contrib: Check symbols in the `bitcoinconsensus` shared library #25020

hebasto · 2022-04-28T18:36:57Z

In the light of a new shared library it looks reasonable to start checking shared library symbols.

During testing this PR, it was pointed that libbitcoinconsensus.so has "a ton of unnecessary symbols being exported". Fortunately, it could be fixed in #24994.

Therefore, it makes sense to draft this PR until #24994 is merged.

Guix builds on `x86_64`:

laanwj · 2022-05-03T12:34:07Z

In the light of a new shared library it looks reasonable to start checking shared library symbols.

Yes, very good idea, Concept ACK.

laanwj · 2022-05-03T12:36:42Z

contrib/devtools/symbol-check.py

                print(f'{filename}: symbol {symbol.name} from unsupported version {version}')
                ok = False
    return ok

 def check_exported_symbols(binary) -> bool:
    ok: bool = True
+    if binary.abstract.header.object_type == lief.OBJECT_TYPES.LIBRARY:
+        return ok


I think one of the most important things to check for shared libraries is that they export the right symbols (to make sure their entire API is available), and only the right symbols (extra and re-exported symbols can cause conflicts).

Yea, that is what I assumed this would be doing when I first looked. Otherwise I think the checks currently being added are ~0.

Exactly. It was the initial idea of this PR. When I faced with a crowd of exported symbols, I decided to make this PR focused on introducing a tool, and leave fighting with linker issues for follow ups.

I think the PR should be renamed then? If it's not actually doing the thing in the PR title.

fanquake · 2022-05-03T13:21:38Z

contrib/devtools/symbol-check.py

@@ -176,76 +176,76 @@ def check_version(max_versions, version, arch) -> bool:
 def check_imported_symbols(binary) -> bool:
    ok: bool = True

-    for symbol in binary.imported_symbols:
+    for symbol in binary.concrete.imported_symbols:


2012abe: contrib: Always explicitly cast lief.Binary object

Why?

I also wonder, it's a bit ugly to have .concrete everywhere.

laanwj · 2022-05-31T13:27:14Z

contrib/devtools/symbol-check.py

-            print(f'{split[-1]} is not in ALLOWED_LIBRARIES!')
+    for dylib in binary.concrete.libraries:
+        library = dylib.name.split('/')[-1]
+        if binary.abstract.header.object_type == lief.OBJECT_TYPES.LIBRARY and library == 'libbitcoinconsensus.0.dylib':


Let's not hardcode this name here. If we need to skip this, please define another constant for the list of libraries to skip.

In general, I don't really like how these changes are mixing up the binary and library checks.

laanwj · 2022-05-31T13:40:36Z

Speaking of checking exported symbols, I checked libbitcoinconsensus.so from 23.0 and there's a ton of unnecessary symbols being exported:

$ objdump -T bitcoin-23.0/lib/libbitcoinconsensus.so|grep -v UND
bitcoin-23.0/lib/libbitcoinconsensus.so:     file format elf64-x86-64

