contrib: add macOS test for fixup_chains usage #27999
Conversation
Patch in suport for using -no_fixup_chains, with ld64. This option just seems to be missing from our version, as it exists in later releases. This is needed so we can disable fixup_chains in our security checks.
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
|
cc @theuni |
There was a problem hiding this comment.
utACK 7f96638.
The patch looks good. At first glance at git blame makes it looks like this is setting the wrong var, but when reading in-context I agree it's correct.
Another reasonable option would be to bump ld64, but since this is the last thing we should ever need from it, I agree patching makes more sense.
Also, I checked lld for no-fixup-chains support and it works fine:
/opt/clang+llvm-16.0.0-x86_64-linux-gnu-ubuntu-18.04/bin/clang++ --target=x86_64-apple-darwin -mmacosx-version-min=11.0 -mlinker-version=609 -isysroot/home/cory/dev/bitcoin2/depends/SDKs/Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers -nostdlibinc -std=c++17 -fuse-ld=lld -Wl,-no_fixup_chains test.cpp -o testing
|
Concept ACK.
So, what is the plan for bumping ld64 in the future? |
Use LLD. |
Ah, I can see that the first commit has been pulled from #21778. |
|
Guix builds: |
7f96638 contrib: add macOS fixup_chains check to security-check (fanquake) 3dca683 build: support -no_fixup_chains in ld64 (fanquake) Pull request description: Followup to bitcoin#27676, adding the check for chained fixups. Somewhat annoyingly, we have to patch support for `-no_fixup_chains` into ld64. As it doesn't seem to have been added [until a later version](https://github.com/apple-oss-distributions/ld64/blob/59a99ab60399c5e6c49e6945a9e1049c42b71135/src/ld/Options.cpp#L4172). Guix Build: ```bash 0e17d462808f86aa7157e27a957da88fd1adeb491ad6c01138aca93e5ad1d018 guix-build-7f96638723a0/output/arm64-apple-darwin/SHA256SUMS.part ceb208e6374f5d7367b73128e90ca6eaeea15d50c69e49c8cf75b47212525ad7 guix-build-7f96638723a0/output/arm64-apple-darwin/bitcoin-7f96638723a0-arm64-apple-darwin-unsigned.dmg e31663554cfde8a37a9f3438c9c895dde94b90ff87e28f12f78be71ef6421d93 guix-build-7f96638723a0/output/arm64-apple-darwin/bitcoin-7f96638723a0-arm64-apple-darwin-unsigned.tar.gz 68a7bbc42418641eab391a85725b5c2f3c46d38a7acc07e7a8cef98909be07ec guix-build-7f96638723a0/output/arm64-apple-darwin/bitcoin-7f96638723a0-arm64-apple-darwin.tar.gz 38d966ad93e7384f4f1ce16faded003a675ecce7be1987e6c4eee8e4b82c0432 guix-build-7f96638723a0/output/dist-archive/bitcoin-7f96638723a0.tar.gz 9d314f595d897a715a321a9fba0d552220fbd4bf69aff84eb8c0001cdb48234f guix-build-7f96638723a0/output/x86_64-apple-darwin/SHA256SUMS.part c218ebfd0e96348c4912e6d522492b621bb043ef45b75105ff1fde979d1004d0 guix-build-7f96638723a0/output/x86_64-apple-darwin/bitcoin-7f96638723a0-x86_64-apple-darwin-unsigned.dmg 1c5ff7fa82f5c76d7d8b9582ad5202f4a82a917102ecafdc3c1fb7b783f6bc3e guix-build-7f96638723a0/output/x86_64-apple-darwin/bitcoin-7f96638723a0-x86_64-apple-darwin-unsigned.tar.gz 15fb01e5afcc842db6a3e793b42c70c05ce07bec79e0d2d605e241901ff9f639 guix-build-7f96638723a0/output/x86_64-apple-darwin/bitcoin-7f96638723a0-x86_64-apple-darwin.tar.gz ``` ACKs for top commit: theuni: utACK 7f96638. hebasto: ACK 7f96638, I have reviewed the code and the patch, and they look OK. TheCharlatan: ACK 7f96638 Tree-SHA512: 7f94710460f54b2afe3c9f5d57107b71436c59b799b15f78e5e3011c3c4f6b23a3acc1008eccea9c22226a200774c82900bad6c6236ab6c5c48a17dec3f2d5a2
Followup to #27676, adding the check for chained fixups.
Somewhat annoyingly, we have to patch support for
-no_fixup_chainsinto ld64. As it doesn't seem to have been added until a later version.Guix Build: