guix: build GCC with –enable-standard-branch-protection #29695

pull fanquake wants to merge 1 commits into bitcoin:master from fanquake:gcc_12_branch_protection_default changing 1 files +1 −0
  1. fanquake commented at 5:47 pm on March 21, 2024: member

    This is one change extracted from #24123 (which now produces fully BTI & PAC enabled bins), which will mean that everything in depends, for Guix builds, is compiled using -mbranch-protection=standard.

    Turning this on by default, is similar to what we already do with --enable-default-ssp, --enable-default-pie etc.

    See: https://gcc.gnu.org/install/specific.html#aarch64-x-x

    To enable Branch Target Identification Mechanism and Return Address Signing by default at configure time use the --enable-standard-branch-protection option.

    This is equivalent to having -mbranch-protection=standard during compilation. This can be explicitly disabled during compilation by passing the -mbranch-protection=none option which turns off all types of branch protections.

  2. guix: build GCC with --enable-standard-branch-protection 
    To enable Branch Target Identification Mechanism and Return
Address Signing by default at configure time use the
`--enable-standard-branch-protection` option.

This is equivalent to having `-mbranch-protection=standard` during
compilation. This can be explicitly disabled during compilation
by passing the `-mbranch-protection=none` option which turns off
all types of branch protections.

See:
https://gcc.gnu.org/install/specific.html#aarch64-x-x
    7850c5fe20
  3. DrahtBot commented at 5:47 pm on March 21, 2024: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage

    For detailed information about the code coverage, see the test coverage report.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK TheCharlatan

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #25573 ([POC] guix: produce a fully -static-pie bitcoind by fanquake)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  4. DrahtBot added the label Build system on Mar 21, 2024
  5. fanquake removed the label Build system on Mar 21, 2024
  6. fanquake added the label DrahtBot Guix build requested on Mar 21, 2024
  7. DrahtBot commented at 9:47 am on March 22, 2024: contributor

    Guix builds (on x86_64)

    File commit 71b63195b30b2fa0dff20ebb262ce7566dd5d673(master) commit 6fc349bf24583fef1ffb9608b5da23fae939f3f3(master and this pull)
    SHA256SUMS.part 1cdc22a31854ed81... 7085b6c234b38b1d...
    *-aarch64-linux-gnu-debug.tar.gz 54dd76b28f491aa8... 2bed271c8a747be8...
    *-aarch64-linux-gnu.tar.gz 13d4fa3736a4837d... e7c6b4939a79e83f...
    *-arm-linux-gnueabihf-debug.tar.gz e2a6c55998b503ab... 06bf4956de1c32b3...
    *-arm-linux-gnueabihf.tar.gz caf877e6db3ec059... af509dcce588145c...
    *-arm64-apple-darwin-unsigned.tar.gz 139218bb905ae7b6... 4dcd142abd2c59a2...
    *-arm64-apple-darwin-unsigned.zip 7c09957bf597e302... 6181b7c0af3c213b...
    *-arm64-apple-darwin.tar.gz 96fce3c0cc471909... 7255822618b591ed...
    *-powerpc64-linux-gnu-debug.tar.gz 428f95cf25bc5755... 3c23f4e94a20d28a...
    *-powerpc64-linux-gnu.tar.gz 4454c9f9a063cb61... f88a5035a8e99ad3...
    *-riscv64-linux-gnu-debug.tar.gz 1e1bac4314f8a994... 55a17e7e5bde03ed...
    *-riscv64-linux-gnu.tar.gz 875c78e9e639f0d1... c4c057f6e9d817a0...
    *-x86_64-apple-darwin-unsigned.tar.gz cb9f2e783524199b... 3d33f1bc936d1d45...
    *-x86_64-apple-darwin-unsigned.zip 153d949b0b0a67c2... 77e9db1ce1ad5373...
    *-x86_64-apple-darwin.tar.gz 9cb4429dc3da2d07... 77d6cb8d124ddbc7...
    *-x86_64-linux-gnu-debug.tar.gz d1724213872f8312... 387cd105335fe32f...
    *-x86_64-linux-gnu.tar.gz 3d4c9539b9d228bf... adbac5634d2a98ac...
    *.tar.gz 5300e8d2c2b06535... 1c6ea57a7f246446...
    guix_build.log a83f0a774d5bb17e... 50629320ecf0b723...
    guix_build.log.diff 0b946269098d5eb3...
  8. DrahtBot removed the label DrahtBot Guix build requested on Mar 22, 2024
  9. DrahtBot added the label Build system on Mar 22, 2024
  10. luke-jr commented at 3:18 am on March 23, 2024: member
    Should we be doing something equivalent for aarch64 macOS?
  11. luke-jr referenced this in commit 6a8fa8f26c on Mar 23, 2024
  12. fanquake commented at 11:03 am on March 25, 2024: member

    Should we be doing something equivalent for aarch64 macOS?

    At some point, yes, however LLVM doesn’t currently expose an option. The only similar option they have is CLANG_DEFAULT_PIE_ON_LINUX (which now defaults to ON in any case). I’ll investigate other ways of doing this.

  13. TheCharlatan approved
  14. TheCharlatan commented at 12:30 pm on March 26, 2024: contributor

    ACK 7850c5fe20a034438e00f6c12ce51efc6af3a1aa

    Guix builds (x86_64):

     0d3ad84d8d57c54a75bfc884556c923349d39e310f1a542372b4f1c020c9d3c88  guix-build-7850c5fe20a0/output/aarch64-linux-gnu/SHA256SUMS.part
 149023f19ee8328b04ecdc5441bf9a5d65d18817424e106b39a7d9eb7b0c35253  guix-build-7850c5fe20a0/output/aarch64-linux-gnu/bitcoin-7850c5fe20a0-aarch64-linux-gnu-debug.tar.gz
 220e183a31709df55d0e1566d80819927552e3a0a6d8c6007e0c1b270d4830312  guix-build-7850c5fe20a0/output/aarch64-linux-gnu/bitcoin-7850c5fe20a0-aarch64-linux-gnu.tar.gz
 3057f307e8c491f4bd4ca2f6de53a4414f89d39e26ce2214a112c470e91bff0e6  guix-build-7850c5fe20a0/output/arm-linux-gnueabihf/SHA256SUMS.part
 4cd1c78b5949da16f66555ec2e839f885ad762656da3cd0d307697215c66a435e  guix-build-7850c5fe20a0/output/arm-linux-gnueabihf/bitcoin-7850c5fe20a0-arm-linux-gnueabihf-debug.tar.gz
 50086ea9df1d980ebe66244ac1d942f8325bea3d7fb55faae98b00f35bd1fc002  guix-build-7850c5fe20a0/output/arm-linux-gnueabihf/bitcoin-7850c5fe20a0-arm-linux-gnueabihf.tar.gz
 6b371b725f2db198460dd261282e547fd804ae1ec97fd15ea6e695034e6dc35d8  guix-build-7850c5fe20a0/output/arm64-apple-darwin/SHA256SUMS.part
 73e5c032eb8570fa88e418b11df763ce0dd65ff10e8bc97a676d08236457335c6  guix-build-7850c5fe20a0/output/arm64-apple-darwin/bitcoin-7850c5fe20a0-arm64-apple-darwin-unsigned.tar.gz
 8d19c1bd5a28f36e73f04dc8df2d5645839065346a067eb38a636e66b89c78f57  guix-build-7850c5fe20a0/output/arm64-apple-darwin/bitcoin-7850c5fe20a0-arm64-apple-darwin-unsigned.zip
 9d18cf0a8fd66f091cdd99d7383bc87e52840c7488b02f45bcb422bb6bb5d31b2  guix-build-7850c5fe20a0/output/arm64-apple-darwin/bitcoin-7850c5fe20a0-arm64-apple-darwin.tar.gz
103433ae9ccc2b0d60877eca95348119cc0c56a87a9cc8b787add3088f74da1170  guix-build-7850c5fe20a0/output/dist-archive/bitcoin-7850c5fe20a0.tar.gz
113f53dd696a7328c8d5e28d5a704667606429e1f54ff1c3e22b3a391adf1f7552  guix-build-7850c5fe20a0/output/powerpc64-linux-gnu/SHA256SUMS.part
12efb5d16266dc64e93f6a9836bb5d2136a8c7ac95c724fadca2aa2c91f21b5199  guix-build-7850c5fe20a0/output/powerpc64-linux-gnu/bitcoin-7850c5fe20a0-powerpc64-linux-gnu-debug.tar.gz
13be36c1593528fe1223f70adea4c63da4b87084b7dcdbcdd914aaacec172d6ef3  guix-build-7850c5fe20a0/output/powerpc64-linux-gnu/bitcoin-7850c5fe20a0-powerpc64-linux-gnu.tar.gz
14a778522de796682ca256475114e2afc70a47b9976507c2a77e09734f5378d6de  guix-build-7850c5fe20a0/output/riscv64-linux-gnu/SHA256SUMS.part
15e05b8e6a95be43797cbc333ae625328a145ddaa7d6e5d851c05a04b481b22274  guix-build-7850c5fe20a0/output/riscv64-linux-gnu/bitcoin-7850c5fe20a0-riscv64-linux-gnu-debug.tar.gz
161a231d05c0c298db6c97f603a9da8f8c12b48bc02ad443d54d4b51ff74cbaf4d  guix-build-7850c5fe20a0/output/riscv64-linux-gnu/bitcoin-7850c5fe20a0-riscv64-linux-gnu.tar.gz
17756724554699940152c59884dc578f2fcf631e4912cdf31cde71efe2699fa7f4  guix-build-7850c5fe20a0/output/x86_64-apple-darwin/SHA256SUMS.part
1890ab8c1909e82777b3650f1cd700fb4e04605b153917096ca5392b13092ce647  guix-build-7850c5fe20a0/output/x86_64-apple-darwin/bitcoin-7850c5fe20a0-x86_64-apple-darwin-unsigned.tar.gz
190329d6eaa17aeb75f7d298df296c291a3b7bc82681885e741dc25dde0cb5a02d  guix-build-7850c5fe20a0/output/x86_64-apple-darwin/bitcoin-7850c5fe20a0-x86_64-apple-darwin-unsigned.zip
2051d37083936ec39eb087fd1f9c2584dbf9fc43041210b02e9b0ecb73850e8056  guix-build-7850c5fe20a0/output/x86_64-apple-darwin/bitcoin-7850c5fe20a0-x86_64-apple-darwin.tar.gz
2178828fd43e435ebe9259bc7e02069183b38d3697fff52243241223d01956faf3  guix-build-7850c5fe20a0/output/x86_64-linux-gnu/SHA256SUMS.part
221fc1697ba9cba113b808201392f8341e5b1b74e16d3a5e3cf769df193ccebc38  guix-build-7850c5fe20a0/output/x86_64-linux-gnu/bitcoin-7850c5fe20a0-x86_64-linux-gnu-debug.tar.gz
235d6cb51e3f4a04b919f8f63d83bbf344e6ec9f79ed4d5dde28ff3f79e94ffc35  guix-build-7850c5fe20a0/output/x86_64-linux-gnu/bitcoin-7850c5fe20a0-x86_64-linux-gnu.tar.gz
240d8641977c211df7d37e218858045aa92a51721b2094559594ff2b66088abd83  guix-build-7850c5fe20a0/output/x86_64-w64-mingw32/SHA256SUMS.part
2552afe467be4bdbfa514000a1c1e0310a10c506841b624621a069d146c7636611  guix-build-7850c5fe20a0/output/x86_64-w64-mingw32/bitcoin-7850c5fe20a0-win64-debug.zip
26e4eacaa80ec45c2bc60d5ae854088e82201823d7c7f62d8e79524e5527a5ba9b  guix-build-7850c5fe20a0/output/x86_64-w64-mingw32/bitcoin-7850c5fe20a0-win64-setup-unsigned.exe
27985ee4d1a876b5127841beafa3f73c93cf8ae5b3cab45f334e3c097b68823e98  guix-build-7850c5fe20a0/output/x86_64-w64-mingw32/bitcoin-7850c5fe20a0-win64-unsigned.tar.gz
286d6772a2f4fb35b21610b4ecd0a29f8b0395ebfe059e4216546aa8859d801535  guix-build-7850c5fe20a0/output/x86_64-w64-mingw32/bitcoin-7850c5fe20a0-win64.zip
  15. fanquake merged this on Mar 26, 2024
  16. fanquake closed this on Mar 26, 2024
  17. fanquake deleted the branch on Mar 26, 2024
  18. fanquake referenced this in commit 21f699627c on Jul 11, 2024
  19. fanquake referenced this in commit 1d2758f6f0 on Jul 11, 2024
  20. fanquake referenced this in commit c835a53a33 on Aug 9, 2024
  21. fanquake referenced this in commit 082c90520c on Aug 20, 2024
  22. hebasto referenced this in commit 49f520309f on Aug 21, 2024
  23. fanquake referenced this in commit 9fd3a7504a on Aug 28, 2024
  24. fanquake referenced this in commit f0e45df64f on Aug 30, 2024
  25. fanquake referenced this in commit 682154ef62 on Aug 30, 2024
  26. fanquake referenced this in commit f76ad775fd on Sep 3, 2024
  27. fanquake referenced this in commit 89bf11b807 on Sep 13, 2024
  28. fanquake referenced this in commit 225718eda8 on Sep 17, 2024
  29. kwvg referenced this in commit aa8a5fae3c on Nov 4, 2024
  30. kwvg referenced this in commit 4edca28ba8 on Nov 5, 2024
  31. kwvg referenced this in commit d570e2d21f on Nov 10, 2024
  32. PastaPastaPasta referenced this in commit be97bfeedc on Nov 12, 2024
  33. Fabcien referenced this in commit 287c419afb on Nov 29, 2024
  34. roqqit referenced this in commit 432f0d3517 on Dec 2, 2024
  35. knst referenced this in commit 09af7b78c9 on Dec 26, 2024
  36. bitcoin locked this on Mar 26, 2025


fanquake DrahtBot luke-jr TheCharlatan

Labels
Build system

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-04-18 18:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me