DYNAMIC SYMBOL TABLE:
00000000000203f0  w   DF .text  00000000000000d3  Base        _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC2IS3_EEPKcRKS3_
000000000002b850  w   DF .text  0000000000000373  Base        _ZNSt20__uninitialized_copyILb0EE13__uninit_copyIPK5CTxInPS2_EET0_T_S7_S6_
0000000000026100  w   DF .text  0000000000000062  Base        _ZNSt12_Vector_baseIhSaIhEED1Ev
00000000000293d0 g    DF .text  0000000000000037  Base        bitcoinconsensus_version
0000000000042aa0  w   DF .text  00000000000000e2  Base        _ZNSt6vectorIhSaIhEE7reserveEm
0000000000038010  w   DF .text  0000000000000178  Base        _ZNSt6vectorIhSaIhEE17_M_realloc_insertIJhEEEvN9__gnu_cxx17__normal_iteratorIPhS1_EEDpOT_
0000000000037aa0  w   DF .text  000000000000012d  Base        _ZNSt6vectorIS_IhSaIhEESaIS1_EE8_M_eraseEN9__gnu_cxx17__normal_iteratorIPS1_S3_EES7_
00000000000059b9  w   DF .text  0000000000000048  Base        _ZSt27__throw_bad_optional_accessv
00000000000375f0  w   DF .text  00000000000000b6  Base        _ZNSt6vectorIhSaIhEEC2ERKS1_
0000000000037e20  w   DF .text  00000000000001e5  Base        _ZNSt6vectorIS_IhSaIhEESaIS1_EE17_M_default_appendEm
00000000000366d0  w   DF .text  0000000000000042  Base        _ZNSt19bad_optional_accessD2Ev
00000000001719f0  w   DO .data.rel.ro   0000000000000028  Base        _ZTVSt19bad_optional_access
00000000000366d0  w   DF .text  0000000000000042  Base        _ZNSt19bad_optional_accessD1Ev
0000000000054e80  w   DO .rodata        0000000000000018  Base        _ZTSSt19bad_optional_access
00000000000429f0  w   DF .text  00000000000000a7  Base        _ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EERKS8_PKS5_
0000000000042fb0  w   DF .text  00000000000000d4  Base        _ZNSt8__detail18__from_chars_digitIjEEbRPKcS2_RT_i
0000000000036720  w   DF .text  0000000000000054  Base        _ZNSt19bad_optional_accessD0Ev
0000000000020260  w   DF .text  0000000000000034  Base        _ZNKSt5ctypeIcE8do_widenEc
0000000000021230  w   DF .text  0000000000000073  Base        _ZNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEED2Ev
0000000000037980  w   DF .text  0000000000000120  Base        _ZNSt6vectorIS_IhSaIhEESaIS1_EE9push_backERKS1_
000000000002b680  w   DF .text  00000000000001cd  Base        _ZNSt6vectorIS_IhSaIhEESaIS1_EE17_M_realloc_insertIJEEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_
0000000000038190  w   DF .text  00000000000001e5  Base        _ZNSt6vectorIS_IhSaIhEESaIS1_EE17_M_realloc_insertIJS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_
0000000000021230  w   DF .text  0000000000000073  Base        _ZNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEED1Ev
00000000000212b0  w   DF .text  0000000000000081  Base        _ZNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEED0Ev
00000000000361e0  w   DF .text  0000000000000039  Base        _ZNKSt19bad_optional_access4whatEv
00000000000267f0  w   DF .text  0000000000000373  Base        _ZNSt20__uninitialized_copyILb0EE13__uninit_copyIN9__gnu_cxx17__normal_iteratorIPK5CTxInSt6vectorIS4_SaIS4_EEEEPS4_EET0_T_SD_SC_
00000000001719a8  w   DO .data.rel.ro   0000000000000018  Base        _ZTISt19bad_optional_access
0000000000036820  w   DF .text  0000000000000062  Base        _ZNSt6vectorIhSaIhEED2Ev
00000000000375f0  w   DF .text  00000000000000b6  Base        _ZNSt6vectorIhSaIhEEC1ERKS1_
00000000000203f0  w   DF .text  00000000000000d3  Base        _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1IS3_EEPKcRKS3_
0000000000036820  w   DF .text  0000000000000062  Base        _ZNSt6vectorIhSaIhEED1Ev
000000000002ae10 g    DF .text  000000000000006d  Base        bitcoinconsensus_verify_script
0000000000051994 g    DF .fini  0000000000000000  Base        _fini
0000000000004000 g    DF .init  0000000000000000  Base        _init
0000000000037550  w   DF .text  000000000000009e  Base        _ZNSt6vectorIS_IhSaIhEESaIS1_EED2Ev
00000000000376b0  w   DF .text  00000000000002cd  Base        _ZNSt6vectorIS_IhSaIhEESaIS1_EE17_M_realloc_insertIJRKS1_EEEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEDpOT_
0000000000037550  w   DF .text  000000000000009e  Base        _ZNSt6vectorIS_IhSaIhEESaIS1_EED1Ev
0000000000037cc0  w   DF .text  0000000000000160  Base        _ZNSt6vectorIS_IhSaIhEESaIS1_EE13_M_insert_auxIS1_EEvN9__gnu_cxx17__normal_iteratorIPS1_S3_EEOT_
0000000000037bd0  w   DF .text  00000000000000e3  Base        _ZNSt6vectorIS_IhSaIhEESaIS1_EE8_M_eraseEN9__gnu_cxx17__normal_iteratorIPS1_S3_EE
000000000002adc0 g    DF .text  0000000000000049  Base        bitcoinconsensus_verify_script_with_amount
0000000000042b90  w   DF .text  0000000000000178  Base        _ZNSt6vectorIhSaIhEE17_M_realloc_insertIJRKhEEEvN9__gnu_cxx17__normal_iteratorIPhS1_EEDpOT_
0000000000042d10  w   DF .text  00000000000000dc  Base        _ZNSt8__detail18__from_chars_digitImEEbRPKcS2_RT_i
000000000002af00  w   DF .text  00000000000000ce  Base        _ZStplIcSt11char_traitsIcESaIcEENSt7__cxx1112basic_stringIT_T0_T1_EEOS8_PKS5_
0000000000026100  w   DF .text  0000000000000062  Base        _ZNSt12_Vector_baseIhSaIhEED2Ev

