Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add security/export checks to gitian and fix current failures #7424

Merged
merged 5 commits into from Jan 27, 2016

Conversation

@theuni
Copy link
Member

theuni commented Jan 27, 2016

Fixes #7420. This was discussed and agreed upon a long time ago, but I never got around to actually doing it. Sorry to do this during the rc stage, @laanwj, but at least it was discovered before final release.

Thanks very much to @dlogemann for testing the rcs and reporting the issue.

This fixes glibc back-compat issues with the current toolchain, and adds the checks to gitian so that breakage won't go unnoticed again. With a few more tweaks, it should be safe enough to add to 'make check' so that Travis tests with each build, but not quite yet.

I've verified that Gitian builds for Linux/Win are successful, OSX should be unchanged.

theuni added 5 commits Jan 26, 2016
These are not added to the default checks because some of them depend on
release-build configs.
glibc absorbed clock_gettime in 2.17. librt (its previous location) is safe to
link in anyway for back-compat.

Fixes #7420
@theuni
Copy link
Member Author

theuni commented Jan 27, 2016

Note that I was actually testing these changes cherry-picked into the 0.12 branch. They should move with no conflicts.

@jonasschnelli
Copy link
Member

jonasschnelli commented Jan 27, 2016

Concept ACK.

@laanwj
Copy link
Member

laanwj commented Jan 27, 2016

Yay, thanks
utACK

@laanwj laanwj added this to the 0.12.0 milestone Jan 27, 2016
@laanwj laanwj merged commit a81c87f into bitcoin:master Jan 27, 2016
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
laanwj added a commit that referenced this pull request Jan 27, 2016
…lures

a81c87f release: add security/symbol checks to gitian (Cory Fields)
a8ce872 release: always link librt for glibc back-compat builds (Cory Fields)
f3d3eaf release: add check-symbols and check-security make targets (Cory Fields)
475813b release: add _IO_stdin_used to ignored exports (Cory Fields)
cd27bf5 release: fix parsing of BIND_NOW with older readelf (Cory Fields)
laanwj added a commit that referenced this pull request Jan 27, 2016
- fix parsing of BIND_NOW with older readelf
- add _IO_stdin_used to ignored exports

For details see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109

- add check-symbols and check-security make targets

These are not added to the default checks because some of them depend on
release-build configs.

- always link librt for glibc back-compat builds

glibc absorbed clock_gettime in 2.17. librt (its previous location) is safe to
link in anyway for back-compat.

Fixes #7420

- add security/symbol checks to gitian

Github-Pull: #7424
Rebased-From: cd27bf5 475813b f3d3eaf a8ce872 a81c87f
@laanwj
Copy link
Member

laanwj commented Jan 27, 2016

Backported to 0.12 as aa26ee0.
Looks like this forces another RC. I wasn't sure yet whether the hardcoded seed update was enough necessity, but this fixes a critical issue.

@str4d str4d mentioned this pull request Oct 15, 2016
zkbot pushed a commit to zcash/zcash that referenced this pull request Oct 17, 2016
Upstream gitian updates

This PR pulls in all gitian-related PRs that have been merged upstream since 0.11.2. The only ones I left out were documentation-only PRs, because we removed `doc/gitian-building.md` at some point. Here are the commits applied here, in the order shown in `git log` (ie. last to first):

- bitcoin/bitcoin#7283
  - fa42a67
  - fa58c76
- bitcoin/bitcoin#8175
  - 74c1347
- bitcoin/bitcoin#8167
  - 7e7eb27
  - ad38204
  - b676f38
- bitcoin/bitcoin#7776
  - f063863
- bitcoin/bitcoin#7424
  - a81c87f ~ we already partly applied
  - a8ce872
  - f3d3eaf ~ we already partly applied
  - 475813b
  - ~~cd27bf5~~ X we already applied
- bitcoin/bitcoin#7060
  - 3b468a0 ~ we removed doc/gitian-building.md
  - ~~99fda26~~ X we removed doc/gitian-building.md
- bitcoin/bitcoin#7251
  - fa09562
- bitcoin/bitcoin#6900
  - ~~2cecb24~~ X we removed doc/gitian-building.md
  - 957c0fd
  - 2e31d74
  - ~~0b416c6~~ X we removed QT
  - 9f251b7
- bitcoin/bitcoin#6854
  - 579b863 ~ we already partly applied

Part of #540
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

3 participants
You can’t perform that action at this time.