guix: produce a -static-pie bitcoind #25573

pull fanquake wants to merge 10 commits into bitcoin:master from fanquake:fully_static_bitcoind changing 13 files +142 −31
  1. fanquake commented at 4:49 pm on July 8, 2022: member

    Use Guix to produce a -static-pie bitcoind using GCC 14.3.0 and glibc 2.42.

    0# file bitcoind
1	ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), static-pie linked, for GNU/Linux 3.2.0, stripped
2
3# ldd bitcoind
4	statically linked

    -static-pie

    Produce a static position independent executable on targets that support it. A static position independent executable is similar to a static executable, but can be loaded at any address without a dynamic linker.

    Using glibc for static builds, would be less of a leap compared to switching to musl libc (POC in #23203).

  2. fanquake added the label Build system on Jul 8, 2022
  3. fanquake marked this as a draft on Jul 8, 2022
  4. DrahtBot commented at 10:29 pm on July 8, 2022: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/25573.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept ACK dergoegge

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #33764 (ci: Add Windows + UCRT jobs for cross-compiling and native testing by hebasto)
    • #33537 ([wip] A more static bitcoin-qt by fanquake)
    • #33181 (guix: build for Linux HOSTS with -static-libgcc by fanquake)
    • #32764 (guix: Build for macOS using Clang only by hebasto)
    • #32162 (depends: Switch from multilib to platform-specific toolchains by hebasto)
    • #24123 (guix: Pointer Authentication and Branch Target Identification for aarch64 Linux by fanquake)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  5. fanquake force-pushed on Jul 13, 2022
  6. fanquake commented at 5:46 pm on July 13, 2022: member
    Rebased, and made small changes to fixup the linter and improve the security/symbol checks.
  7. theuni commented at 9:00 pm on July 13, 2022: member

    This is amazing!

    Using glibc for static builds, would be less of a leap compared to switching to musl libc (POC in #23203).

    Hard agree. Static musl builds would be very cool but tricky to audit for parity and thus pretty unlikely to ever become official/supported imo. This is a MUCH more palatable change.

  8. fanquake force-pushed on Jul 14, 2022
  9. fanquake commented at 10:41 am on July 14, 2022: member

    Added an additional patch to disable building various features/libs in GCC that we don’t need. i.e libquadmath, libsanitizer, gcov, libada and native language support. This should speed up compiling GCC, and slightly reduces the size of the pthread patch. I’m not currently disabling these features via the available configure flags, because they get passed through to GMP, which cannot handle them.

    I’ve also updated -flto usage to be -flto=auto, as that seems to now be the preferred invocation, and it mitigates GCC warning output. i.e:

    0lto-wrapper: warning: using serial compilation of 84 LTRANS jobs
1lto-wrapper: note: see the '-flto' option documentation for more information

    I’ve also split the ELF PIE check into it’s own func, so we can special-case x86_64, and re-added the list of allowed ELF libs, but special-cased x86_64 to only pass if the list is empty.

  10. luke-jr commented at 5:00 pm on July 16, 2022: member
    How does this handle resolvers? eg, static glibc 2.33 applications break on systems with glibc 2.34…
  11. DrahtBot added the label Needs rebase on Jul 19, 2022
  12. fanquake force-pushed on Jul 19, 2022
  13. DrahtBot removed the label Needs rebase on Jul 19, 2022
  14. DrahtBot added the label Needs rebase on Jul 30, 2022
  15. Frank-GER commented at 4:47 pm on August 4, 2022: none

    Which OS did you build on?

    On Ubuntu 20.04 after build: file bitcoind bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, stripped

    Trying to run it, it crashes after seconds: addcon thread start Loading addresses from DNS seed dnsseed.emzy.de. bitcoind: dl-call-libc-early-init.c:37: _dl_call_libc_early_init: Assertion `sym != NULL’ failed. Aborted (core dumped)

    Any ideas?

  16. fanquake commented at 8:05 am on August 5, 2022: member

    Which OS did you build on?

    The base OS shouldn’t matter, because the build is performed with Guix. However I’ve been performing these builds on Ubuntu 22.04.

    Any ideas?

    How did you actually build bitcoind? Something like HOSTS="x86_64-linux-gnu" ./contrib/guix/guix-build?

  17. fanquake force-pushed on Aug 5, 2022
  18. fanquake commented at 8:39 am on August 5, 2022: member
    Rebased on master. Added a commit to use LIEF master, which reduces the number of changes in our scripts, as support for -static-pie ELF binaries has been added: https://github.com/lief-project/LIEF/issues/747. Will switch to a new release when one is available.
  19. DrahtBot removed the label Needs rebase on Aug 5, 2022
  20. Frank-GER commented at 5:12 pm on August 5, 2022: none

    How did you actually build bitcoind? Something like HOSTS=“x86_64-linux-gnu” ./contrib/guix/guix-build?

    Yes, that’s what I used to build it. https://github.com/fanquake/bitcoin/commits/fully_static_bitcoind produces the exact same problem when building on Ubuntu 20.04

  21. fanquake commented at 5:32 pm on August 5, 2022: member

    https://github.com/fanquake/bitcoin/commits/fully_static_bitcoind produces the exact same problem when building on Ubuntu 20.04

    I have just re-tested building the changes here (ef0edd55f3bc1e3f229134ec7ecac632de52eea7), and this produces a -static-pie binary as expected:

    0guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), static-pie linked, for GNU/Linux 3.2.0, with debug_info, not stripped

    It’s not clear to me that you are actually running a Guix build.

  22. Frank-GER commented at 6:22 pm on August 5, 2022: none

    the build I was testing: ~/bitcoin/guix-build-caa066465973/distsrc-caa066465973-x86_64-linux-gnu/src$ file bitcoind bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped

    just building again, fresh cloned with commit ef0edd5 export HOSTS=‘x86_64-linux-gnu’ ./contrib/guix/guix-build

    $ file guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped

    $ ldd ./guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind statically linked

    $ ./bitcoind … 2022-08-05T19:10:46Z init message: Starting network threads… 2022-08-05T19:10:46Z net thread start 2022-08-05T19:10:46Z dnsseed thread start 2022-08-05T19:10:46Z Loading addresses from DNS seed seed.bitcoinstats.com. 2022-08-05T19:10:46Z opencon thread start 2022-08-05T19:10:46Z msghand thread start 2022-08-05T19:10:46Z addcon thread start 2022-08-05T19:10:46Z init message: Done loading bitcoind: dl-call-libc-early-init.c:37: _dl_call_libc_early_init: Assertion `sym != NULL’ failed. Aborted (core dumped)

    build and run on Ubuntu 20.04 there is no other bitcoind on that OS

  23. Frank-GER commented at 2:27 pm on August 8, 2022: none

    building the same on Ubuntu 22.04: file guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), static-pie linked, for GNU/Linux 3.2.0, with debug_info, not stripped

    ldd guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind statically linked

    Running it on Ubuntu22 it works.

    Taking this bitcoind to Ubuntu 20 it shows: file ./bitcoind ./bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped

    and crashes with the above mentioned message: bitcoind: dl-call-libc-early-init.c:37: _dl_call_libc_early_init: Assertion `sym != NULL’ failed. Aborted (core dumped)

    Checksums are the same for both builds (on Ubuntu 20 and 22) Ubuntu 20 sees it as dynamic linked, Ubuntu 22 as static-pie linked. On Ubuntu 20 it crashes, on Ubuntu 22 it works.

    Same bitcoind on Debian 10: file ./bitcoind ./bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped ldd ./bitcoind statically linked Gets past that point where it crashes on Ubuntu 20 and starts syncing

  24. fanquake force-pushed on Aug 24, 2022
  25. fanquake commented at 3:34 pm on August 24, 2022: member
    Pushed a number of changes, and rebased on master. Switched from glibc 2.35 to 2.36. Added infra for aarch64 -static-pie builds. More fine-grained / logical commits. Updated to the latest version of LIEF (master).
  26. fanquake force-pushed on Sep 5, 2022
  27. fanquake force-pushed on Sep 7, 2022
  28. DrahtBot added the label Needs rebase on Sep 13, 2022
  29. fanquake force-pushed on Sep 13, 2022
  30. fanquake removed the label Needs rebase on Sep 13, 2022
  31. fanquake force-pushed on Jan 13, 2023
  32. fanquake force-pushed on Jan 25, 2023
  33. DrahtBot added the label Needs rebase on Feb 17, 2023
  34. fanquake force-pushed on Feb 17, 2023
  35. fanquake force-pushed on Feb 17, 2023
  36. fanquake commented at 11:22 am on February 17, 2023: member
    Rebased past #27029.
  37. DrahtBot removed the label Needs rebase on Feb 17, 2023
  38. DrahtBot added the label Needs rebase on Mar 27, 2023
  39. fanquake force-pushed on Mar 27, 2023
  40. DrahtBot removed the label Needs rebase on Mar 27, 2023
  41. fanquake force-pushed on May 22, 2023
  42. DrahtBot added the label CI failed on May 30, 2023
  43. DrahtBot removed the label CI failed on May 31, 2023
  44. DrahtBot added the label Needs rebase on Jun 28, 2023
  45. fanquake force-pushed on Jun 30, 2023
  46. DrahtBot removed the label Needs rebase on Jun 30, 2023
  47. fanquake renamed this:
    [POC] guix: produce a fully -static-pie x86_64 bitcoind using GCC and glibc
    [POC] guix: produce a fully `-static-pie` bitcoind
    on Jul 27, 2023
  48. DrahtBot added the label Needs rebase on Aug 22, 2023
  49. fanquake force-pushed on Aug 23, 2023
  50. DrahtBot removed the label Needs rebase on Aug 23, 2023
  51. DrahtBot added the label CI failed on Aug 23, 2023
  52. DrahtBot added the label Needs rebase on Aug 24, 2023
  53. fanquake force-pushed on Aug 24, 2023
  54. DrahtBot removed the label Needs rebase on Aug 24, 2023
  55. DrahtBot removed the label CI failed on Aug 24, 2023
  56. fanquake force-pushed on Aug 26, 2023
  57. fanquake force-pushed on Aug 27, 2023
  58. fanquake force-pushed on Sep 8, 2023
  59. DrahtBot added the label Needs rebase on Nov 13, 2023
  60. fanquake force-pushed on Nov 13, 2023
  61. DrahtBot removed the label Needs rebase on Nov 13, 2023
  62. fanquake commented at 3:37 pm on November 27, 2023: member
    GCC now has -static-pie for RISC-V: https://gcc.gnu.org/pipermail/gcc-patches/2023-October/632219.html. Looks like support in glibc will also be available soon: https://sourceware.org/pipermail/libc-alpha/2023-October/152132.html.
  63. DrahtBot added the label CI failed on Jan 14, 2024
  64. fanquake commented at 9:57 am on January 15, 2024: member

    Looks like support in glibc will also be available soon: https://sourceware.org/pipermail/libc-alpha/2023-October/152132.html.

    This has now landed: https://sourceware.org/git/?p=glibc.git;a=commit;h=e0590f41fe1e7a54169e8f8828efe62b5064139e.

  65. DrahtBot added the label Needs rebase on Jan 16, 2024
  66. fanquake force-pushed on Jan 16, 2024
  67. DrahtBot removed the label Needs rebase on Jan 16, 2024
  68. DrahtBot removed the label CI failed on Jan 16, 2024
  69. fanquake force-pushed on Feb 16, 2024
  70. DrahtBot added the label CI failed on Feb 28, 2024
  71. DrahtBot removed the label CI failed on Mar 4, 2024
  72. DrahtBot added the label Needs rebase on Mar 14, 2024
  73. fanquake force-pushed on Mar 15, 2024
  74. fanquake commented at 5:17 pm on March 15, 2024: member
    Rebased. Simplified somewhat. Switched to GCC 13.2.0 and glibc 2.39.
  75. DrahtBot removed the label Needs rebase on Mar 15, 2024
  76. DrahtBot added the label Needs rebase on Mar 26, 2024
  77. fanquake force-pushed on Mar 26, 2024
  78. DrahtBot removed the label Needs rebase on Mar 26, 2024
  79. fanquake force-pushed on Apr 15, 2024
  80. DrahtBot added the label Needs rebase on Apr 17, 2024
  81. fanquake force-pushed on May 2, 2024
  82. DrahtBot removed the label Needs rebase on May 2, 2024
  83. DrahtBot commented at 5:22 am on May 2, 2024: contributor

    🚧 At least one of the CI tasks failed. Make sure to run all tests locally, according to the documentation.

    Possibly this is due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.

    Leave a comment here, if you need help tracking down a confusing failure.

    Debug: https://github.com/bitcoin/bitcoin/runs/24492691529

  84. DrahtBot added the label CI failed on May 2, 2024
  85. DrahtBot added the label Needs rebase on Jun 8, 2024
  86. fanquake force-pushed on Jul 1, 2024
  87. fanquake force-pushed on Jul 1, 2024
  88. DrahtBot removed the label Needs rebase on Jul 1, 2024
  89. DrahtBot removed the label CI failed on Jul 1, 2024
  90. DrahtBot added the label CI failed on Jul 15, 2024
  91. DrahtBot removed the label CI failed on Jul 20, 2024
  92. fanquake force-pushed on Jul 25, 2024
  93. DrahtBot added the label Needs rebase on Aug 28, 2024
  94. fanquake force-pushed on Aug 28, 2024
  95. DrahtBot removed the label Needs rebase on Aug 28, 2024
  96. fanquake force-pushed on Sep 19, 2024
  97. DrahtBot added the label Needs rebase on Dec 20, 2024
  98. fanquake force-pushed on Jan 20, 2025
  99. DrahtBot removed the label Needs rebase on Jan 20, 2025
  100. fanquake force-pushed on Feb 5, 2025
  101. DrahtBot added the label CI failed on Feb 5, 2025
  102. DrahtBot removed the label CI failed on Feb 5, 2025
  103. fanquake force-pushed on Feb 12, 2025
  104. DrahtBot added the label CI failed on Feb 12, 2025
  105. DrahtBot added the label Needs rebase on Feb 19, 2025
  106. fanquake force-pushed on Feb 19, 2025
  107. DrahtBot removed the label Needs rebase on Feb 19, 2025
  108. DrahtBot removed the label CI failed on Feb 19, 2025
  109. fanquake force-pushed on Feb 27, 2025
  110. fanquake force-pushed on Mar 12, 2025
  111. fanquake force-pushed on Mar 20, 2025
  112. fanquake force-pushed on Apr 11, 2025
  113. DrahtBot added the label Needs rebase on May 12, 2025
  114. fanquake force-pushed on May 12, 2025
  115. DrahtBot removed the label Needs rebase on May 12, 2025
  116. fanquake force-pushed on May 14, 2025
  117. fanquake force-pushed on May 14, 2025
  118. DrahtBot added the label Needs rebase on May 27, 2025
  119. fanquake force-pushed on May 28, 2025
  120. DrahtBot removed the label Needs rebase on May 28, 2025
  121. DrahtBot added the label Needs rebase on Jun 11, 2025
  122. fanquake force-pushed on Jun 11, 2025
  123. DrahtBot removed the label Needs rebase on Jun 11, 2025
  124. achow101 requested review from theuni on Oct 22, 2025
  125. achow101 requested review from willcl-ark on Oct 22, 2025
  126. dergoegge commented at 3:08 pm on October 22, 2025: member
    Concept ACK
  127. achow101 requested review from m3dwards on Oct 22, 2025
  128. fanquake force-pushed on Oct 28, 2025
  129. fanquake force-pushed on Oct 28, 2025
  130. willcl-ark referenced this in commit 0074e4aa14 on Oct 28, 2025
  131. willcl-ark referenced this in commit 3f8848d5d2 on Oct 28, 2025
  132. willcl-ark referenced this in commit 1944d38c16 on Oct 29, 2025
  133. willcl-ark referenced this in commit 11ca259f4d on Oct 29, 2025
  134. willcl-ark referenced this in commit 0430ebf3a8 on Oct 29, 2025
  135. willcl-ark referenced this in commit cbe8ae4b33 on Oct 29, 2025
  136. willcl-ark referenced this in commit 1146ab21ac on Oct 29, 2025
  137. fanquake force-pushed on Oct 29, 2025
  138. fanquake force-pushed on Oct 29, 2025
  139. fanquake referenced this in commit be853e9f7a on Nov 3, 2025
  140. fanquake referenced this in commit 9bcdd81636 on Nov 4, 2025
  141. fanquake referenced this in commit 701fb7c8e2 on Nov 4, 2025
  142. fanquake force-pushed on Nov 4, 2025
  143. fanquake referenced this in commit 5c41fa2918 on Nov 4, 2025
  144. fanquake referenced this in commit ffd7ca3c46 on Nov 5, 2025
  145. fanquake referenced this in commit 8649f7dcf7 on Nov 5, 2025
  146. fanquake force-pushed on Nov 5, 2025
  147. DrahtBot added the label CI failed on Nov 5, 2025
  148. fanquake force-pushed on Nov 5, 2025
  149. DrahtBot removed the label CI failed on Nov 5, 2025
  150. guix: use GCC 14.3.0 over 13.3.0 
    This will eventually be needed for #25573, and could be useful
for #30210.
    5b51244f21
  151. test, refactor: Fix `-Warray-bounds` warning fc054d1ff4
  152. ci: migrate some jobs to Debian Trixie, use GCC 14 7bb312de3e
  153. guix: add glibc 2.42 
    https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.42/master
    5f1b8e5f5e
  154. guix: check for fortified functions in all symbols 
    -static-pie bins will not have any imported functions.
    5bcc132dd1
  155. guix: build x86_64-linux bitcoind fully statically 
    -static-pie
Produce a static position independent executable on targets that support it.
A static position independent executable is similar to a static executable,
but can be loaded at any address without a dynamic linker.

See https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html
    4d14f43584
  156. guix: build aarch64-linux bitcoind fully statically d3348686aa
  157. guix: build riscv64-linux bitcoin fully statically d5831f175f
  158. [nomerge] guix: Disable QT build 374d68f5cc
  159. guix: patch store paths out of libunwind 
    Apply libgcc patches to Linux as well as Windows cross.
    cad086763e
  160. fanquake force-pushed on Nov 6, 2025
  161. fanquake renamed this:
    [POC] guix: produce a fully `-static-pie` bitcoind
    guix: produce a fully `-static-pie` bitcoind
    on Nov 6, 2025
  162. fanquake renamed this:
    guix: produce a fully `-static-pie` bitcoind
    guix: produce a `-static-pie` bitcoind
    on Nov 6, 2025


fanquake DrahtBot theuni luke-jr Frank-GER dergoegge


theuni m3dwards willcl-ark

Labels
Build system

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-11-06 21:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me