Most are related to C++ standard library (like vector), it seems? I wonder if there's a way to avoid this.

hebasto · 2022-06-05T11:17:50Z

@laanwj

Speaking of checking exported symbols, I checked libbitcoinconsensus.so from 23.0 and there's a ton of unnecessary symbols being exported:

Most are related to C++ standard library (like vector), it seems? I wonder if there's a way to avoid this.

It appears, #24994 fixes it:

$ objdump -T bitcoin-c28bb15a117e-x86_64-linux-gnu/bitcoin-c28bb15a117e/lib/libbitcoinconsensus.so.0 | grep -v UND

bitcoin-c28bb15a117e-x86_64-linux-gnu/bitcoin-c28bb15a117e/lib/libbitcoinconsensus.so.0:     file format elf64-x86-64

DYNAMIC SYMBOL TABLE:
0000000000003000 g    DF .init	0000000000000000  Base        _init
0000000000045494 g    DF .fini	0000000000000000  Base        _fini
0000000000004de0 g    DF .text	0000000000000037  Base        bitcoinconsensus_version
0000000000005230 g    DF .text	0000000000000049  Base        bitcoinconsensus_verify_script_with_amount
0000000000005280 g    DF .text	000000000000006d  Base        bitcoinconsensus_verify_script

laanwj · 2022-06-27T07:28:55Z

It appears, #24994 fixes it:

That's beautiful!

DrahtBot · 2022-07-09T02:01:10Z

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Reviews

See the guideline for information on the review process.

Type	Reviewers
Concept ACK	laanwj

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

#25573 ([POC] guix: produce a fully -static-pie x86_64 bitcoind using GCC and glibc by fanquake)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

jarolrod · 2022-07-29T04:28:39Z

GUIX hashes

x86:

$ find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum

685eafd7b1826282626d56c3163675f439075175f4f2260ec9888d3409455d49  guix-build-39947be79510/output/aarch64-linux-gnu/SHA256SUMS.part
767b608e51868ba8dcf3ea3ad6eedbed33dbb90e2cd9eb0e1474bf83189e3134  guix-build-39947be79510/output/aarch64-linux-gnu/bitcoin-39947be79510-aarch64-linux-gnu-debug.tar.gz
66705528b8caf1a084b5f0b2243899334c882144ead3c9c8da4395283a6cb08b  guix-build-39947be79510/output/aarch64-linux-gnu/bitcoin-39947be79510-aarch64-linux-gnu.tar.gz
3d2e68cd61c69a78285f6f9af4391767b0051130e17d36522e2773a78590f875  guix-build-39947be79510/output/arm-linux-gnueabihf/SHA256SUMS.part
b3e8e66bb49599630b6f0ed8afdf36b659752e5db9d7d624969ea9b7baf12350  guix-build-39947be79510/output/arm-linux-gnueabihf/bitcoin-39947be79510-arm-linux-gnueabihf-debug.tar.gz
8ba02617f70e311bcce65a042f9bf6f61438180fba1778bb16e207e9800d5e53  guix-build-39947be79510/output/arm-linux-gnueabihf/bitcoin-39947be79510-arm-linux-gnueabihf.tar.gz
1cf0a2d9d5ea4bd3cce72ef3b85346ab7a88408f3abb4d950f889a5a0fa4493d  guix-build-39947be79510/output/arm64-apple-darwin/SHA256SUMS.part
10701eb3db3c5e149671de41c869660a477657ddcf36eeff2fb5ed26d8d80e1f  guix-build-39947be79510/output/arm64-apple-darwin/bitcoin-39947be79510-arm64-apple-darwin-unsigned.dmg
da367910b71a8276ae3d037754d98eaf2160b0ddd1b239a9e158a2b10f994dd6  guix-build-39947be79510/output/arm64-apple-darwin/bitcoin-39947be79510-arm64-apple-darwin-unsigned.tar.gz
257d838cecaa16696369cff794cc6cd40ce937a3536c20947116e35244ec9cfb  guix-build-39947be79510/output/arm64-apple-darwin/bitcoin-39947be79510-arm64-apple-darwin.tar.gz
eba655f2303debef2332e57b14be2639c1c2e0f9e94b40ea0709e79868cb7ac5  guix-build-39947be79510/output/dist-archive/bitcoin-39947be79510.tar.gz
22e90ffa6022d6cbf4fa6e61e1ac4072fe7143af798ad8439f270854ac872c54  guix-build-39947be79510/output/powerpc64-linux-gnu/SHA256SUMS.part
9bdd90ab918ff84be1011162e768195accf93a7cf9f9b01c2e3aff130ed8676c  guix-build-39947be79510/output/powerpc64-linux-gnu/bitcoin-39947be79510-powerpc64-linux-gnu-debug.tar.gz
22895d20bc3758dbb8b98e9c4ab42e447ce83af19ff259ea32ed15889907e972  guix-build-39947be79510/output/powerpc64-linux-gnu/bitcoin-39947be79510-powerpc64-linux-gnu.tar.gz
278f5e8d22b9aacb08926d888d02d0e8cf16be325d8667fa99272297d78bad70  guix-build-39947be79510/output/powerpc64le-linux-gnu/SHA256SUMS.part
0691d58065ef1442d04e7213c288ab0209825a0a0ea6f58b390fb33d604805e8  guix-build-39947be79510/output/powerpc64le-linux-gnu/bitcoin-39947be79510-powerpc64le-linux-gnu-debug.tar.gz
