scripts: make security checks architecture independent #23838

fanquake · 2021-12-22T02:41:56Z

This paves the way for using and checking for architecture dependent flags like -fcf-protection on x86_64 Linux and -mbranch-protection on 64 bit ARM.

While we need a workaround for RISCV arch detection, I sent a change upstream (lief-project/LIEF#640), which has been merged. So we can drop this workaround along with our other RISCV workarounds (i.e lief-project/LIEF#562) with the next LIEF release.

Required for #19075, #21851, #21888 etc.

Guix build:

bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
c57bcad9d763aae223a256283fef6243d79e0df46c5b5706dc9034a87df56694  guix-build-b9898aeeaa6a/output/aarch64-linux-gnu/SHA256SUMS.part
f16fb8f0a2d4dfd576fea440c487722d076f3db9d10ec0480b2f94df0c92a6a3  guix-build-b9898aeeaa6a/output/aarch64-linux-gnu/bitcoin-b9898aeeaa6a-aarch64-linux-gnu-debug.tar.gz
0e6e660eca7484ddb160b3d62d8867cf171044e81e719de899cd9b8b898cc614  guix-build-b9898aeeaa6a/output/aarch64-linux-gnu/bitcoin-b9898aeeaa6a-aarch64-linux-gnu.tar.gz
29f14e305a280dc1d33a1f2d660db952caf6f3a9aeff9ab9560f122821269ab2  guix-build-b9898aeeaa6a/output/arm-linux-gnueabihf/SHA256SUMS.part
26477f58601363dfe8eb2639472f71943bc341d415b6190316af232f363f5485  guix-build-b9898aeeaa6a/output/arm-linux-gnueabihf/bitcoin-b9898aeeaa6a-arm-linux-gnueabihf-debug.tar.gz
372be53fd6d7fedad1bddc45cd9d1ce34cff376eaae4f613e2aa2465728fba82  guix-build-b9898aeeaa6a/output/arm-linux-gnueabihf/bitcoin-b9898aeeaa6a-arm-linux-gnueabihf.tar.gz
39778c9d2949deaba404c90b930e5a0b72663bb05e9d82e93439be131fd622e3  guix-build-b9898aeeaa6a/output/dist-archive/bitcoin-b9898aeeaa6a.tar.gz
599eee817b364b0348034a3e8c97b4bb1a35a78e3ba3472f7589f7a241947b51  guix-build-b9898aeeaa6a/output/powerpc64-linux-gnu/SHA256SUMS.part
ade0c5ac07d467aa73f85d2a08c3fc3b311816869a2b6903bba4b4e6c88ad9d2  guix-build-b9898aeeaa6a/output/powerpc64-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64-linux-gnu-debug.tar.gz
c63db0e2570756df0b459e6114f01f0b47972ba8d81fcd9568edee95dfade23b  guix-build-b9898aeeaa6a/output/powerpc64-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64-linux-gnu.tar.gz
dc4e6ba6958e534161a54669ff5d75bc312cfeb92567cc2092235eed0e2f6aa7  guix-build-b9898aeeaa6a/output/powerpc64le-linux-gnu/SHA256SUMS.part
3ce4c7e50915f72f24fcd24e1e1bc8460cdf2c065e390cf5f626c4cffd50961c  guix-build-b9898aeeaa6a/output/powerpc64le-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64le-linux-gnu-debug.tar.gz
c8f4a8f10f16fab07547553f1f2580c4aa98ac63246fb30da0560a6367990dd1  guix-build-b9898aeeaa6a/output/powerpc64le-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64le-linux-gnu.tar.gz
8206937fefc76cc277cc7aa8762d7554575942a9e1704106d5ab9b6fe01d5408  guix-build-b9898aeeaa6a/output/riscv64-linux-gnu/SHA256SUMS.part
9530ee044927df02d96c3a9e5974d68b70a7105cb943b94e846c496c2d0579b9  guix-build-b9898aeeaa6a/output/riscv64-linux-gnu/bitcoin-b9898aeeaa6a-riscv64-linux-gnu-debug.tar.gz
fc4885db902c3205d3c1bc45c7e03375e621633efb419df37f145d11329bd6ed  guix-build-b9898aeeaa6a/output/riscv64-linux-gnu/bitcoin-b9898aeeaa6a-riscv64-linux-gnu.tar.gz
caedbc37d5aa5fbb0e370019ce5f1d5f6745b32153f562b0aee80aceec57deab  guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/SHA256SUMS.part
1b363dfde1d83530ec4deb0f24547c07446f5db99f327fe382a6e91b4b6cc454  guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/bitcoin-b9898aeeaa6a-osx-unsigned.dmg
bee82fe6e50a249eab21b6c97ad7436447489d0eabe3e5f7c992ba3b22dfc5ea  guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/bitcoin-b9898aeeaa6a-osx-unsigned.tar.gz
a935280e1229c69bdd29f32d4c894f1384e765872c68ea0dcdacdf897d4bc013  guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/bitcoin-b9898aeeaa6a-osx64.tar.gz
370a87e34e694fe44ba0cd809a1ba044bcc0e7e100b01d74a883069b3d754d1c  guix-build-b9898aeeaa6a/output/x86_64-linux-gnu/SHA256SUMS.part
46f8c3aa2c3a65f3fc73ddda344724e800bb463d80b062dc749ab76f4c21bc8c  guix-build-b9898aeeaa6a/output/x86_64-linux-gnu/bitcoin-b9898aeeaa6a-x86_64-linux-gnu-debug.tar.gz
9704b95152ebe582f8aa70bbab8f34ea5e32d80dfda948c019cb9f7d0982f36c  guix-build-b9898aeeaa6a/output/x86_64-linux-gnu/bitcoin-b9898aeeaa6a-x86_64-linux-gnu.tar.gz
8385a966601ab4b9dc11d4467435c26af93dce97b66f3d33d7a8f7a885ac326d  guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/SHA256SUMS.part
f46812804e79166e5440b678166ce2cc38b5628d1a9e312b3af138720cacc478  guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win-unsigned.tar.gz
1d7077fdc59ce6af2ea5bffaa5a2ab579f8e8382467a7140623a6a2c4a588a0c  guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win64-debug.zip
033fa4263ec91ca1e53ff652f12104c3c2aa7da9240a9b48bfa8f2341c79a225  guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win64-setup-unsigned.exe
b7fdc84dee75951c131747c00e1e3c2da87e6f98e9435ffe7fa350ecda6771e8  guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win64.zip

DrahtBot · 2021-12-22T13:05:32Z

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

#23839 (Linux: build with and test for control flow instrumentation on x86_64 by fanquake)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

jarolrod · 2021-12-22T19:53:26Z

@fanquake seeing significant differences between our hashes, will perform another build just in case:

find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum

99a5caf3da39142d3f13431e96fe8f4e653147802d2069f8149f5d54303d463a  guix-build-99f79d48dbe6/output/aarch64-linux-gnu/SHA256SUMS.part
eaa4a93e5874d58c243e3bde7d90c843046dc9897810d1f82ac693447c0700b3  guix-build-99f79d48dbe6/output/aarch64-linux-gnu/bitcoin-99f79d48dbe6-aarch64-linux-gnu-debug.tar.gz
c3c1f16cd6357a6f452009c6e7f8eda0e5f420c4023eb1316f0001938a4fbf13  guix-build-99f79d48dbe6/output/aarch64-linux-gnu/bitcoin-99f79d48dbe6-aarch64-linux-gnu.tar.gz
6bc078e5050db2230a06397d33299e1b299a1f933a4095d6b0fcd7ecb7f4443f  guix-build-99f79d48dbe6/output/arm-linux-gnueabihf/SHA256SUMS.part
61114dfd2f934b379e7076f4c40a4f99782e5776f8d96ff05b471f655bf5e0f0  guix-build-99f79d48dbe6/output/arm-linux-gnueabihf/bitcoin-99f79d48dbe6-arm-linux-gnueabihf-debug.tar.gz
bcf70313e75fd51b8e8ece7529b6d63f80d02e0e5b170c6dffce0a3ca52837fb  guix-build-99f79d48dbe6/output/arm-linux-gnueabihf/bitcoin-99f79d48dbe6-arm-linux-gnueabihf.tar.gz
f8c2cf035a9e6e644c0a92923c9aa147f3dc3adf63bca727a1f5df1468c7d636  guix-build-99f79d48dbe6/output/dist-archive/bitcoin-99f79d48dbe6.tar.gz
73516bb78b10ea9cd8ce97512c4b32f30b7c2431cc9ec571cedefbec57451cbe  guix-build-99f79d48dbe6/output/powerpc64-linux-gnu/SHA256SUMS.part
33d18df5a71a6d02ade4fe23fca73fdb4bbf923c69fb07a23d0d17112d727d81  guix-build-99f79d48dbe6/output/powerpc64-linux-gnu/bitcoin-99f79d48dbe6-powerpc64-linux-gnu-debug.tar.gz
379fe1f9fbc4636c4329b0e5ec0ddc9da108d733e60a756d7d3fa5e82d242f9e  guix-build-99f79d48dbe6/output/powerpc64-linux-gnu/bitcoin-99f79d48dbe6-powerpc64-linux-gnu.tar.gz
3b971e9861518a87dcba63fb4b33dbfb12df320a7d4563959652200915178968  guix-build-99f79d48dbe6/output/powerpc64le-linux-gnu/SHA256SUMS.part
55e287a16fc3986655fe4e3d9d7815eaec1314fc78b86e379d96d3657fa51f60  guix-build-99f79d48dbe6/output/powerpc64le-linux-gnu/bitcoin-99f79d48dbe6-powerpc64le-linux-gnu-debug.tar.gz
ee34f2ac16f98c802c01fa0d52ae41979d6c4a4b27c51ee15123901a914c33e8  guix-build-99f79d48dbe6/output/powerpc64le-linux-gnu/bitcoin-99f79d48dbe6-powerpc64le-linux-gnu.tar.gz
19c17a8776de676560d430ea93091a8a161ad97c054119a57420760ace521641  guix-build-99f79d48dbe6/output/riscv64-linux-gnu/SHA256SUMS.part
