zcash Oct 15, 2016

Merged

Upstream gitian updates #1541

zkbot pushed a commit to zcash/zcash that referenced this pull request Oct 17, 2016

zkbot
Auto merge of #1541 - str4d:upstream-gitian-updates, r=bitcartel
Upstream gitian updates

This PR pulls in all gitian-related PRs that have been merged upstream since 0.11.2. The only ones I left out were documentation-only PRs, because we removed `doc/gitian-building.md` at some point. Here are the commits applied here, in the order shown in `git log` (ie. last to first):

- bitcoin/bitcoin#7283
  - fa42a67
  - fa58c76
- bitcoin/bitcoin#8175
  - 74c1347
- bitcoin/bitcoin#8167
  - 7e7eb27
  - ad38204
  - b676f38
- bitcoin/bitcoin#7776
  - f063863
- bitcoin/bitcoin#7424
  - a81c87f ~ we already partly applied
  - a8ce872
  - f3d3eaf ~ we already partly applied
  - 475813b
  - ~~cd27bf5~~ X we already applied
- bitcoin/bitcoin#7060
  - 3b468a0 ~ we removed doc/gitian-building.md
  - ~~99fda26~~ X we removed doc/gitian-building.md
- bitcoin/bitcoin#7251
  - fa09562
- bitcoin/bitcoin#6900
  - ~~2cecb24~~ X we removed doc/gitian-building.md
  - 957c0fd
  - 2e31d74
  - ~~0b416c6~~ X we removed QT
  - 9f251b7
- bitcoin/bitcoin#6854
  - 579b863 ~ we already partly applied

Part of #540

@steven-bloom steven-bloom referenced this pull request in bitcoinfibre/bitcoinfibre Nov 29, 2017

Closed

Some instructions required #8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment