contrib: simplify `test-security-check`

fanquake commented at 4:10 pm on July 10, 2024: member

The current test-security-check script is hard to understand, and change (i.e https://github.com/bitcoin/bitcoin/pull/29987/files#diff-52aa0cda44721f089e53b128cb1232a876006ef257b211655456b17dfb2ec712); tests are also not done in isolation (when-possible). Fix that, and add missing checks. Simplifies future toolchain/security/hardening changes.

DrahtBot commented at 4:10 pm on July 10, 2024: contributor

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	hebasto, TheCharlatan
Concept ACK	theuni
Approach ACK	tdb3

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

#27038 (security-check: test for _FORTIFY_SOURCE usage in release binaries by fanquake)
#26950 (cleanse: switch to SecureZeroMemory for Windows cross-compile, check for usage by fanquake)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

fanquake added the label DrahtBot Guix build requested on Jul 10, 2024

hebasto commented at 4:40 pm on July 10, 2024: member

tests are also not done in isolation (when-possible).

Mind elaborating this statement please? I mean, contrib/devtools/test-security-check.py is supposed to run in the Guix environment. So what kind of “isolation” do you mean?

DrahtBot commented at 10:59 pm on July 10, 2024: contributor

Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]

File	commit 9adebe145557ef410964dd48a02f3d239f488cd0(master)	commit 2c4e64e9dc78a9a7ea87de05875cb681eecd383b(master and this pull)
SHA256SUMS.part	`530e7bce42751f01...`	`3f3ad237d2e7bb0b...`
*-aarch64-linux-gnu-debug.tar.gz	`15f1fd7550bfd2f1...`	`1c05325aed399df4...`
*-aarch64-linux-gnu.tar.gz	`530997ab22e2e260...`	`bad5df94110ade32...`
*-arm-linux-gnueabihf-debug.tar.gz	`b69ee865ab41e678...`	`e899887a957b112f...`
*-arm-linux-gnueabihf.tar.gz	`42b65aca43207c4e...`	`e3fcdd4f337a06ab...`
*-arm64-apple-darwin-unsigned.tar.gz	`f727432ee3cefb84...`	`54137d2f7cea5974...`
*-arm64-apple-darwin-unsigned.zip	`ee8b32019b6f0dcd...`	`a52c6f1aa8e7fc0f...`
*-arm64-apple-darwin.tar.gz	`2c7400ff7dd58c00...`	`07a001a2c0d09ae7...`
*-powerpc64-linux-gnu-debug.tar.gz	`6fc7d37e31784a2d...`	`de2ab8459ada1679...`
*-powerpc64-linux-gnu.tar.gz	`d940e5bdf67dae57...`	`69a3480a7f6b155f...`
*-riscv64-linux-gnu-debug.tar.gz	`9f099cacbd3ddc17...`	`2ef32725da22e603...`
*-riscv64-linux-gnu.tar.gz	`cd11acd568165c53...`	`441cab51d7911525...`
*-x86_64-apple-darwin-unsigned.tar.gz	`64af84380c1cb6a9...`	`84452f294e271a89...`
*-x86_64-apple-darwin-unsigned.zip	`d1b2bf03f28e5fd7...`	`697950908acc0ae3...`
*-x86_64-apple-darwin.tar.gz	`5a2d2f53e723dd0c...`	`c2ee4caf92455df8...`
*-x86_64-linux-gnu-debug.tar.gz	`865f1d8959f12d80...`	`73eb68fdf0bcd747...`
*-x86_64-linux-gnu.tar.gz	`0457a77785fcdf03...`	`1845aa4177514026...`
*.tar.gz	`7151577ec04cca29...`	`1330807390307df4...`
guix_build.log	`00466ff960f48ac5...`	`70a30fe80ab10c5e...`
guix_build.log.diff		`a952c849831a3bcc...`

DrahtBot removed the label DrahtBot Guix build requested on Jul 10, 2024

DrahtBot added the label Scripts and tools on Jul 10, 2024

fanquake commented at 12:45 pm on July 11, 2024: member

So what kind of “isolation” do you mean?

Testing one thing per test.

in contrib/devtools/test-security-check.py:85 in ea096063c3 outdated

94-            (1, executable+': failed HIGH_ENTROPY_VA CONTROL_FLOW'))
95-        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE','-fstack-protector-all', '-lssp']),
96-            (1, executable+': failed CONTROL_FLOW'))
97-        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE', '-fcf-protection=full','-fstack-protector-all', '-lssp']),
98-            (0, ''))
99+        pass_flags = ['-pie','-fPIE', '-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va', '-fcf-protection=full','-fstack-protector-all', '-lssp']

hebasto commented at 1:35 pm on July 11, 2024:

Is the -pie flag supported here?

From the ld linker docs:

This is currently only supported on ELF platforms.

fanquake commented at 1:47 pm on July 11, 2024:

Those look like the wrong docs:

0x86_64-w64-mingw32-ld --help | grep pie
1  -pie, --pic-executable      Create a position independent executable
2  -no-pie                     Create a position dependent executable (default)

hebasto commented at 3:02 pm on July 11, 2024:

There seems to be some inconsistency in docs. For instance, in https://manpages.debian.org/bookworm/binutils-mingw-w64-x86-64/x86_64-w64-mingw32-ld.1.en.html:

-pie –pic-executable Create a position independent executable. This is currently only supported on ELF platforms. Position independent executables are similar to shared libraries in that they are relocated by the dynamic linker to the virtual address the OS chooses for them (which can vary between invocations). Like normal dynamically linked executables they can be executed and symbols defined in the executable cannot be overridden by shared libraries. -no-pie Create a position dependent executable. This is the default.

in contrib/devtools/test-security-check.py:88 in ea096063c3 outdated

 97-        self.assertEqual(call_security_check(cc, source, executable, ['-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va','-pie','-fPIE', '-fcf-protection=full','-fstack-protector-all', '-lssp']),
 98-            (0, ''))
 99+        pass_flags = ['-pie','-fPIE', '-Wl,--nxcompat','-Wl,--enable-reloc-section','-Wl,--dynamicbase','-Wl,--high-entropy-va', '-fcf-protection=full','-fstack-protector-all', '-lssp']
100+
101+        self.assertEqual(call_security_check(cc, source, executable, pass_flags + ['-fno-stack-protector']), (1, executable+': failed Canary'))
102+        self.assertEqual(call_security_check(cc, source, executable, pass_flags + ['-Wl,--disable-reloc-section']), (1, executable+': failed RELOC_SECTION'))

hebasto commented at 1:44 pm on July 11, 2024:

This check fails:

 0FAIL: test_PE (__main__.TestSecurityChecks)
 1----------------------------------------------------------------------
 2Traceback (most recent call last):
 3  File "/distsrc-base/distsrc-ea096063c384-x86_64-w64-mingw32/./contrib/devtools/test-security-check.py", line 88, in test_PE
 4    self.assertEqual(call_security_check(cc, source, executable, pass_flags + ['-Wl,--disable-reloc-section']), (1, executable+': failed RELOC_SECTION'))
 5AssertionError: Tuples differ: (1, 'test1.exe: failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA') != (1, 'test1.exe: failed RELOC_SECTION')
 6
 7First differing element 1:
 8'test1.exe: failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA'
 9'test1.exe: failed RELOC_SECTION'
10
11- (1, 'test1.exe: failed PIE DYNAMIC_BASE HIGH_ENTROPY_VA')
12+ (1, 'test1.exe: failed RELOC_SECTION')
13
14----------------------------------------------------------------------
15Ran 1 test in 0.181s
16
17FAILED (failures=1)
18make: *** [Makefile:1348: test-security-check] Error 1

fanquake commented at 2:09 pm on July 11, 2024:

This has turned up what looks like a bug in LIEF: https://github.com/lief-project/LIEF/issues/1076. Will re-enable the test later.

hebasto commented at 1:44 pm on July 11, 2024: member

Concept ACK.

nit: Spaces after commas and around + can used more consistently for better readability.

fanquake force-pushed on Jul 11, 2024

fanquake marked this as a draft on Jul 11, 2024

theuni commented at 6:38 pm on July 11, 2024: member

Nice, concept ACK. I had the same thought when looking at this for #30387.

I think it should be possible (or maybe this is enough?) to avoid making toolchain assumptions and have this work outside of guix.

tdb3 approved

tdb3 commented at 8:21 pm on July 14, 2024: contributor

Approach ACK Nice. Increases readability.

nit: Thought about opportunities for deduplication (e.g. creating a dictionary/list containing test cases with associated parameters/arguments, then looping through it). It’s probably overkill for a file as small as test-security-check.py and wouldn’t necessarily enhance readability.

fanquake force-pushed on Jul 16, 2024

contrib: simplify MACHO test-security-check 6c9746ff92

contrib: simplify PE test-security-check 1810e20677

contrib: simplify ELF test-security-check 51d8f435c9

fanquake force-pushed on Jul 18, 2024

contrib: assume binary existence in sec/sym checks

If the binaries don't exist, the Guix build has failed for some other
reason.

There's no need to check for unknown architectures, or executable
formats, as the only ones that could be built are those that we've
configured toolchains for in Guix.

We've also been doing this inconsistently across the two scripts.

1bc9f64bee

fanquake marked this as ready for review on Jul 19, 2024

hebasto approved

hebasto commented at 3:26 pm on July 22, 2024: member

ACK 1bc9f64bee919bc46eb061ef8c66f936eb6a8918 (assuming my Guix hashes match; I’ll provide them shortly).

My concern about -pie support for Windows is not a blocker.

DrahtBot requested review from tdb3 on Jul 22, 2024

DrahtBot requested review from theuni on Jul 22, 2024

fanquake added the label DrahtBot Guix build requested on Jul 22, 2024

DrahtBot commented at 11:29 pm on July 22, 2024: contributor

Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]

File	commit 8754d055c65e11fd2afa59f9e5de7c60a9e0ec23(master)	commit cb264d280f14c813dc10978da958d683ad391873(master and this pull)
SHA256SUMS.part	`d6e6493ade976e0d...`	`089abe0442fa1ba3...`
*-aarch64-linux-gnu-debug.tar.gz	`7cfc076ad8f454ea...`	`b6ccdc1ae5163206...`
*-aarch64-linux-gnu.tar.gz	`d41bd61202831ba3...`	`aa98f580e184641e...`
*-arm-linux-gnueabihf-debug.tar.gz	`912bbcf745276a50...`	`b729509fab1f85df...`
*-arm-linux-gnueabihf.tar.gz	`8c0682e696de8302...`	`dc4889bf58ecaaa6...`
*-arm64-apple-darwin-unsigned.tar.gz	`dfe0523b3f4cb6f3...`	`49052eb2928b7e61...`
*-arm64-apple-darwin-unsigned.zip	`ea1ba475f15725a2...`	`ace7f21d4d0cce2f...`
*-arm64-apple-darwin.tar.gz	`e1d791be90054e5d...`	`8fc7ace4c38a2717...`
*-powerpc64-linux-gnu-debug.tar.gz	`0687d53371c9d763...`	`18b9f8526db068b1...`
*-powerpc64-linux-gnu.tar.gz	`c5374aa7b2c93e11...`	`3cfae8c1227d7637...`
*-riscv64-linux-gnu-debug.tar.gz	`e93579b19a31ce98...`	`b51edcda08ede6b2...`
*-riscv64-linux-gnu.tar.gz	`7ff41ce672e58033...`	`b30a4adfe3c883a6...`
*-x86_64-apple-darwin-unsigned.tar.gz	`b25a790a1d1a81ed...`	`2e80370d6c9f665b...`
*-x86_64-apple-darwin-unsigned.zip	`f30efb740994654d...`	`3ceb23ae2fbe0f15...`
*-x86_64-apple-darwin.tar.gz	`a03819d1a7360b2b...`	`b511fe4c10175fca...`
*-x86_64-linux-gnu-debug.tar.gz	`cd949492f6e34833...`	`1cb6ffd0472a76f7...`
*-x86_64-linux-gnu.tar.gz	`073ddca46f7fef65...`	`b6928594a3324995...`
*.tar.gz	`59cca0c61711199d...`	`a3e8125fc92903dc...`
guix_build.log	`0095374897aad81b...`	`69a5e8011ac2baca...`
guix_build.log.diff		`1a01569e367a423d...`

