guix: build glibc with --enable-static-pie #33821

pull fanquake wants to merge 1 commits into bitcoin:master from fanquake:guix_glibc_static_pie changing 1 files +1 −0
  1. fanquake commented at 5:04 pm on November 7, 2025: member

    From the glibc 2.27 release notes:

    Major new features: The GNU C Library can now be compiled with support for building static PIE executables (See –enable-static-pie in INSTALL). These static PIE executables are like static executables but can be loaded at any address and provide additional security hardening benefits at the cost of some memory and performance. When the library is built with –enable-static-pic the resulting libc.a is usable with GCC 8 and above to create static PIE executables using the GCC option ‘-static-pie’. This feature is currently supported on i386, x86_64 and x32 with binutils 2.29 or later, and on aarch64 with binutils 2.30 or later.

    Note that from glibc 2.35 onwards, this option is replaced with a --disable-* variant, as glibc started defaulting to this behaviour.

    This not give us -static-pie release binaries, that requires further changes, see #25573. This change makes it easier to experiment with the current release glibc, by being able to just use -static-pie, and not rebuild the toolchain.

  2. guix: build glibc with --enable-static-pie 
    > Version 2.27
> Major new features:
> The GNU C Library can now be compiled with support for building static
> PIE executables (See --enable-static-pie in INSTALL).
> These static PIE executables are like static executables but can be
> loaded at any address and provide additional security hardening benefits
> at the cost of some memory and performance.  When the library is built with
> --enable-static-pic the resulting libc.a is usable with GCC 8 and above to
> create static PIE executables using the GCC option '-static-pie'. This
> feature is currently supported on i386, x86_64 and x32 with binutils
> 2.29 or later, and on aarch64 with binutils 2.30 or later.

Note that from glibc 2.35 onwards, this option is replaced with a
`--disable-*` variant, as glibc started defaulting to this behaviour.

Note that is also does not give us `-static-pie` release binaries, that
requires further changes, see #25573.
    a6417a24f6
  3. DrahtBot added the label Build system on Nov 7, 2025
  4. DrahtBot commented at 5:04 pm on November 7, 2025: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/33821.

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

  5. fanquake added the label DrahtBot Guix build requested on Nov 7, 2025
  6. DrahtBot commented at 4:20 am on November 9, 2025: contributor

    Guix builds (on x86_64) [untrusted test-only build, possibly unsafe, not for production use]

    File commit 513a0da2e0c89d4833aeeb9f799cf43548d6441f(master) commit a038e65fcb2baaa76a72aac18f637b03de310499(pull/33821/merge)
    *-aarch64-linux-gnu-debug.tar.gz e2fb3b26b5a91ad3... e53294b170117b6d...
    *-aarch64-linux-gnu.tar.gz ba231c3d1479c0f7... f0ddef27dc1eb7ea...
    *-arm-linux-gnueabihf-debug.tar.gz 8301fb7dc22dfe4b... e4b52d8589b9a406...
    *-arm-linux-gnueabihf.tar.gz 716e440e612808d4... 9aa6a76169b770ad...
    *-arm64-apple-darwin-codesigning.tar.gz 805f3c6c49285fb1...
    *-arm64-apple-darwin-unsigned.tar.gz 5b763ad7e05f1c95...
    *-arm64-apple-darwin-unsigned.zip 361a0d14440d910a...
    *-powerpc64-linux-gnu-debug.tar.gz 65a747b0abd595e3...
    *-powerpc64-linux-gnu.tar.gz 7c017332d7fc6281...
    *-riscv64-linux-gnu-debug.tar.gz ee61e9a036f794d6...
    *-riscv64-linux-gnu.tar.gz ec5afa2e038b93fe...
    *-x86_64-apple-darwin-codesigning.tar.gz 002ee153a2c3615c...
    *-x86_64-apple-darwin-unsigned.tar.gz c561cae09122aa20...
    *-x86_64-apple-darwin-unsigned.zip 1479a35ba6d9011d...
    *-x86_64-linux-gnu-debug.tar.gz 7aab8b410c431dfa... 810f6bc40a6f8776...
    *-x86_64-linux-gnu.tar.gz 741e788de5ace4e1... ea61f00e75504231...
    *.tar.gz 9917b4537102f543... dd7f07a2de409d2e...
    SHA256SUMS.part 1e0433200fbba6ff... 01c63eee69bda4dc...
    guix_build.log 804401f78232c89d... 16046571c9e7396c...
    guix_build.log.diff d9d006fdce4f3e14...
  7. DrahtBot removed the label DrahtBot Guix build requested on Nov 9, 2025
  8. maflcko commented at 8:17 am on November 10, 2025: member

    Looks like the error was:

     0...
 1The following derivations will be built:
 2  /gnu/store/mv6c9hq3xpl208kwdj1akzy3md11fn8d-glibc-cross-riscv64-linux-gnu-2.31.drv
 3  /gnu/store/q96z7xnxs4py883rasgyy6hxkcp11cdi-gcc-cross-riscv64-linux-gnu-13.3.0.drv
 4  /gnu/store/ia37k6ramx87qg6vi2gffap5ikkzjhaj-riscv64-linux-gnu-toolchain-13.3.0.drv
 5
 6building /gnu/store/mv6c9hq3xpl208kwdj1akzy3md11fn8d-glibc-cross-riscv64-linux-gnu-2.31.drv...
 7note: keeping build directory `/guix_temp_dir/guix-build-glibc-cross-riscv64-linux-gnu-2.31.drv-0'
 8builder for `/gnu/store/mv6c9hq3xpl208kwdj1akzy3md11fn8d-glibc-cross-riscv64-linux-gnu-2.31.drv' failed with exit code 1
 9build of /gnu/store/mv6c9hq3xpl208kwdj1akzy3md11fn8d-glibc-cross-riscv64-linux-gnu-2.31.drv failed
10View build log at '/var/log/guix/drvs/mv/6c9hq3xpl208kwdj1akzy3md11fn8d-glibc-cross-riscv64-linux-gnu-2.31.drv.gz'.
11guix shell: error: build of `/gnu/store/mv6c9hq3xpl208kwdj1akzy3md11fn8d-glibc-cross-riscv64-linux-gnu-2.31.drv' failed
  9. fanquake commented at 10:32 am on November 10, 2025: member
    Given more patching needed, wont bother with this.
  10. fanquake closed this on Nov 10, 2025
  11. fanquake deleted the branch on Nov 10, 2025


fanquake DrahtBot maflcko

Labels
Build system

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-11-26 21:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me