a25aad55afd40b639f83ed47c4b5c3b4d5f79f561ba2836b49c58145641b3dfd  guix-build-39947be79510/output/powerpc64le-linux-gnu/bitcoin-39947be79510-powerpc64le-linux-gnu.tar.gz
9d0e17eda2b4c7a61e602a047fb410ced01ba61065e45b8c3a0229ebec4f1970  guix-build-39947be79510/output/riscv64-linux-gnu/SHA256SUMS.part
1bf94397e26474bb44cf0c330325733accbf90a773f8b3e8d4b26873fca399ad  guix-build-39947be79510/output/riscv64-linux-gnu/bitcoin-39947be79510-riscv64-linux-gnu-debug.tar.gz
70cb2fce41838a0147bdaec6647c747082793e53c1866bd2da459a1a6824fbc6  guix-build-39947be79510/output/riscv64-linux-gnu/bitcoin-39947be79510-riscv64-linux-gnu.tar.gz
4d471e209f6064eb7dc58bc19ee863453d6721847a0356ef5d5ad593b8bbbb73  guix-build-39947be79510/output/x86_64-apple-darwin/SHA256SUMS.part
64db9126af7e8e8cb8a6f52d656ebe041fc8f306bff3ca6b5b2d1ad84296a0fc  guix-build-39947be79510/output/x86_64-apple-darwin/bitcoin-39947be79510-x86_64-apple-darwin-unsigned.dmg
2e5f2a30f949974ceebda65237dc9ebb9414090142aba1ab974581fda271790d  guix-build-39947be79510/output/x86_64-apple-darwin/bitcoin-39947be79510-x86_64-apple-darwin-unsigned.tar.gz
8a3d18b0d926d7af4e13d29cb49babfbf69d3bb3da3119f9891ca559cece4e59  guix-build-39947be79510/output/x86_64-apple-darwin/bitcoin-39947be79510-x86_64-apple-darwin.tar.gz
e05ba2639a4c34e905417ab980faddd828a212569e6c73f7a8f8be58ee9323bb  guix-build-39947be79510/output/x86_64-linux-gnu/SHA256SUMS.part
1ce9d619f3d7e0d83e8f1aac7372a5945d31ca25bd29763044736a3635a946de  guix-build-39947be79510/output/x86_64-linux-gnu/bitcoin-39947be79510-x86_64-linux-gnu-debug.tar.gz
c6f4a0406d31735423a9bafcaeb48f4317c7f323f74830972a5a3fc4f0e6fa29  guix-build-39947be79510/output/x86_64-linux-gnu/bitcoin-39947be79510-x86_64-linux-gnu.tar.gz
433b3a7cdb3b4e6b152b065d6b7d9fa97efa6d99a28ca238c5f8e5fdc29d2015  guix-build-39947be79510/output/x86_64-w64-mingw32/SHA256SUMS.part
cbcc56d16fea9a4fda26b6ea2c76984ccf4afa83334b147241a2a266ae8a5edc  guix-build-39947be79510/output/x86_64-w64-mingw32/bitcoin-39947be79510-win64-debug.zip
191c2cb75a46f4e77274e699d90f6e26d38383ebf20eff90489f02d94cfd6bad  guix-build-39947be79510/output/x86_64-w64-mingw32/bitcoin-39947be79510-win64-setup-unsigned.exe
89fdd8f58ba6b1b66a9c1ff0e15b5103be446b0c1365918930a37213f71f9da4  guix-build-39947be79510/output/x86_64-w64-mingw32/bitcoin-39947be79510-win64-unsigned.tar.gz
f1ee2b31ba734de374c20f842de941565dad7f91cc9e315d8d070d5da763aebd  guix-build-39947be79510/output/x86_64-w64-mingw32/bitcoin-39947be79510-win64.zip

arm64:

$ env HOSTS='arm-linux-gnueabihf arm64-apple-darwin powerpc64-linux-gnu powerpc64le-linux-gnu riscv64-linux-gnu x86_64-apple-darwin x86_64-linux-gnu x86_64-w64-mingw32' ./contrib/guix/guix-build
$ find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum

014f518074afd8db1c2f0280640159737d097aeeb330269622859f9a8c6839e7  guix-build-39947be79510/output/arm-linux-gnueabihf/SHA256SUMS.part
3f7d1b51158355f9f0d1861359f99cbbaf2c2129e1333b5e70ebd9d869e0bad9  guix-build-39947be79510/output/arm-linux-gnueabihf/bitcoin-39947be79510-arm-linux-gnueabihf-debug.tar.gz
77f51ce9a46f19f3f76d93f32aa55bee54838012438edcc9fafcb60ff1646245  guix-build-39947be79510/output/arm-linux-gnueabihf/bitcoin-39947be79510-arm-linux-gnueabihf.tar.gz
4e04ed55cc8edbdef142ea49fe0fee8f5d7b608200a08cc9277949b9e0bd9729  guix-build-39947be79510/output/arm64-apple-darwin/SHA256SUMS.part
b2e9994348e1e530350557717fcc7e27fe3b88fb7de443f89aa37e16c5be055a  guix-build-39947be79510/output/arm64-apple-darwin/bitcoin-39947be79510-arm64-apple-darwin-unsigned.dmg
3e27e59e62e88fe6864811464ffb8773ec6d46c1e4057f0fb07d97ebdcd19bee  guix-build-39947be79510/output/arm64-apple-darwin/bitcoin-39947be79510-arm64-apple-darwin-unsigned.tar.gz
5e50fb1743fe3c636747768b4de4661b42513b709bea86bbd7c0f767ef37b60d  guix-build-39947be79510/output/arm64-apple-darwin/bitcoin-39947be79510-arm64-apple-darwin.tar.gz
eba655f2303debef2332e57b14be2639c1c2e0f9e94b40ea0709e79868cb7ac5  guix-build-39947be79510/output/dist-archive/bitcoin-39947be79510.tar.gz
91bb02e0756bfe35a5ec893a4b6ce1b7ef3fec815b241710ebbf48745fafe3a2  guix-build-39947be79510/output/powerpc64-linux-gnu/SHA256SUMS.part
d4689b64c02c408c6cc2e463354186d958019610b4b3de5ae85f20dbcdc1c2ee  guix-build-39947be79510/output/powerpc64-linux-gnu/bitcoin-39947be79510-powerpc64-linux-gnu-debug.tar.gz
af9fb50aef2a198e8ae69dde784343e423373f96767f5a291c79f1748fc29343  guix-build-39947be79510/output/powerpc64-linux-gnu/bitcoin-39947be79510-powerpc64-linux-gnu.tar.gz
b914013794cc88dc15e595c731245f3915d32d34c088c0b71b721f494b7140c5  guix-build-39947be79510/output/powerpc64le-linux-gnu/SHA256SUMS.part
c4218a3de76d470db7134465c6250f9a53137d25199ed280dc40a4b2b366c1d8  guix-build-39947be79510/output/powerpc64le-linux-gnu/bitcoin-39947be79510-powerpc64le-linux-gnu-debug.tar.gz
38cdc7cb10049849c5600cb592389f1d9f2b993485c05403dae1c06283de7182  guix-build-39947be79510/output/powerpc64le-linux-gnu/bitcoin-39947be79510-powerpc64le-linux-gnu.tar.gz
f803397aa1e0352a7f23fa906002814a7837e547182d471abb14ec5def3551d6  guix-build-39947be79510/output/riscv64-linux-gnu/SHA256SUMS.part
a48852558522c224a794d1a09ddf36ba4b2a5adbd86651c734626c3399ee51fd  guix-build-39947be79510/output/riscv64-linux-gnu/bitcoin-39947be79510-riscv64-linux-gnu-debug.tar.gz
cf282980458922da5ef570ea7a6072338368a14fd0aa35f6172e1cb75b56f4b0  guix-build-39947be79510/output/riscv64-linux-gnu/bitcoin-39947be79510-riscv64-linux-gnu.tar.gz
4d471e209f6064eb7dc58bc19ee863453d6721847a0356ef5d5ad593b8bbbb73  guix-build-39947be79510/output/x86_64-apple-darwin/SHA256SUMS.part
64db9126af7e8e8cb8a6f52d656ebe041fc8f306bff3ca6b5b2d1ad84296a0fc  guix-build-39947be79510/output/x86_64-apple-darwin/bitcoin-39947be79510-x86_64-apple-darwin-unsigned.dmg
2e5f2a30f949974ceebda65237dc9ebb9414090142aba1ab974581fda271790d  guix-build-39947be79510/output/x86_64-apple-darwin/bitcoin-39947be79510-x86_64-apple-darwin-unsigned.tar.gz
8a3d18b0d926d7af4e13d29cb49babfbf69d3bb3da3119f9891ca559cece4e59  guix-build-39947be79510/output/x86_64-apple-darwin/bitcoin-39947be79510-x86_64-apple-darwin.tar.gz
5c4ef430b11b92f4e09e7acf800eb6efd22af78808956da15451a87a80cd7a5f  guix-build-39947be79510/output/x86_64-linux-gnu/SHA256SUMS.part
3da30e0ddb006ecc9914fc3fe2f3d01947e2614c00393fa3e3d3a97b4fa7ea67  guix-build-39947be79510/output/x86_64-linux-gnu/bitcoin-39947be79510-x86_64-linux-gnu-debug.tar.gz
ed6b6c5a3dee4a72ccf6a26db21be539826bfda29c63a6fd878a3abf3d53a687  guix-build-39947be79510/output/x86_64-linux-gnu/bitcoin-39947be79510-x86_64-linux-gnu.tar.gz
5a5e316f09135df7282845d3ac1a7298f15642ad647e3ae7c4b287ee185fd0b1  guix-build-39947be79510/output/x86_64-w64-mingw32/SHA256SUMS.part
e98d34d9c57daaab228c63f8923c9a81a256e4dd1e25610d5bd9a13111fb481a  guix-build-39947be79510/output/x86_64-w64-mingw32/bitcoin-39947be79510-win64-debug.zip
191c2cb75a46f4e77274e699d90f6e26d38383ebf20eff90489f02d94cfd6bad  guix-build-39947be79510/output/x86_64-w64-mingw32/bitcoin-39947be79510-win64-setup-unsigned.exe
89fdd8f58ba6b1b66a9c1ff0e15b5103be446b0c1365918930a37213f71f9da4  guix-build-39947be79510/output/x86_64-w64-mingw32/bitcoin-39947be79510-win64-unsigned.tar.gz
572f9eb018017ae054620cd81a4751e90795297722013f20540c136333196447  guix-build-39947be79510/output/x86_64-w64-mingw32/bitcoin-39947be79510-win64.zip

