ecf5f2c1a0
42b589d18fed5e2b3cb6ac9937e3333619967a6c scripts: test for MACHO control flow instrumentation (fanquake) 469a5bc4fa74d70556cce454efbc38fb7945acd8 build: build Boost with -fcf-protection when targeting Darwin (fanquake) Pull request description: Addresses the macOS portion of #21888. Build Boost with `-fcf-protection` when targeting Darwin. This should be ok, because our cross-compiler (Clang 10) supports the option, and I'd expect all versions of Apple Clang being used to compile Core would also support it. Building Boost with this option is required so that the `main` provided to `test_bitcoin` has instrumentation. Note that the presence of instrumentation does not mean it will be used, as that is determined at runtime by the CPU. From the Intel control flow enforcement documentation: > The ENDBR32 and ENDBR64 instructions will have the same effect as the NOP instruction on Intel 64 processors that do not support CET. On processors supporting CET, these instructions do not change register or flag state. This allows CET instrumented programs to execute on processors that do not support CET. Even when CET is supported and enabled, these NOP–like instructions do not affect the execution state of the program, do not cause any additional register pressure, and are minimally intrusive from power and performance perspectives. Follow up from #21135. Guix builds: ```bash 663df8471400f06d4da739e39a886aa17f56a36d66e0ff7cc290686294ef39c9 guix-build-42b589d18fed/output/dist-archive/bitcoin-42b589d18fed.tar.gz 45e841661e1659a634468b6f8c9fb0a7956c31ba296f1fd0c02cd880736d6127 guix-build-42b589d18fed/output/x86_64-apple-darwin18/bitcoin-42b589d18fed-osx-unsigned.dmg 0ea85c99fef35429a5048fa14850bce6b900eaa887aeea419b019852f8d2be78 guix-build-42b589d18fed/output/x86_64-apple-darwin18/bitcoin-42b589d18fed-osx-unsigned.tar.gz 85857a5a4a5d4d3a172d6c361c12c4a94f6505fc12b527ea63b75bfe54ee1001 guix-build-42b589d18fed/output/x86_64-apple-darwin18/bitcoin-42b589d18fed-osx64.tar.gz ``` Gitian builds: ```bash # macOS: bdfd677a6b88273a741b433e1e7f554af50cc76b3342d44ab0c441e2b40efc96 bitcoin-42b589d18fed-osx-unsigned.dmg f3b2d09f3bea7a5cc489b02e8e53dd76a9922338500fae79cad0506655af56f9 bitcoin-42b589d18fed-osx-unsigned.tar.gz 29d5ad5e46bc9fb0056922a8b47c026e5e9f71e6cf447203b74644587d6fb6f7 bitcoin-42b589d18fed-osx64.tar.gz 663df8471400f06d4da739e39a886aa17f56a36d66e0ff7cc290686294ef39c9 src/bitcoin-42b589d18fed.tar.gz 366f8d7a2fc1f3e22cb1018043099126a71ce65380cc27b1c3280cce42d06c98 bitcoin-core-osx-22-res.yml ``` ACKs for top commit: laanwj: Code review ACK 42b589d18fed5e2b3cb6ac9937e3333619967a6c Tree-SHA512: 12cb8d462d64d845b9fe48c5c6978892adff8bf5b5572bb29f35df1f6176e47b32a68bcb6e4883c7d9454e76e8868851005a7325916852a2d0d32659ac7dae3f
Usage
To build dependencies for the current arch+OS:
make
To build for another arch/OS:
make HOST=host-platform-triplet
For example:
make HOST=x86_64-w64-mingw32 -j4
Bitcoin Core's configure script by default will ignore the depends output. In
order for it to pick up libraries, tools, and settings from the depends build,
you must set the CONFIG_SITE environment variable to point to a config.site settings file.
In the above example, a file named depends/x86_64-w64-mingw32/share/config.site will be
created. To use it during compilation:
CONFIG_SITE=$PWD/depends/x86_64-w64-mingw32/share/config.site ./configure
The default install prefix when using config.site is --prefix=depends/<host-platform-triplet>,
so depends build outputs will be installed in that location.
Common host-platform-triplets for cross compilation are:
i686-pc-linux-gnufor Linux 32 bitx86_64-pc-linux-gnufor x86 Linuxx86_64-w64-mingw32for Win64x86_64-apple-darwin18for macOSarm-linux-gnueabihffor Linux ARM 32 bitaarch64-linux-gnufor Linux ARM 64 bitpowerpc64-linux-gnufor Linux POWER 64-bit (big endian)powerpc64le-linux-gnufor Linux POWER 64-bit (little endian)riscv32-linux-gnufor Linux RISC-V 32 bitriscv64-linux-gnufor Linux RISC-V 64 bits390x-linux-gnufor Linux S390Xarmv7a-linux-androidfor Android ARM 32 bitaarch64-linux-androidfor Android ARM 64 biti686-linux-androidfor Android x86 32 bitx86_64-linux-androidfor Android x86 64 bit
The paths are automatically configured and no other options are needed unless targeting Android.
Install the required dependencies: Ubuntu & Debian
For macOS cross compilation
sudo apt-get install curl librsvg2-bin libtiff-tools bsdmainutils cmake imagemagick libz-dev python3-setuptools libtinfo5 xorriso
Note: You must obtain the macOS SDK before proceeding with a cross-compile.
Under the depends directory, create a subdirectory named SDKs.
Then, place the extracted SDK under this new directory.
For more information, see SDK Extraction.
For Win64 cross compilation
- see build-windows.md
For linux (including i386, ARM) cross compilation
Common linux dependencies:
sudo apt-get install make automake cmake curl g++-multilib libtool binutils-gold bsdmainutils pkg-config python3 patch bison
For linux ARM cross compilation:
sudo apt-get install g++-arm-linux-gnueabihf binutils-arm-linux-gnueabihf
For linux AARCH64 cross compilation:
sudo apt-get install g++-aarch64-linux-gnu binutils-aarch64-linux-gnu
For linux POWER 64-bit cross compilation (there are no packages for 32-bit):
sudo apt-get install g++-powerpc64-linux-gnu binutils-powerpc64-linux-gnu g++-powerpc64le-linux-gnu binutils-powerpc64le-linux-gnu
For linux RISC-V 64-bit cross compilation (there are no packages for 32-bit):
sudo apt-get install g++-riscv64-linux-gnu binutils-riscv64-linux-gnu
RISC-V known issue: gcc-7.3.0 and gcc-7.3.1 result in a broken test_bitcoin executable (see https://github.com/bitcoin/bitcoin/pull/13543),
this is apparently fixed in gcc-8.1.0.
For linux S390X cross compilation:
sudo apt-get install g++-s390x-linux-gnu binutils-s390x-linux-gnu
Dependency Options
The following can be set when running make: make FOO=bar
SOURCES_PATH: Downloaded sources will be placed hereBASE_CACHE: Built packages will be placed hereSDK_PATH: Path where SDKs can be found (used by macOS)FALLBACK_DOWNLOAD_PATH: If a source file can't be fetched, try here before giving upNO_QT: Don't download/build/cache Qt and its dependenciesNO_QR: Don't download/build/cache packages needed for enabling qrencodeNO_ZMQ: Don't download/build/cache packages needed for enabling ZeroMQNO_WALLET: Don't download/build/cache libs needed to enable the walletNO_BDB: Don't download/build/cache BerkeleyDBNO_SQLITE: Don't download/build/cache SQLiteNO_UPNP: Don't download/build/cache packages needed for enabling UPnPNO_NATPMP: Don't download/build/cache packages needed for enabling NAT-PMPALLOW_HOST_PACKAGES: Packages that are missed in dependencies (due toNO_*option or build script logic) are searched for among the host system packages usingpkg-config. It allows building with packages of other (newer) versionsMULTIPROCESS: Build libmultiprocess (experimental, requires CMake)DEBUG: Disable some optimizations and enable more runtime checkingHOST_ID_SALT: Optional salt to use when generating host package idsBUILD_ID_SALT: Optional salt to use when generating build package idsFORCE_USE_SYSTEM_CLANG: (EXPERTS ONLY) When cross-compiling for macOS, use Clang found in the system's$PATHrather than the default prebuilt release of Clang from llvm.org. Clang 8 or later is required.
If some packages are not built, for example make NO_WALLET=1, the appropriate
options will be passed to bitcoin's configure. In this case, --disable-wallet.
Additional targets
download: run 'make download' to fetch all sources without building them
download-osx: run 'make download-osx' to fetch all sources needed for macOS builds
download-win: run 'make download-win' to fetch all sources needed for win builds
download-linux: run 'make download-linux' to fetch all sources needed for linux builds
Android
Before proceeding with an Android build one needs to get the Android SDK and use the "SDK Manager" tool to download the NDK and one or more "Platform packages" (these are Android versions and have a corresponding API level).
In order to build ANDROID_API_LEVEL (API level corresponding to the Android version targeted, e.g. Android 9.0 Pie is 28 and its "Platform package" needs to be available) and ANDROID_TOOLCHAIN_BIN (path to toolchain binaries depending on the platform the build is being performed on) need to be set.
API levels from 24 to 29 have been tested to work.
If the build includes Qt, environment variables ANDROID_SDK and ANDROID_NDK need to be set as well but can otherwise be omitted.
This is an example command for a default build with no disabled dependencies:
ANDROID_SDK=/home/user/Android/Sdk ANDROID_NDK=/home/user/Android/Sdk/ndk-bundle make HOST=aarch64-linux-android ANDROID_API_LEVEL=28 ANDROID_TOOLCHAIN_BIN=/home/user/Android/Sdk/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin
Other documentation
- description.md: General description of the depends system
- packages.md: Steps for adding packages