From 436df1e826cae036caed3e983715a4ed4e441321 Mon Sep 17 00:00:00 2001 From: fanquake Date: Mon, 3 Apr 2023 13:36:32 +0100 Subject: [PATCH] depends: add NO_HARDEN option Add an option that when passed, will disable hardening options, and pass `--disable-hardening` through to configure. Due to the way we link libssp for Windows builds, they now fail (after #27118), if building with depends, and configuring with --disable-hardening. See: https://github.com/bitcoin/bitcoin/pull/27118#issuecomment-1492606272. This change would add a depends opiton such that, if someone wants to build with, for windows, without hardening, they can do so. This may also be useful when building for debugging. --- depends/Makefile | 6 ++++-- depends/README.md | 1 + depends/config.site.in | 4 ++++ depends/gen_id | 6 +++++- depends/packages/libevent.mk | 5 ++++- 5 files changed, 18 insertions(+), 4 deletions(-) diff --git a/depends/Makefile b/depends/Makefile index 27bf804c6b..3169117633 100644 --- a/depends/Makefile +++ b/depends/Makefile @@ -45,6 +45,7 @@ NO_USDT ?= NO_NATPMP ?= MULTIPROCESS ?= LTO ?= +NO_HARDEN ?= FALLBACK_DOWNLOAD_PATH ?= https://bitcoincore.org/depends-sources C_STANDARD ?= c11 @@ -146,8 +147,8 @@ include packages/packages.mk # 2. Before including packages/*.mk (excluding packages/packages.mk), since # they rely on the build_id variables # -build_id:=$(shell env CC='$(build_CC)' C_STANDARD='$(C_STANDARD)' CXX='$(build_CXX)' CXX_STANDARD='$(CXX_STANDARD)' AR='$(build_AR)' RANLIB='$(build_RANLIB)' STRIP='$(build_STRIP)' SHA256SUM='$(build_SHA256SUM)' DEBUG='$(DEBUG)' LTO='$(LTO)' ./gen_id '$(BUILD_ID_SALT)' 'GUIX_ENVIRONMENT=$(realpath $(GUIX_ENVIRONMENT))') -$(host_arch)_$(host_os)_id:=$(shell env CC='$(host_CC)' C_STANDARD='$(C_STANDARD)' CXX='$(host_CXX)' CXX_STANDARD='$(CXX_STANDARD)' AR='$(host_AR)' RANLIB='$(host_RANLIB)' STRIP='$(host_STRIP)' SHA256SUM='$(build_SHA256SUM)' DEBUG='$(DEBUG)' LTO='$(LTO)' ./gen_id '$(HOST_ID_SALT)' 'GUIX_ENVIRONMENT=$(realpath $(GUIX_ENVIRONMENT))') +build_id:=$(shell env CC='$(build_CC)' C_STANDARD='$(C_STANDARD)' CXX='$(build_CXX)' CXX_STANDARD='$(CXX_STANDARD)' AR='$(build_AR)' RANLIB='$(build_RANLIB)' STRIP='$(build_STRIP)' SHA256SUM='$(build_SHA256SUM)' DEBUG='$(DEBUG)' LTO='$(LTO)' NO_HARDEN='$(NO_HARDEN)' ./gen_id '$(BUILD_ID_SALT)' 'GUIX_ENVIRONMENT=$(realpath $(GUIX_ENVIRONMENT))') +$(host_arch)_$(host_os)_id:=$(shell env CC='$(host_CC)' C_STANDARD='$(C_STANDARD)' CXX='$(host_CXX)' CXX_STANDARD='$(CXX_STANDARD)' AR='$(host_AR)' RANLIB='$(host_RANLIB)' STRIP='$(host_STRIP)' SHA256SUM='$(build_SHA256SUM)' DEBUG='$(DEBUG)' LTO='$(LTO)' NO_HARDEN='$(NO_HARDEN)' ./gen_id '$(HOST_ID_SALT)' 'GUIX_ENVIRONMENT=$(realpath $(GUIX_ENVIRONMENT))') boost_packages_$(NO_BOOST) = $(boost_packages) @@ -253,6 +254,7 @@ $(host_prefix)/share/config.site : config.site.in $(host_prefix)/.stamp_$(final_ -e 's|@no_natpmp@|$(NO_NATPMP)|' \ -e 's|@multiprocess@|$(MULTIPROCESS)|' \ -e 's|@lto@|$(LTO)|' \ + -e 's|@no_harden@|$(NO_HARDEN)|' \ -e 's|@debug@|$(DEBUG)|' \ $< > $@ touch $@ diff --git a/depends/README.md b/depends/README.md index 82ea4e1de7..1064b7d18a 100644 --- a/depends/README.md +++ b/depends/README.md @@ -123,6 +123,7 @@ The following can be set when running make: `make FOO=bar` resides in the `depends` directory, and the log file is printed out automatically in case of build error. After successful build log files are moved along with package archives - `LTO`: Use LTO when building packages. +- `NO_HARDEN=1`: Don't use hardening options when building packages If some packages are not built, for example `make NO_WALLET=1`, the appropriate options will be passed to bitcoin's configure. In this case, `--disable-wallet`. diff --git a/depends/config.site.in b/depends/config.site.in index 8f6849214d..05c2ccbac1 100644 --- a/depends/config.site.in +++ b/depends/config.site.in @@ -82,6 +82,10 @@ if test -z "$enable_lto" && test -n "@lto@"; then enable_lto=yes fi +if test -z "$enable_hardening" && test -n "@no_harden@"; then + enable_hardening=no +fi + PKG_CONFIG="$(which pkg-config) --static" PKG_CONFIG_PATH="${depends_prefix}/share/pkgconfig:${depends_prefix}/lib/pkgconfig" diff --git a/depends/gen_id b/depends/gen_id index 7caf8d764d..3341310e46 100755 --- a/depends/gen_id +++ b/depends/gen_id @@ -2,7 +2,7 @@ # Usage: env [ CC=... ] [ C_STANDARD=...] [ CXX=... ] [CXX_STANDARD=...] \ # [ AR=... ] [ RANLIB=... ] [ STRIP=... ] [ DEBUG=... ] \ -# [ LTO=... ] ./build-id [ID_SALT]... +# [ LTO=... ] [ NO_HARDEN=... ] ./build-id [ID_SALT]... # # Prints to stdout a SHA256 hash representing the current toolset, used by # depends/Makefile as a build id for caching purposes (detecting when the @@ -70,6 +70,10 @@ echo "LTO=${LTO}" echo "END LTO" + echo "BEGIN NO_HARDEN" + echo "NO_HARDEN=${NO_HARDEN}" + echo "END NO_HARDEN" + echo "END ALL" ) | if [ -n "$DEBUG" ] && command -v tee > /dev/null 2>&1; then # When debugging and `tee` is available, output the preimage to stderr diff --git a/depends/packages/libevent.mk b/depends/packages/libevent.mk index 8374f2a103..9650f77db9 100644 --- a/depends/packages/libevent.mk +++ b/depends/packages/libevent.mk @@ -16,8 +16,11 @@ define $(package)_set_vars $(package)_config_opts_netbsd=--with-pic $(package)_config_opts_openbsd=--with-pic $(package)_config_opts_android=--with-pic - $(package)_cppflags+=-D_FORTIFY_SOURCE=3 $(package)_cppflags_mingw32=-D_WIN32_WINNT=0x0601 + + ifeq ($(NO_HARDEN),) + $(package)_cppflags+=-D_FORTIFY_SOURCE=3 + endif endef define $(package)_preprocess_cmds