Skip to content

guix: produce a -static-pie bitcoind #25573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
fanquake wants to merge 13 commits into
base: master
Choose a base branch
from
Draft

guix: produce a -static-pie bitcoind #25573

fanquake wants to merge 13 commits into from

Conversation

@fanquake
Copy link
Member

@fanquake fanquake commented Jul 8, 2022
edited
Loading

Use Guix to produce a -static-pie bitcoind using GCC 14.3.0 and glibc 2.42. Using glibc for static builds, would be less of a leap compared to switching to musl libc (POC in #23203).

-static-pie

Produce a static position independent executable on targets that support it.
A static position independent executable is similar to a static executable,
but can be loaded at any address without a dynamic linker.

# file bitcoind
	ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), static-pie linked, for GNU/Linux 3.2.0, stripped

# ldd bitcoind
	statically linked

x86_64-linux-gnu size comparison:
master (a7e8067) bitcoind is 15.35 megabytes.
This PR (597b5296d3adc693001ce39626fe32b9545eb604) bitcoind is 17.45 megabytes.

@fanquake fanquake marked this pull request as draft July 8, 2022 16:49
@DrahtBot
Copy link
Contributor

DrahtBot commented Jul 8, 2022
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/25573.

Reviews

See the guideline for information on the review process.

Type Reviewers
Concept ACK dergoegge

If your review is incorrectly listed, please copy-paste <!--meta-tag:bot-skip--> into the comment that the bot should ignore.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #33593 (guix: Use UCRT runtime for Windows release binaries by hebasto)
  • #32764 (guix: Build for macOS using Clang only by hebasto)
  • #32162 (depends: Switch from multilib to platform-specific toolchains by hebasto)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

This was referenced Jul 8, 2022
Merged
Closed
Closed
Closed
Closed
@fanquake fanquake force-pushed the fully_static_bitcoind branch from da9f731 to 26c437e Compare July 13, 2022 17:44
@fanquake
Copy link
Member Author

fanquake commented Jul 13, 2022

Rebased, and made small changes to fixup the linter and improve the security/symbol checks.

@theuni
Copy link
Member

theuni commented Jul 13, 2022

This is amazing!

Using glibc for static builds, would be less of a leap compared to switching to musl libc (POC in #23203).

Hard agree. Static musl builds would be very cool but tricky to audit for parity and thus pretty unlikely to ever become official/supported imo. This is a MUCH more palatable change.

@fanquake fanquake force-pushed the fully_static_bitcoind branch from 26c437e to 8cccf45 Compare July 14, 2022 10:41
@fanquake
Copy link
Member Author

fanquake commented Jul 14, 2022

Added an additional patch to disable building various features/libs in GCC that we don't need. i.e libquadmath, libsanitizer, gcov, libada and native language support. This should speed up compiling GCC, and slightly reduces the size of the pthread patch. I'm not currently disabling these features via the available configure flags, because they get passed through to GMP, which cannot handle them.

I've also updated -flto usage to be -flto=auto, as that seems to now be the preferred invocation, and it mitigates GCC warning output. i.e:

lto-wrapper: warning: using serial compilation of 84 LTRANS jobs
lto-wrapper: note: see the '-flto' option documentation for more information

I've also split the ELF PIE check into it's own func, so we can special-case x86_64, and re-added the list of allowed ELF libs, but special-cased x86_64 to only pass if the list is empty.

@luke-jr
Copy link
Member

luke-jr commented Jul 16, 2022

How does this handle resolvers? eg, static glibc 2.33 applications break on systems with glibc 2.34...

This was referenced Jul 18, 2022
Merged
Merged
@fanquake fanquake force-pushed the fully_static_bitcoind branch from 8cccf45 to caa0664 Compare July 19, 2022 16:27
@fanquake fanquake mentioned this pull request Jul 27, 2022
Closed
@Frank-GER
Copy link

Frank-GER commented Aug 4, 2022

Which OS did you build on?

On Ubuntu 20.04 after build:
file bitcoind
bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, stripped

Trying to run it, it crashes after seconds:
addcon thread start
Loading addresses from DNS seed dnsseed.emzy.de.
bitcoind: dl-call-libc-early-init.c:37: _dl_call_libc_early_init: Assertion `sym != NULL' failed.
Aborted (core dumped)

Any ideas?

@fanquake
Copy link
Member Author

fanquake commented Aug 5, 2022

Which OS did you build on?

The base OS shouldn't matter, because the build is performed with Guix. However I've been performing these builds on Ubuntu 22.04.

Any ideas?

How did you actually build bitcoind? Something like HOSTS="x86_64-linux-gnu" ./contrib/guix/guix-build?

@fanquake fanquake force-pushed the fully_static_bitcoind branch from caa0664 to ef0edd5 Compare August 5, 2022 08:35
@fanquake
Copy link
Member Author

fanquake commented Aug 5, 2022

Rebased on master. Added a commit to use LIEF master, which reduces the number of changes in our scripts, as support for -static-pie ELF binaries has been added: lief-project/LIEF#747. Will switch to a new release when one is available.

@Frank-GER
Copy link

Frank-GER commented Aug 5, 2022
edited
Loading

How did you actually build bitcoind? Something like HOSTS="x86_64-linux-gnu" ./contrib/guix/guix-build?

Yes, that's what I used to build it.
https://github.com/fanquake/bitcoin/commits/fully_static_bitcoind produces the exact same problem when building on Ubuntu 20.04

@fanquake
Copy link
Member Author

fanquake commented Aug 5, 2022

https://github.com/fanquake/bitcoin/commits/fully_static_bitcoind produces the exact same problem when building on Ubuntu 20.04

I have just re-tested building the changes here (ef0edd55f3bc1e3f229134ec7ecac632de52eea7), and this produces a -static-pie binary as expected:

guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), static-pie linked, for GNU/Linux 3.2.0, with debug_info, not stripped

It's not clear to me that you are actually running a Guix build.

@Frank-GER
Copy link

Frank-GER commented Aug 5, 2022
edited
Loading

the build I was testing:
~/bitcoin/guix-build-caa066465973/distsrc-caa066465973-x86_64-linux-gnu/src$ file bitcoind
bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped

just building again, fresh cloned with commit ef0edd5
export HOSTS='x86_64-linux-gnu'
./contrib/guix/guix-build

$ file guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind
guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped

$ ldd ./guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind
statically linked

$ ./bitcoind
...
2022-08-05T19:10:46Z init message: Starting network threads…
2022-08-05T19:10:46Z net thread start
2022-08-05T19:10:46Z dnsseed thread start
2022-08-05T19:10:46Z Loading addresses from DNS seed seed.bitcoinstats.com.
2022-08-05T19:10:46Z opencon thread start
2022-08-05T19:10:46Z msghand thread start
2022-08-05T19:10:46Z addcon thread start
2022-08-05T19:10:46Z init message: Done loading
bitcoind: dl-call-libc-early-init.c:37: _dl_call_libc_early_init: Assertion `sym != NULL' failed.
Aborted (core dumped)

build and run on Ubuntu 20.04
there is no other bitcoind on that OS

@Frank-GER
Copy link

Frank-GER commented Aug 8, 2022

building the same on Ubuntu 22.04:
file guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind
guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), static-pie linked, for GNU/Linux 3.2.0, with debug_info, not stripped

ldd guix-build-ef0edd55f3bc/distsrc-ef0edd55f3bc-x86_64-linux-gnu/src/bitcoind
statically linked

Running it on Ubuntu22 it works.

Taking this bitcoind to Ubuntu 20 it shows:
file ./bitcoind
./bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped

and crashes with the above mentioned message:
bitcoind: dl-call-libc-early-init.c:37: _dl_call_libc_early_init: Assertion `sym != NULL' failed.
Aborted (core dumped)

Checksums are the same for both builds (on Ubuntu 20 and 22)
Ubuntu 20 sees it as dynamic linked, Ubuntu 22 as static-pie linked.
On Ubuntu 20 it crashes, on Ubuntu 22 it works.

Same bitcoind on Debian 10:
file ./bitcoind
./bitcoind: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, for GNU/Linux 3.2.0, with debug_info, not stripped
ldd ./bitcoind
statically linked
Gets past that point where it crashes on Ubuntu 20 and starts syncing

fanquake added a commit to fanquake/bitcoin that referenced this pull request Dec 5, 2025
@fanquake
guix: use GCC 14.3.0 over 13.3.0
e0b6bd0 
This will eventually be needed for bitcoin#25573, and could be useful
for bitcoin#30210.
willcl-ark added a commit to bitcoin-dev-tools/benchcoin that referenced this pull request Dec 10, 2025
@willcl-ark @fanquake
guix: build static
5b6f064 
Essentially picked (into bench-ci/guix) from
bitcoin#25573

Co-authored-by: fanquake <[email protected]>
fanquake added a commit to fanquake/bitcoin that referenced this pull request Dec 17, 2025
@fanquake
guix: use GCC 14.3.0 over 13.3.0
b611b1e 
This will eventually be needed for bitcoin#25573, and could be useful
for bitcoin#30210.
fanquake added a commit to fanquake/bitcoin that referenced this pull request Dec 17, 2025
@fanquake
guix: use GCC 14.3.0 over 13.3.0
a4d7314 
This will eventually be needed for bitcoin#25573, and could be useful
for bitcoin#30210.
fanquake added a commit to fanquake/bitcoin that referenced this pull request Dec 18, 2025
@fanquake
guix: use GCC 14.3.0 over 13.3.0
ce10138 
This will eventually be needed for bitcoin#25573, and could be useful
for bitcoin#30210.
fanquake added a commit to fanquake/bitcoin that referenced this pull request Dec 29, 2025
@fanquake
guix: use GCC 14.3.0 over 13.3.0
a5f500d 
This will eventually be needed for bitcoin#25573, and could be useful
for bitcoin#30210.
fanquake added a commit to fanquake/bitcoin that referenced this pull request Dec 31, 2025
@fanquake
guix: use GCC 14.3.0 over 13.3.0
0269868 
This will eventually be needed for bitcoin#25573, and could be useful
for bitcoin#30210.
fanquake added a commit to fanquake/bitcoin that referenced this pull request Jan 6, 2026
@fanquake
guix: use GCC 14.3.0 over 13.3.0
3490979 
This will eventually be needed for bitcoin#25573, and could be useful
for bitcoin#30210.
fanquake and others added 13 commits January 9, 2026 12:29
@fanquake
guix: disable building libgomp in GCC
9cd6fd6 
Prunes:
libgomp.a
libgomp.la
libgomp.so
libgomp.so.1
libgomp.so.1.0.0
libgomp.spec
@fanquake
guix: disable libquadmath in GCC
4ac4cf8 
Prunes:
libquadmath.a
libquadmath.la
libquadmath.so
libquadmath.so.0
libquadmath.so.0.0.0
@fanquake
guix: build GCC with --enable-host-bind-now
8b223ee
@fanquake
guix: disable gprofng in GCC
07442e2
@fanquake
guix: use GCC 14.3.0 over 13.3.0
ba7757c 
This will eventually be needed for bitcoin#25573, and could be useful
for bitcoin#30210.
@laanwj @fanquake
guix: Apply SSA generation patch to maintain determinism
e345995 
See:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=123351
https://gcc.gnu.org/pipermail/gcc-patches/2026-January/704817.html
@fanquake
ci: migrate some jobs to Debian Trixie, use GCC 14
e1369a3
@fanquake
guix: add glibc 2.42
6c60ece 
https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.42/master
@fanquake
guix: check for fortified functions in all symbols
e2ad611 
-static-pie bins will not have any imported functions.
@fanquake
guix: build x86_64-linux bitcoind fully statically
7acd6c7 
-static-pie
Produce a static position independent executable on targets that support it.
A static position independent executable is similar to a static executable,
but can be loaded at any address without a dynamic linker.

See https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html
@fanquake
guix: build aarch64-linux bitcoind fully statically
ff3ac55
@fanquake
guix: build riscv64-linux bitcoin fully statically
327e860
@fanquake
[nomerge] guix: NO_QT=1
da33b9d
@fanquake fanquake force-pushed the fully_static_bitcoind branch from 6b2e397 to da33b9d Compare January 9, 2026 13:31
fanquake added a commit to fanquake/bitcoin that referenced this pull request Jan 12, 2026
@fanquake
guix: use GCC 14.3.0 over 13.3.0
a38af78 
This will eventually be needed for bitcoin#25573, and could be useful
for bitcoin#30210.
fanquake added a commit to fanquake/bitcoin that referenced this pull request Jan 13, 2026
@fanquake
guix: use GCC 14.3.0 over 13.3.0
cb7c598 
This will eventually be needed for bitcoin#25573, and could be useful
for bitcoin#30210.
glozow added a commit that referenced this pull request Jan 13, 2026
@glozow
Merge #33775: guix: use GCC 14.3.0 over 13.3.0
8e8d8f2 
2a74650 ci: migrate some jobs to Debian Trixie, use GCC 14 (fanquake)
fb0e6ed guix: Apply SSA generation patch to maintain determinism (Mara van der Laan)
3490979 guix: use GCC 14.3.0 over 13.3.0 (fanquake)
47be912 guix: disable gprofng in GCC (fanquake)
ea29329 guix: build GCC with --enable-host-bind-now (fanquake)
6f54e26 guix: disable libquadmath in GCC (fanquake)
7735901 guix: disable building libgomp in GCC (fanquake)

Pull request description:

  Switching to using GCC 14.x for release builds has come up multiple times recently. It will eventually be needed for #25573, and could also be useful for #30210.

ACKs for top commit:
  hebasto:
    ACK 2a74650. I have reviewed the code and it looks OK. The new GCC patch looks reasonable.
  theuni:
    utACK 2a74650
  sedited:
    ACK 2a74650

Tree-SHA512: 56912bed19386f06d52fb94e0ef6d96f5415ab2de8b5e94890806d7cc0b937a3c4b11cc161aa2e06ca2fd3c392ef7501c91688e0897e1c1c51aafa963f3e50d9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theuni theuni Awaiting requested review from theuni

@willcl-ark willcl-ark Awaiting requested review from willcl-ark

@m3dwards m3dwards Awaiting requested review from m3dwards

Assignees

No one assigned

Labels

Build system

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@fanquake @DrahtBot @theuni @luke-jr @Frank-GER @dergoegge @m3dwards @willcl-ark @laanwj