DrahtBot removed the label DrahtBot Guix build requested on Jul 22, 2024

fanquake commented at 10:34 am on July 23, 2024: member

Guix Build (x86_64):

 0222a30ae2094e1e2536e5a1e8794d04f300fbf6ed0f67e0f6dcb4160e3d075a7  guix-build-1bc9f64bee91/output/aarch64-linux-gnu/SHA256SUMS.part
 1f7a7b2a6f7e85aa633d6cdb9907bf11cf05c3bdabdf32a4fefaf2bb63264583d  guix-build-1bc9f64bee91/output/aarch64-linux-gnu/bitcoin-1bc9f64bee91-aarch64-linux-gnu-debug.tar.gz
 28884a25e5a214b224d2c7d73e19786174ddb4eed37c2daa0dc57c23d1f49fc3c  guix-build-1bc9f64bee91/output/aarch64-linux-gnu/bitcoin-1bc9f64bee91-aarch64-linux-gnu.tar.gz
 336855764cdf7488af17c16524adda0b3c019d08f47e87a8aea5596aade9eba87  guix-build-1bc9f64bee91/output/arm-linux-gnueabihf/SHA256SUMS.part
 48bbf0f76f2abe4ee6bdfb1eba9b67410f187afc60433e5be5f7fb11c184660a9  guix-build-1bc9f64bee91/output/arm-linux-gnueabihf/bitcoin-1bc9f64bee91-arm-linux-gnueabihf-debug.tar.gz
 5db5ff885a8b728415988456b3f02dd5178124a9ff4ea5f0946f3327038ea33f4  guix-build-1bc9f64bee91/output/arm-linux-gnueabihf/bitcoin-1bc9f64bee91-arm-linux-gnueabihf.tar.gz
 6314ce4cd1ccd1ca089c29a68d9f4d031c9dc5e0cf5f6d9b0234db1d7cdc7d641  guix-build-1bc9f64bee91/output/arm64-apple-darwin/SHA256SUMS.part
 761d6eb60cdd3b37abf57b560ceb7fc617f56d8d0ab28605673faa93470e9da7a  guix-build-1bc9f64bee91/output/arm64-apple-darwin/bitcoin-1bc9f64bee91-arm64-apple-darwin-unsigned.tar.gz
 8bbff8c672e248e2e08ceea8641ca3c58576031afaa801b920b2d6e3483684a6c  guix-build-1bc9f64bee91/output/arm64-apple-darwin/bitcoin-1bc9f64bee91-arm64-apple-darwin-unsigned.zip
 9863ff8c24b3dffb27d548cd5e80ff9205f6b06bc21a4a8249db26acf1fb1d7e0  guix-build-1bc9f64bee91/output/arm64-apple-darwin/bitcoin-1bc9f64bee91-arm64-apple-darwin.tar.gz
10c441e38346c2276f5d3e35e22b00c2bd31c8410d19b0726cce155ffe1c6649a3  guix-build-1bc9f64bee91/output/dist-archive/bitcoin-1bc9f64bee91.tar.gz
11ac7784cf706551e704103e99ee1a7df79ae13870fa5e3dcd2ea8cbc74a36e775  guix-build-1bc9f64bee91/output/powerpc64-linux-gnu/SHA256SUMS.part
12fb4f88f4f6e6baeb6b14e7dd107b3678bc3174192d42d9844cce7f24ea4ecc30  guix-build-1bc9f64bee91/output/powerpc64-linux-gnu/bitcoin-1bc9f64bee91-powerpc64-linux-gnu-debug.tar.gz
13b86ca80ab5110228bb1c32641a75a5fbfb77454583a5cff6695f3335fc089b1e  guix-build-1bc9f64bee91/output/powerpc64-linux-gnu/bitcoin-1bc9f64bee91-powerpc64-linux-gnu.tar.gz
140a345fe896f8bf91ed5092799a6512e3baa1f934b663cbe43ddf2e70333c0b76  guix-build-1bc9f64bee91/output/riscv64-linux-gnu/SHA256SUMS.part
1514d06d3b49bfc8d94aa548799b7f886efba1253a5e13f3179cecfbc2a4531e0d  guix-build-1bc9f64bee91/output/riscv64-linux-gnu/bitcoin-1bc9f64bee91-riscv64-linux-gnu-debug.tar.gz
16bca5ca1bbc303fa078567e284e3e6983fc2e7ab9c6ca24cc200185acb608b845  guix-build-1bc9f64bee91/output/riscv64-linux-gnu/bitcoin-1bc9f64bee91-riscv64-linux-gnu.tar.gz
17b7b916e97a5a9a24f83938c3dc06e8ef6541e3112f6becb372d4a0430221c4da  guix-build-1bc9f64bee91/output/x86_64-apple-darwin/SHA256SUMS.part
189f1c2868a1704d60889e8675785d2a02a92b5d32d28e61cc9b9c06e12f44bd40  guix-build-1bc9f64bee91/output/x86_64-apple-darwin/bitcoin-1bc9f64bee91-x86_64-apple-darwin-unsigned.tar.gz
19ca290ebae788bcad2c21882cb7962d40d41878df8ccb6e5ab9cb434aa02ab6e0  guix-build-1bc9f64bee91/output/x86_64-apple-darwin/bitcoin-1bc9f64bee91-x86_64-apple-darwin-unsigned.zip
20323ea529b7646a8d0326e465d64ef36ef9b304a0f8b379d6e61f4c6aaa9479b1  guix-build-1bc9f64bee91/output/x86_64-apple-darwin/bitcoin-1bc9f64bee91-x86_64-apple-darwin.tar.gz
21ab99ee9a4e76f8f81958e0ae5381d422961e1e4ca1e38e88b73a858024d4933b  guix-build-1bc9f64bee91/output/x86_64-linux-gnu/SHA256SUMS.part
228e5044e712fd0d674dba95bf3b02f3c1f872c3f0933f15f6fd142aee51072d65  guix-build-1bc9f64bee91/output/x86_64-linux-gnu/bitcoin-1bc9f64bee91-x86_64-linux-gnu-debug.tar.gz
23583e16f677421420cfddc4b591c7fbad7879a154572567fe8ca7d94ea16d4ab6  guix-build-1bc9f64bee91/output/x86_64-linux-gnu/bitcoin-1bc9f64bee91-x86_64-linux-gnu.tar.gz
24e8cea74fcfd0202186659d76c5d3bf2d1b35560bb74d71395b1540b0223ebcf2  guix-build-1bc9f64bee91/output/x86_64-w64-mingw32/SHA256SUMS.part
25f67bbf2cc9c48ae29b0543f62fec5337e711cac8b4dede393aa7d805a4d4c926  guix-build-1bc9f64bee91/output/x86_64-w64-mingw32/bitcoin-1bc9f64bee91-win64-debug.zip
268aa117609c8857365ed69a5e646aa49a1034800bfd8e40436cede8ae3a69b5cd  guix-build-1bc9f64bee91/output/x86_64-w64-mingw32/bitcoin-1bc9f64bee91-win64-setup-unsigned.exe
27e26f68b8949c5c5fdea3f513b88f34ddae8f2ff5624383b58ff4041924ac6d66  guix-build-1bc9f64bee91/output/x86_64-w64-mingw32/bitcoin-1bc9f64bee91-win64-unsigned.tar.gz
28a4816c6b72892cfbb7518592b031df3d27937c2097a3a7928dda5872424a78ee  guix-build-1bc9f64bee91/output/x86_64-w64-mingw32/bitcoin-1bc9f64bee91-win64.zip

hebasto commented at 4:21 pm on July 23, 2024: member

My Guix build:

 0x86_64
 1222a30ae2094e1e2536e5a1e8794d04f300fbf6ed0f67e0f6dcb4160e3d075a7  guix-build-1bc9f64bee91/output/aarch64-linux-gnu/SHA256SUMS.part
 2f7a7b2a6f7e85aa633d6cdb9907bf11cf05c3bdabdf32a4fefaf2bb63264583d  guix-build-1bc9f64bee91/output/aarch64-linux-gnu/bitcoin-1bc9f64bee91-aarch64-linux-gnu-debug.tar.gz
 38884a25e5a214b224d2c7d73e19786174ddb4eed37c2daa0dc57c23d1f49fc3c  guix-build-1bc9f64bee91/output/aarch64-linux-gnu/bitcoin-1bc9f64bee91-aarch64-linux-gnu.tar.gz
 436855764cdf7488af17c16524adda0b3c019d08f47e87a8aea5596aade9eba87  guix-build-1bc9f64bee91/output/arm-linux-gnueabihf/SHA256SUMS.part
 58bbf0f76f2abe4ee6bdfb1eba9b67410f187afc60433e5be5f7fb11c184660a9  guix-build-1bc9f64bee91/output/arm-linux-gnueabihf/bitcoin-1bc9f64bee91-arm-linux-gnueabihf-debug.tar.gz
 6db5ff885a8b728415988456b3f02dd5178124a9ff4ea5f0946f3327038ea33f4  guix-build-1bc9f64bee91/output/arm-linux-gnueabihf/bitcoin-1bc9f64bee91-arm-linux-gnueabihf.tar.gz
 7314ce4cd1ccd1ca089c29a68d9f4d031c9dc5e0cf5f6d9b0234db1d7cdc7d641  guix-build-1bc9f64bee91/output/arm64-apple-darwin/SHA256SUMS.part
 861d6eb60cdd3b37abf57b560ceb7fc617f56d8d0ab28605673faa93470e9da7a  guix-build-1bc9f64bee91/output/arm64-apple-darwin/bitcoin-1bc9f64bee91-arm64-apple-darwin-unsigned.tar.gz
 9bbff8c672e248e2e08ceea8641ca3c58576031afaa801b920b2d6e3483684a6c  guix-build-1bc9f64bee91/output/arm64-apple-darwin/bitcoin-1bc9f64bee91-arm64-apple-darwin-unsigned.zip
10863ff8c24b3dffb27d548cd5e80ff9205f6b06bc21a4a8249db26acf1fb1d7e0  guix-build-1bc9f64bee91/output/arm64-apple-darwin/bitcoin-1bc9f64bee91-arm64-apple-darwin.tar.gz
11c441e38346c2276f5d3e35e22b00c2bd31c8410d19b0726cce155ffe1c6649a3  guix-build-1bc9f64bee91/output/dist-archive/bitcoin-1bc9f64bee91.tar.gz
12ac7784cf706551e704103e99ee1a7df79ae13870fa5e3dcd2ea8cbc74a36e775  guix-build-1bc9f64bee91/output/powerpc64-linux-gnu/SHA256SUMS.part
13fb4f88f4f6e6baeb6b14e7dd107b3678bc3174192d42d9844cce7f24ea4ecc30  guix-build-1bc9f64bee91/output/powerpc64-linux-gnu/bitcoin-1bc9f64bee91-powerpc64-linux-gnu-debug.tar.gz
14b86ca80ab5110228bb1c32641a75a5fbfb77454583a5cff6695f3335fc089b1e  guix-build-1bc9f64bee91/output/powerpc64-linux-gnu/bitcoin-1bc9f64bee91-powerpc64-linux-gnu.tar.gz
150a345fe896f8bf91ed5092799a6512e3baa1f934b663cbe43ddf2e70333c0b76  guix-build-1bc9f64bee91/output/riscv64-linux-gnu/SHA256SUMS.part
1614d06d3b49bfc8d94aa548799b7f886efba1253a5e13f3179cecfbc2a4531e0d  guix-build-1bc9f64bee91/output/riscv64-linux-gnu/bitcoin-1bc9f64bee91-riscv64-linux-gnu-debug.tar.gz
17bca5ca1bbc303fa078567e284e3e6983fc2e7ab9c6ca24cc200185acb608b845  guix-build-1bc9f64bee91/output/riscv64-linux-gnu/bitcoin-1bc9f64bee91-riscv64-linux-gnu.tar.gz
18b7b916e97a5a9a24f83938c3dc06e8ef6541e3112f6becb372d4a0430221c4da  guix-build-1bc9f64bee91/output/x86_64-apple-darwin/SHA256SUMS.part
199f1c2868a1704d60889e8675785d2a02a92b5d32d28e61cc9b9c06e12f44bd40  guix-build-1bc9f64bee91/output/x86_64-apple-darwin/bitcoin-1bc9f64bee91-x86_64-apple-darwin-unsigned.tar.gz
20ca290ebae788bcad2c21882cb7962d40d41878df8ccb6e5ab9cb434aa02ab6e0  guix-build-1bc9f64bee91/output/x86_64-apple-darwin/bitcoin-1bc9f64bee91-x86_64-apple-darwin-unsigned.zip
21323ea529b7646a8d0326e465d64ef36ef9b304a0f8b379d6e61f4c6aaa9479b1  guix-build-1bc9f64bee91/output/x86_64-apple-darwin/bitcoin-1bc9f64bee91-x86_64-apple-darwin.tar.gz
22ab99ee9a4e76f8f81958e0ae5381d422961e1e4ca1e38e88b73a858024d4933b  guix-build-1bc9f64bee91/output/x86_64-linux-gnu/SHA256SUMS.part
238e5044e712fd0d674dba95bf3b02f3c1f872c3f0933f15f6fd142aee51072d65  guix-build-1bc9f64bee91/output/x86_64-linux-gnu/bitcoin-1bc9f64bee91-x86_64-linux-gnu-debug.tar.gz
24583e16f677421420cfddc4b591c7fbad7879a154572567fe8ca7d94ea16d4ab6  guix-build-1bc9f64bee91/output/x86_64-linux-gnu/bitcoin-1bc9f64bee91-x86_64-linux-gnu.tar.gz
25e8cea74fcfd0202186659d76c5d3bf2d1b35560bb74d71395b1540b0223ebcf2  guix-build-1bc9f64bee91/output/x86_64-w64-mingw32/SHA256SUMS.part
26f67bbf2cc9c48ae29b0543f62fec5337e711cac8b4dede393aa7d805a4d4c926  guix-build-1bc9f64bee91/output/x86_64-w64-mingw32/bitcoin-1bc9f64bee91-win64-debug.zip
278aa117609c8857365ed69a5e646aa49a1034800bfd8e40436cede8ae3a69b5cd  guix-build-1bc9f64bee91/output/x86_64-w64-mingw32/bitcoin-1bc9f64bee91-win64-setup-unsigned.exe
28e26f68b8949c5c5fdea3f513b88f34ddae8f2ff5624383b58ff4041924ac6d66  guix-build-1bc9f64bee91/output/x86_64-w64-mingw32/bitcoin-1bc9f64bee91-win64-unsigned.tar.gz
29a4816c6b72892cfbb7518592b031df3d27937c2097a3a7928dda5872424a78ee  guix-build-1bc9f64bee91/output/x86_64-w64-mingw32/bitcoin-1bc9f64bee91-win64.zip

TheCharlatan approved

TheCharlatan commented at 7:09 pm on July 23, 2024: contributor

ACK 1bc9f64bee919bc46eb061ef8c66f936eb6a8918

fanquake merged this on Jul 24, 2024

fanquake closed this on Jul 24, 2024

fanquake deleted the branch on Jul 24, 2024

contrib: simplify test-security-check #30423

Code Coverage

Reviews

Conflicts

Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]

Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]

contrib: simplify `test-security-check` #30423