aa4ab425ab0bfba80dad3d5551375d423cab9ab0f95e55e4252521ac3ded7351  guix-build-99f79d48dbe6/output/riscv64-linux-gnu/bitcoin-99f79d48dbe6-riscv64-linux-gnu-debug.tar.gz
f09a83d478cd9cbe5976b698cfa9a791e8cdf0ef5aacaf5b1aab267d383410ec  guix-build-99f79d48dbe6/output/riscv64-linux-gnu/bitcoin-99f79d48dbe6-riscv64-linux-gnu.tar.gz
394d32c5c0dcfc6cf677921e67fab1668e9656c6ad7e981370d6e2928d6e5a94  guix-build-99f79d48dbe6/output/x86_64-apple-darwin/SHA256SUMS.part
6032f23238839bc23c935d829783a5951cb283d8d9f89bccee27cd4672d1acca  guix-build-99f79d48dbe6/output/x86_64-apple-darwin/bitcoin-99f79d48dbe6-osx-unsigned.dmg
f677ce82cb7ca9e7c5ad780c1831a800913842d095d229b6350c81eda0e90fa9  guix-build-99f79d48dbe6/output/x86_64-apple-darwin/bitcoin-99f79d48dbe6-osx-unsigned.tar.gz
f064c2ae8253c15f08a15c65b7f98ba16291917ee662857934a4dc79454ac741  guix-build-99f79d48dbe6/output/x86_64-apple-darwin/bitcoin-99f79d48dbe6-osx64.tar.gz
d432cfe8d626c77a963a842042b88b1e41c4b6ed7ff2823af03caaa71ecf60c3  guix-build-99f79d48dbe6/output/x86_64-linux-gnu/SHA256SUMS.part
26d464e258d77f90032905bc2c92c0b38004d2faf7a87a5872427979660fbc16  guix-build-99f79d48dbe6/output/x86_64-linux-gnu/bitcoin-99f79d48dbe6-x86_64-linux-gnu-debug.tar.gz
0742cb2dc5c01bac1dc7358ec614294f650522254292cceccbb599b06b1756bd  guix-build-99f79d48dbe6/output/x86_64-linux-gnu/bitcoin-99f79d48dbe6-x86_64-linux-gnu.tar.gz
5894ae50f2216ab09cee7bd5bd95d83e37fd9d0ce8095be3bf412e028d3da6ed  guix-build-99f79d48dbe6/output/x86_64-w64-mingw32/SHA256SUMS.part
4fbc9ef496c19459f4910e69250099cc61e7e15a42f28ba3bc01546653a64162  guix-build-99f79d48dbe6/output/x86_64-w64-mingw32/bitcoin-99f79d48dbe6-win-unsigned.tar.gz
7937d2ccddcddac8be9bcc11875beeb00d720fbad83fbb1047d74dec197e07b4  guix-build-99f79d48dbe6/output/x86_64-w64-mingw32/bitcoin-99f79d48dbe6-win64-debug.zip
e5942215f8370e786c84c3b52b0df88cde15964f141528b383dd9e6407a078d5  guix-build-99f79d48dbe6/output/x86_64-w64-mingw32/bitcoin-99f79d48dbe6-win64-setup-unsigned.exe
0e5a2ca35798a543045fdf0a8c6ce482d04ab7f51e5bc0caca071f1de665649c  guix-build-99f79d48dbe6/output/x86_64-w64-mingw32/bitcoin-99f79d48dbe6-win64.zip

fanquake · 2021-12-23T03:34:59Z

seeing significant differences between our hashes,

Given that there aren't any changes to code / dependencies here, that should be impossible. It'd the same as if we Guix built a PR which only modified a doc.md, and then got a mismatch. There must be some caching / local issue introducing non-determinism in either environment.

The main point of the Guix build in this PR is to show that the (test-)security checks are still passing.

DrahtBot · 2021-12-25T00:20:00Z

Guix builds

File	commit `f5c678e` (master)	commit `6d17393` (master and this pull)
SHA256SUMS.part	`119ecb82f676677d...`	`437a7cbabfd4864b...`
*-aarch64-linux-gnu-debug.tar.gz	`fcd033dbe8e15895...`	`4472c8de93ff1d05...`
*-aarch64-linux-gnu.tar.gz	`a4a0f754b012211f...`	`bddf527cf741b1a4...`
*-arm-linux-gnueabihf-debug.tar.gz	`bb27a8296c0830df...`	`305502f25975a33a...`
*-arm-linux-gnueabihf.tar.gz	`c8de00a0c77d5c9b...`	`e886dad3674f6dd8...`
*-osx-unsigned.dmg	`4e0d64bdd688ac98...`	`3900fbebecd216f1...`
*-osx-unsigned.tar.gz	`7fa8962c75bd7f97...`	`bf7eeb13f7038a48...`
*-osx64.tar.gz	`944ff88a436fa6b5...`	`2da4819d37b463c9...`
*-powerpc64-linux-gnu-debug.tar.gz	`41520a175df3850b...`	`1fe3505b4a61e2b1...`
*-powerpc64-linux-gnu.tar.gz	`cee75a0a0901ce37...`	`6354665f6ea84dc9...`
*-powerpc64le-linux-gnu-debug.tar.gz	`a04f59c12987ebe0...`	`7776ef4d15e7624c...`
*-powerpc64le-linux-gnu.tar.gz	`9d0ac8b9bd61dd70...`	`831038d7e3b924d1...`
*-riscv64-linux-gnu-debug.tar.gz	`d419be80ddb39493...`	`5cb2dba1fd6a8672...`
*-riscv64-linux-gnu.tar.gz	`bf80b023826496a6...`	`d8abcf17031b4b5a...`
*-win-unsigned.tar.gz	`863d58770c67a007...`	`16735f9bdcc1b2d3...`
*-win64-debug.zip	`7975dfea42b9d273...`	`ca5e329f773630b3...`
*-win64-setup-unsigned.exe	`c1c9b787a58d0ef1...`	`71d8b77820347c03...`
*-win64.zip	`7a696524a9649c62...`	`fd75d8097e0e323b...`
*-x86_64-linux-gnu-debug.tar.gz	`33c97f758ee05165...`	`f43560a45e45ca94...`
*-x86_64-linux-gnu.tar.gz	`2047b19ab3cc90e9...`	`0fb04a9574485040...`
*.tar.gz	`6d72705a3bce5ef0...`	`15e316d5f27cab34...`
guix_build.log	`e9b3e3211b436446...`	`a8f2a670780ed987...`
guix_build.log.diff		`4fe60f62618365c9...`

hebasto · 2021-12-25T09:25:25Z

Concept ACK.

hebasto · 2021-12-25T13:30:41Z

Guix builds:

$ find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
99a5caf3da39142d3f13431e96fe8f4e653147802d2069f8149f5d54303d463a  guix-build-99f79d48dbe6/output/aarch64-linux-gnu/SHA256SUMS.part
eaa4a93e5874d58c243e3bde7d90c843046dc9897810d1f82ac693447c0700b3  guix-build-99f79d48dbe6/output/aarch64-linux-gnu/bitcoin-99f79d48dbe6-aarch64-linux-gnu-debug.tar.gz
c3c1f16cd6357a6f452009c6e7f8eda0e5f420c4023eb1316f0001938a4fbf13  guix-build-99f79d48dbe6/output/aarch64-linux-gnu/bitcoin-99f79d48dbe6-aarch64-linux-gnu.tar.gz
6bc078e5050db2230a06397d33299e1b299a1f933a4095d6b0fcd7ecb7f4443f  guix-build-99f79d48dbe6/output/arm-linux-gnueabihf/SHA256SUMS.part
61114dfd2f934b379e7076f4c40a4f99782e5776f8d96ff05b471f655bf5e0f0  guix-build-99f79d48dbe6/output/arm-linux-gnueabihf/bitcoin-99f79d48dbe6-arm-linux-gnueabihf-debug.tar.gz
bcf70313e75fd51b8e8ece7529b6d63f80d02e0e5b170c6dffce0a3ca52837fb  guix-build-99f79d48dbe6/output/arm-linux-gnueabihf/bitcoin-99f79d48dbe6-arm-linux-gnueabihf.tar.gz
f8c2cf035a9e6e644c0a92923c9aa147f3dc3adf63bca727a1f5df1468c7d636  guix-build-99f79d48dbe6/output/dist-archive/bitcoin-99f79d48dbe6.tar.gz
73516bb78b10ea9cd8ce97512c4b32f30b7c2431cc9ec571cedefbec57451cbe  guix-build-99f79d48dbe6/output/powerpc64-linux-gnu/SHA256SUMS.part
33d18df5a71a6d02ade4fe23fca73fdb4bbf923c69fb07a23d0d17112d727d81  guix-build-99f79d48dbe6/output/powerpc64-linux-gnu/bitcoin-99f79d48dbe6-powerpc64-linux-gnu-debug.tar.gz
379fe1f9fbc4636c4329b0e5ec0ddc9da108d733e60a756d7d3fa5e82d242f9e  guix-build-99f79d48dbe6/output/powerpc64-linux-gnu/bitcoin-99f79d48dbe6-powerpc64-linux-gnu.tar.gz
3b971e9861518a87dcba63fb4b33dbfb12df320a7d4563959652200915178968  guix-build-99f79d48dbe6/output/powerpc64le-linux-gnu/SHA256SUMS.part
55e287a16fc3986655fe4e3d9d7815eaec1314fc78b86e379d96d3657fa51f60  guix-build-99f79d48dbe6/output/powerpc64le-linux-gnu/bitcoin-99f79d48dbe6-powerpc64le-linux-gnu-debug.tar.gz
0301e16d2a36391be0788afaa1fe4f61d9d9755db9a76c917f92b44d5f1140b9  guix-build-99f79d48dbe6/output/powerpc64le-linux-gnu/bitcoin-99f79d48dbe6-powerpc64le-linux-gnu.tar.gz
19c17a8776de676560d430ea93091a8a161ad97c054119a57420760ace521641  guix-build-99f79d48dbe6/output/riscv64-linux-gnu/SHA256SUMS.part
aa4ab425ab0bfba80dad3d5551375d423cab9ab0f95e55e4252521ac3ded7351  guix-build-99f79d48dbe6/output/riscv64-linux-gnu/bitcoin-99f79d48dbe6-riscv64-linux-gnu-debug.tar.gz
f09a83d478cd9cbe5976b698cfa9a791e8cdf0ef5aacaf5b1aab267d383410ec  guix-build-99f79d48dbe6/output/riscv64-linux-gnu/bitcoin-99f79d48dbe6-riscv64-linux-gnu.tar.gz
394d32c5c0dcfc6cf677921e67fab1668e9656c6ad7e981370d6e2928d6e5a94  guix-build-99f79d48dbe6/output/x86_64-apple-darwin/SHA256SUMS.part
6032f23238839bc23c935d829783a5951cb283d8d9f89bccee27cd4672d1acca  guix-build-99f79d48dbe6/output/x86_64-apple-darwin/bitcoin-99f79d48dbe6-osx-unsigned.dmg
f677ce82cb7ca9e7c5ad780c1831a800913842d095d229b6350c81eda0e90fa9  guix-build-99f79d48dbe6/output/x86_64-apple-darwin/bitcoin-99f79d48dbe6-osx-unsigned.tar.gz
f064c2ae8253c15f08a15c65b7f98ba16291917ee662857934a4dc79454ac741  guix-build-99f79d48dbe6/output/x86_64-apple-darwin/bitcoin-99f79d48dbe6-osx64.tar.gz
d432cfe8d626c77a963a842042b88b1e41c4b6ed7ff2823af03caaa71ecf60c3  guix-build-99f79d48dbe6/output/x86_64-linux-gnu/SHA256SUMS.part
26d464e258d77f90032905bc2c92c0b38004d2faf7a87a5872427979660fbc16  guix-build-99f79d48dbe6/output/x86_64-linux-gnu/bitcoin-99f79d48dbe6-x86_64-linux-gnu-debug.tar.gz
0742cb2dc5c01bac1dc7358ec614294f650522254292cceccbb599b06b1756bd  guix-build-99f79d48dbe6/output/x86_64-linux-gnu/bitcoin-99f79d48dbe6-x86_64-linux-gnu.tar.gz
5894ae50f2216ab09cee7bd5bd95d83e37fd9d0ce8095be3bf412e028d3da6ed  guix-build-99f79d48dbe6/output/x86_64-w64-mingw32/SHA256SUMS.part
4fbc9ef496c19459f4910e69250099cc61e7e15a42f28ba3bc01546653a64162  guix-build-99f79d48dbe6/output/x86_64-w64-mingw32/bitcoin-99f79d48dbe6-win-unsigned.tar.gz
7937d2ccddcddac8be9bcc11875beeb00d720fbad83fbb1047d74dec197e07b4  guix-build-99f79d48dbe6/output/x86_64-w64-mingw32/bitcoin-99f79d48dbe6-win64-debug.zip
e5942215f8370e786c84c3b52b0df88cde15964f141528b383dd9e6407a078d5  guix-build-99f79d48dbe6/output/x86_64-w64-mingw32/bitcoin-99f79d48dbe6-win64-setup-unsigned.exe
0e5a2ca35798a543045fdf0a8c6ce482d04ab7f51e5bc0caca071f1de665649c  guix-build-99f79d48dbe6/output/x86_64-w64-mingw32/bitcoin-99f79d48dbe6-win64.zip

They match @jarolrod's ones except for powerpc64le-linux-gnu.tar.gz.

contrib/devtools/security-check.py

laanwj · 2022-01-03T09:27:07Z

~~Code review ACK 99f79d4~~
Code review ACK b9898ae

This paves the way for using and checking for architecture dependent flags like -fcf-protection on x86_64 Linux and -mbranch-protection on 64 bit ARM.

hebasto · 2022-01-03T15:31:47Z

Guix builds:

$ find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
c57bcad9d763aae223a256283fef6243d79e0df46c5b5706dc9034a87df56694  guix-build-b9898aeeaa6a/output/aarch64-linux-gnu/SHA256SUMS.part
f16fb8f0a2d4dfd576fea440c487722d076f3db9d10ec0480b2f94df0c92a6a3  guix-build-b9898aeeaa6a/output/aarch64-linux-gnu/bitcoin-b9898aeeaa6a-aarch64-linux-gnu-debug.tar.gz
0e6e660eca7484ddb160b3d62d8867cf171044e81e719de899cd9b8b898cc614  guix-build-b9898aeeaa6a/output/aarch64-linux-gnu/bitcoin-b9898aeeaa6a-aarch64-linux-gnu.tar.gz
29f14e305a280dc1d33a1f2d660db952caf6f3a9aeff9ab9560f122821269ab2  guix-build-b9898aeeaa6a/output/arm-linux-gnueabihf/SHA256SUMS.part
26477f58601363dfe8eb2639472f71943bc341d415b6190316af232f363f5485  guix-build-b9898aeeaa6a/output/arm-linux-gnueabihf/bitcoin-b9898aeeaa6a-arm-linux-gnueabihf-debug.tar.gz
372be53fd6d7fedad1bddc45cd9d1ce34cff376eaae4f613e2aa2465728fba82  guix-build-b9898aeeaa6a/output/arm-linux-gnueabihf/bitcoin-b9898aeeaa6a-arm-linux-gnueabihf.tar.gz
39778c9d2949deaba404c90b930e5a0b72663bb05e9d82e93439be131fd622e3  guix-build-b9898aeeaa6a/output/dist-archive/bitcoin-b9898aeeaa6a.tar.gz
599eee817b364b0348034a3e8c97b4bb1a35a78e3ba3472f7589f7a241947b51  guix-build-b9898aeeaa6a/output/powerpc64-linux-gnu/SHA256SUMS.part
ade0c5ac07d467aa73f85d2a08c3fc3b311816869a2b6903bba4b4e6c88ad9d2  guix-build-b9898aeeaa6a/output/powerpc64-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64-linux-gnu-debug.tar.gz
c63db0e2570756df0b459e6114f01f0b47972ba8d81fcd9568edee95dfade23b  guix-build-b9898aeeaa6a/output/powerpc64-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64-linux-gnu.tar.gz
dc4e6ba6958e534161a54669ff5d75bc312cfeb92567cc2092235eed0e2f6aa7  guix-build-b9898aeeaa6a/output/powerpc64le-linux-gnu/SHA256SUMS.part
3ce4c7e50915f72f24fcd24e1e1bc8460cdf2c065e390cf5f626c4cffd50961c  guix-build-b9898aeeaa6a/output/powerpc64le-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64le-linux-gnu-debug.tar.gz
c8f4a8f10f16fab07547553f1f2580c4aa98ac63246fb30da0560a6367990dd1  guix-build-b9898aeeaa6a/output/powerpc64le-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64le-linux-gnu.tar.gz
8206937fefc76cc277cc7aa8762d7554575942a9e1704106d5ab9b6fe01d5408  guix-build-b9898aeeaa6a/output/riscv64-linux-gnu/SHA256SUMS.part
9530ee044927df02d96c3a9e5974d68b70a7105cb943b94e846c496c2d0579b9  guix-build-b9898aeeaa6a/output/riscv64-linux-gnu/bitcoin-b9898aeeaa6a-riscv64-linux-gnu-debug.tar.gz
fc4885db902c3205d3c1bc45c7e03375e621633efb419df37f145d11329bd6ed  guix-build-b9898aeeaa6a/output/riscv64-linux-gnu/bitcoin-b9898aeeaa6a-riscv64-linux-gnu.tar.gz
caedbc37d5aa5fbb0e370019ce5f1d5f6745b32153f562b0aee80aceec57deab  guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/SHA256SUMS.part
1b363dfde1d83530ec4deb0f24547c07446f5db99f327fe382a6e91b4b6cc454  guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/bitcoin-b9898aeeaa6a-osx-unsigned.dmg
bee82fe6e50a249eab21b6c97ad7436447489d0eabe3e5f7c992ba3b22dfc5ea  guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/bitcoin-b9898aeeaa6a-osx-unsigned.tar.gz
a935280e1229c69bdd29f32d4c894f1384e765872c68ea0dcdacdf897d4bc013  guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/bitcoin-b9898aeeaa6a-osx64.tar.gz
370a87e34e694fe44ba0cd809a1ba044bcc0e7e100b01d74a883069b3d754d1c  guix-build-b9898aeeaa6a/output/x86_64-linux-gnu/SHA256SUMS.part
46f8c3aa2c3a65f3fc73ddda344724e800bb463d80b062dc749ab76f4c21bc8c  guix-build-b9898aeeaa6a/output/x86_64-linux-gnu/bitcoin-b9898aeeaa6a-x86_64-linux-gnu-debug.tar.gz
9704b95152ebe582f8aa70bbab8f34ea5e32d80dfda948c019cb9f7d0982f36c  guix-build-b9898aeeaa6a/output/x86_64-linux-gnu/bitcoin-b9898aeeaa6a-x86_64-linux-gnu.tar.gz
8385a966601ab4b9dc11d4467435c26af93dce97b66f3d33d7a8f7a885ac326d  guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/SHA256SUMS.part
f46812804e79166e5440b678166ce2cc38b5628d1a9e312b3af138720cacc478  guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win-unsigned.tar.gz
1d7077fdc59ce6af2ea5bffaa5a2ab579f8e8382467a7140623a6a2c4a588a0c  guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win64-debug.zip
033fa4263ec91ca1e53ff652f12104c3c2aa7da9240a9b48bfa8f2341c79a225  guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win64-setup-unsigned.exe
b7fdc84dee75951c131747c00e1e3c2da87e6f98e9435ffe7fa350ecda6771e8  guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win64.zip

hebasto

ACK b9898ae

…endent b9898ae scripts: make security checks architecture independent (fanquake) Pull request description: This paves the way for using and checking for architecture dependent flags like `-fcf-protection` on x86_64 Linux and `-mbranch-protection` on 64 bit ARM. While we need a workaround for RISCV arch detection, I sent a change upstream (lief-project/LIEF#640), which has been merged. So we can drop this workaround along with our other RISCV workarounds (i.e lief-project/LIEF#562) with the next LIEF release. Required for bitcoin#19075, bitcoin#21851, bitcoin#21888 etc. Guix build: ```bash bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum c57bcad9d763aae223a256283fef6243d79e0df46c5b5706dc9034a87df56694 guix-build-b9898aeeaa6a/output/aarch64-linux-gnu/SHA256SUMS.part f16fb8f0a2d4dfd576fea440c487722d076f3db9d10ec0480b2f94df0c92a6a3 guix-build-b9898aeeaa6a/output/aarch64-linux-gnu/bitcoin-b9898aeeaa6a-aarch64-linux-gnu-debug.tar.gz 0e6e660eca7484ddb160b3d62d8867cf171044e81e719de899cd9b8b898cc614 guix-build-b9898aeeaa6a/output/aarch64-linux-gnu/bitcoin-b9898aeeaa6a-aarch64-linux-gnu.tar.gz 29f14e305a280dc1d33a1f2d660db952caf6f3a9aeff9ab9560f122821269ab2 guix-build-b9898aeeaa6a/output/arm-linux-gnueabihf/SHA256SUMS.part 26477f58601363dfe8eb2639472f71943bc341d415b6190316af232f363f5485 guix-build-b9898aeeaa6a/output/arm-linux-gnueabihf/bitcoin-b9898aeeaa6a-arm-linux-gnueabihf-debug.tar.gz 372be53fd6d7fedad1bddc45cd9d1ce34cff376eaae4f613e2aa2465728fba82 guix-build-b9898aeeaa6a/output/arm-linux-gnueabihf/bitcoin-b9898aeeaa6a-arm-linux-gnueabihf.tar.gz 39778c9d2949deaba404c90b930e5a0b72663bb05e9d82e93439be131fd622e3 guix-build-b9898aeeaa6a/output/dist-archive/bitcoin-b9898aeeaa6a.tar.gz 599eee817b364b0348034a3e8c97b4bb1a35a78e3ba3472f7589f7a241947b51 guix-build-b9898aeeaa6a/output/powerpc64-linux-gnu/SHA256SUMS.part ade0c5ac07d467aa73f85d2a08c3fc3b311816869a2b6903bba4b4e6c88ad9d2 guix-build-b9898aeeaa6a/output/powerpc64-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64-linux-gnu-debug.tar.gz c63db0e2570756df0b459e6114f01f0b47972ba8d81fcd9568edee95dfade23b guix-build-b9898aeeaa6a/output/powerpc64-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64-linux-gnu.tar.gz dc4e6ba6958e534161a54669ff5d75bc312cfeb92567cc2092235eed0e2f6aa7 guix-build-b9898aeeaa6a/output/powerpc64le-linux-gnu/SHA256SUMS.part 3ce4c7e50915f72f24fcd24e1e1bc8460cdf2c065e390cf5f626c4cffd50961c guix-build-b9898aeeaa6a/output/powerpc64le-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64le-linux-gnu-debug.tar.gz c8f4a8f10f16fab07547553f1f2580c4aa98ac63246fb30da0560a6367990dd1 guix-build-b9898aeeaa6a/output/powerpc64le-linux-gnu/bitcoin-b9898aeeaa6a-powerpc64le-linux-gnu.tar.gz 8206937fefc76cc277cc7aa8762d7554575942a9e1704106d5ab9b6fe01d5408 guix-build-b9898aeeaa6a/output/riscv64-linux-gnu/SHA256SUMS.part 9530ee044927df02d96c3a9e5974d68b70a7105cb943b94e846c496c2d0579b9 guix-build-b9898aeeaa6a/output/riscv64-linux-gnu/bitcoin-b9898aeeaa6a-riscv64-linux-gnu-debug.tar.gz fc4885db902c3205d3c1bc45c7e03375e621633efb419df37f145d11329bd6ed guix-build-b9898aeeaa6a/output/riscv64-linux-gnu/bitcoin-b9898aeeaa6a-riscv64-linux-gnu.tar.gz caedbc37d5aa5fbb0e370019ce5f1d5f6745b32153f562b0aee80aceec57deab guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/SHA256SUMS.part 1b363dfde1d83530ec4deb0f24547c07446f5db99f327fe382a6e91b4b6cc454 guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/bitcoin-b9898aeeaa6a-osx-unsigned.dmg bee82fe6e50a249eab21b6c97ad7436447489d0eabe3e5f7c992ba3b22dfc5ea guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/bitcoin-b9898aeeaa6a-osx-unsigned.tar.gz a935280e1229c69bdd29f32d4c894f1384e765872c68ea0dcdacdf897d4bc013 guix-build-b9898aeeaa6a/output/x86_64-apple-darwin/bitcoin-b9898aeeaa6a-osx64.tar.gz 370a87e34e694fe44ba0cd809a1ba044bcc0e7e100b01d74a883069b3d754d1c guix-build-b9898aeeaa6a/output/x86_64-linux-gnu/SHA256SUMS.part 46f8c3aa2c3a65f3fc73ddda344724e800bb463d80b062dc749ab76f4c21bc8c guix-build-b9898aeeaa6a/output/x86_64-linux-gnu/bitcoin-b9898aeeaa6a-x86_64-linux-gnu-debug.tar.gz 9704b95152ebe582f8aa70bbab8f34ea5e32d80dfda948c019cb9f7d0982f36c guix-build-b9898aeeaa6a/output/x86_64-linux-gnu/bitcoin-b9898aeeaa6a-x86_64-linux-gnu.tar.gz 8385a966601ab4b9dc11d4467435c26af93dce97b66f3d33d7a8f7a885ac326d guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/SHA256SUMS.part f46812804e79166e5440b678166ce2cc38b5628d1a9e312b3af138720cacc478 guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win-unsigned.tar.gz 1d7077fdc59ce6af2ea5bffaa5a2ab579f8e8382467a7140623a6a2c4a588a0c guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win64-debug.zip 033fa4263ec91ca1e53ff652f12104c3c2aa7da9240a9b48bfa8f2341c79a225 guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win64-setup-unsigned.exe b7fdc84dee75951c131747c00e1e3c2da87e6f98e9435ffe7fa350ecda6771e8 guix-build-b9898aeeaa6a/output/x86_64-w64-mingw32/bitcoin-b9898aeeaa6a-win64.zip ``` ACKs for top commit: laanwj: Code review ACK b9898ae hebasto: ACK b9898ae Tree-SHA512: d7e7c3eb33f54d44a2252f36871fdb77c182da18ee02078e8b5b4f91d02ec91f9e5c829160839b010b40670202ff05d2c702b7a3873b450878f21ade4dc0ab58

fanquake added Scripts and tools DrahtBot Guix build requested labels Dec 22, 2021

fanquake mentioned this pull request Dec 22, 2021

Linux: build with and test for control flow instrumentation on x86_64 #23839

Merged

fanquake changed the title ~~scipts: make security checks architecture independent~~ scripts: make security checks architecture independent Dec 22, 2021

fanquake requested a review from laanwj December 23, 2021 12:42

maflcko removed the DrahtBot Guix build requested label Dec 24, 2021

laanwj reviewed Jan 3, 2022

View reviewed changes

contrib/devtools/security-check.py Show resolved Hide resolved

scripts: make security checks architecture independent

b9898ae

This paves the way for using and checking for architecture dependent flags like -fcf-protection on x86_64 Linux and -mbranch-protection on 64 bit ARM.

fanquake force-pushed the arch_independent_sec_checks branch from 99f79d4 to b9898ae Compare January 3, 2022 13:37

hebasto approved these changes Jan 3, 2022

View reviewed changes

laanwj merged commit 8319c4e into bitcoin:master Jan 4, 2022

fanquake deleted the arch_independent_sec_checks branch January 4, 2022 14:49

bitcoin locked and limited conversation to collaborators Jan 4, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

scripts: make security checks architecture independent #23838

scripts: make security checks architecture independent #23838

Uh oh!

fanquake commented Dec 22, 2021 •

edited

Loading

Uh oh!

DrahtBot commented Dec 22, 2021

Uh oh!

jarolrod commented Dec 22, 2021

Uh oh!

fanquake commented Dec 23, 2021

Uh oh!

DrahtBot commented Dec 25, 2021

Uh oh!

hebasto commented Dec 25, 2021

Uh oh!

hebasto commented Dec 25, 2021

Uh oh!

Uh oh!

laanwj commented Jan 3, 2022 •

edited

Loading

Uh oh!

hebasto commented Jan 3, 2022

Uh oh!

hebasto left a comment

Uh oh!

Uh oh!

scripts: make security checks architecture independent #23838

scripts: make security checks architecture independent #23838

Uh oh!

Conversation

fanquake commented Dec 22, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

DrahtBot commented Dec 22, 2021

Conflicts

Uh oh!

jarolrod commented Dec 22, 2021

Uh oh!

fanquake commented Dec 23, 2021

Uh oh!

DrahtBot commented Dec 25, 2021

Guix builds

Uh oh!

hebasto commented Dec 25, 2021

Uh oh!

hebasto commented Dec 25, 2021

Guix builds:

Uh oh!

Uh oh!

laanwj commented Jan 3, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

hebasto commented Jan 3, 2022

Guix builds:

Uh oh!

hebasto left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

fanquake commented Dec 22, 2021 •

edited

Loading

laanwj commented Jan 3, 2022 •

edited

Loading