fanquake

Is this change (going to be) dependant on #24994, or not? If so, maybe mark as a draft for now, and add that to the PR description?

Looks like there's still review comments outstanding, i.e here: https://github.com/bitcoin/bitcoin/pull/25020/files#r885641952 and here: https://github.com/bitcoin/bitcoin/pull/25020/files#r885637804.

fanquake · 2022-12-05T12:03:24Z

src/Makefile.am

 	@echo "Running symbol and dynamic library checks..."
-	$(AM_V_at) $(PYTHON) $(top_srcdir)/contrib/devtools/symbol-check.py $(bin_PROGRAMS)
+	$(AM_V_at) $(PYTHON) $(top_srcdir)/contrib/devtools/symbol-check.py $(bin_PROGRAMS) $(builddir)/.libs/$$(echo $(LIBBITCOINCONSENSUS) | sed "s/.la//")$(LIBEXT)


Is there a nicer way to do this? Would rather not re-introduce sed.

fanquake · 2022-12-05T12:03:59Z

contrib/devtools/test-symbol-check.py

@@ -117,7 +117,7 @@ def test_MACHO(self):
        ''')

        self.assertEqual(call_symbol_check(cc, source, executable, ['-lexpat', '-Wl,-platform_version','-Wl,macos', '-Wl,11.4', '-Wl,11.4']),
-            (1, 'libexpat.1.dylib is not in ALLOWED_LIBRARIES!\n' +
+            (1, f'{executable}: libexpat.1.dylib is not in ALLOWED_LIBRARIES!\n' +


I don't think adding the executable name to every line is an improvement. It's already printed in the failure.

fanquake · 2022-12-05T12:14:59Z

contrib/devtools/symbol-check.py

-            print(f'{split[-1]} is not in ALLOWED_LIBRARIES!')
+    for dylib in binary.concrete.libraries:
+        library = dylib.name.split('/')[-1]
+        if binary.abstract.header.object_type == lief.OBJECT_TYPES.LIBRARY and library == 'libbitcoinconsensus.0.dylib':


In general, I don't really like how these changes are mixing up the binary and library checks.

fanquake · 2022-12-05T12:15:42Z

contrib/devtools/symbol-check.py

                print(f'{filename}: symbol {symbol.name} from unsupported version {version}')
                ok = False
    return ok

 def check_exported_symbols(binary) -> bool:
    ok: bool = True
+    if binary.abstract.header.object_type == lief.OBJECT_TYPES.LIBRARY:
+        return ok


I think the PR should be renamed then? If it's not actually doing the thing in the PR title.

hebasto · 2022-12-14T13:49:07Z

Is this change (going to be) dependant on #24994, or not? If so, maybe mark as a draft for now, and add that to the PR description?

Drafted.

fanquake · 2023-02-14T15:52:53Z

contrib/devtools/symbol-check.py

 'KERNEL32.dll', # win32 base APIs
 'msvcrt.dll', # C standard library for MSVC
+'libssp-0.dll', # mingw-w64 stack smashing protection


NACK. This is accomodating a bug (in the DLL), and doing so in such a way, that it could leak into the actual binaries.

This is accomodating a bug...

Which one?

Non-static libssp.

hebasto · 2023-02-23T14:35:08Z

Is this change (going to be) dependant on #24994, or not? If so, maybe mark as a draft for now, and add that to the PR description?

Drafted.

Closing.

hebasto added 4 commits April 28, 2022 18:56

contrib, refactor: Replace split->library in check_MACHO_libraries

319db4c

contrib: Use filename in symbol-check.py output consistently

4df1451

contrib: Always explicitly cast lief.Binary object

2012abe

contrib: Check symbols in the bitcoinconsensus shared library

39947be

laanwj added Build system Scripts and tools labels Apr 28, 2022

laanwj reviewed May 3, 2022

View reviewed changes

fanquake reviewed May 3, 2022

View reviewed changes

laanwj reviewed May 31, 2022

View reviewed changes

hebasto mentioned this pull request Jun 5, 2022

build: Build libbitcoinconsensus from its own convenience library #24994

Closed

DrahtBot mentioned this pull request Jul 8, 2022

[POC] guix: produce a fully -static-pie bitcoind #25573

Draft

hebasto mentioned this pull request Aug 22, 2022

Add tools/symbol-check.py bitcoin-core/secp256k1#1135

Closed

fanquake reviewed Dec 5, 2022

View reviewed changes

hebasto marked this pull request as draft December 14, 2022 13:48

hebasto mentioned this pull request Dec 14, 2022

Unnecessary symbols being exported in libbitcoinconsensus.so #26698

Closed

willcl-ark mentioned this pull request Dec 16, 2022

build: special instruction check script #26693

Closed

fanquake reviewed Feb 14, 2023

View reviewed changes

hebasto closed this Feb 23, 2023

bitcoin locked and limited conversation to collaborators Feb 23, 2024

contrib: Check symbols in the bitcoinconsensus shared library #25020

contrib: Check symbols in the bitcoinconsensus shared library #25020

Uh oh!

Conversation

hebasto commented Apr 28, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Guix builds on x86_64:

Uh oh!

laanwj commented May 3, 2022

Uh oh!

laanwj May 3, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

laanwj commented May 31, 2022

Uh oh!

hebasto commented Jun 5, 2022

Uh oh!

laanwj commented Jun 27, 2022

Uh oh!

DrahtBot commented Jul 9, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviews

Conflicts

Uh oh!

jarolrod commented Jul 29, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

fanquake left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

hebasto commented Dec 14, 2022

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

hebasto commented Feb 23, 2023

Uh oh!

Uh oh!

contrib: Check symbols in the `bitcoinconsensus` shared library #25020

contrib: Check symbols in the `bitcoinconsensus` shared library #25020

hebasto commented Apr 28, 2022 •

edited

Loading

Guix builds on `x86_64`:

laanwj May 3, 2022 •

edited

Loading

DrahtBot commented Jul 9, 2022 •

edited

Loading

jarolrod commented Jul 29, 2022 •

edited

Loading