diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml index 058c4801f7df8..5f97cfbd394d4 100644 --- a/.github/workflows/build-container.yml +++ b/.github/workflows/build-container.yml @@ -13,7 +13,7 @@ env: jobs: build: name: Build container - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 outputs: tag: ${{ steps.prepare.outputs.tag }} repo: ${{ steps.prepare.outputs.repo }} diff --git a/.github/workflows/build-depends.yml b/.github/workflows/build-depends.yml index f77e35c366a9c..e942a59776f8a 100644 --- a/.github/workflows/build-depends.yml +++ b/.github/workflows/build-depends.yml @@ -19,7 +19,7 @@ on: jobs: build-depends: name: Build depends - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 outputs: key: ${{ steps.restore.outputs.cache-primary-key }} container: diff --git a/.github/workflows/build-src.yml b/.github/workflows/build-src.yml index 5fd76a580187d..45411eaa51f5c 100644 --- a/.github/workflows/build-src.yml +++ b/.github/workflows/build-src.yml @@ -19,7 +19,7 @@ on: jobs: build-src: name: Build source - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 container: image: ${{ inputs.container-path }} options: --user root diff --git a/.github/workflows/release_docker_hub.yml b/.github/workflows/release_docker_hub.yml index bbdf7551928b0..e9f157ab6aab9 100644 --- a/.github/workflows/release_docker_hub.yml +++ b/.github/workflows/release_docker_hub.yml @@ -7,7 +7,7 @@ on: jobs: release: name: Release to Docker Hub - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v3 diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 99c281ebe47f4..6cbc4440cf154 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ -image: "ubuntu:jammy" +image: "ubuntu:noble" variables: DOCKER_DRIVER: overlay2 diff --git a/contrib/containers/ci/Dockerfile b/contrib/containers/ci/Dockerfile index 6312faade4bdc..ffb39c711c32a 100644 --- a/contrib/containers/ci/Dockerfile +++ b/contrib/containers/ci/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:jammy +FROM ubuntu:noble # Needed to prevent tzdata hanging while expecting user input ENV DEBIAN_FRONTEND="noninteractive" TZ="Europe/London" @@ -7,16 +7,9 @@ ENV DEBIAN_FRONTEND="noninteractive" TZ="Europe/London" # (zlib1g-dev is needed for the Qt host binary builds, but should not be used by target binaries) ENV APT_ARGS="-y --no-install-recommends --no-upgrade" -# Install packages for i386 on amd64 hosts, then install common packages +# Install common packages RUN set -ex; \ apt-get update && \ - if [ "$(dpkg --print-architecture)" = "amd64" ]; then \ - dpkg --add-architecture i386 && \ - apt-get update && \ - apt-get install $APT_ARGS \ - g++-multilib \ - wine32; \ - fi; \ apt-get install $APT_ARGS \ autotools-dev \ automake \ @@ -138,12 +131,12 @@ RUN set -ex; \ mkdir -p /opt/shellcheck && tar -xf /tmp/shellcheck.tar.xz -C /opt/shellcheck --strip-components=1 && rm /tmp/shellcheck.tar.xz ENV PATH="/opt/shellcheck:${PATH}" -# Add user with specified (or default) user/group ids and setup configuration files -ARG USER_ID=1000 -ARG GROUP_ID=1000 +# Setup unprivileged user and configuration files +ARG USER_ID=1000 \ + GROUP_ID=1000 RUN set -ex; \ - groupadd -g ${GROUP_ID} dash; \ - useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash; \ + groupmod -g ${GROUP_ID} -n dash ubuntu; \ + usermod -u ${USER_ID} -md /home/dash -l dash ubuntu; \ mkdir -p /home/dash/.config/gdb; \ echo "add-auto-load-safe-path /usr/lib/llvm-${LLVM_VERSION}/lib" | tee /home/dash/.config/gdb/gdbinit; \ chown ${USER_ID}:${GROUP_ID} -R /home/dash @@ -156,7 +149,6 @@ RUN apt-get update && apt-get install $APT_ARGS \ g++-mingw-w64-x86-64 \ jq \ libz-dev \ - libncurses5 \ nsis \ python3-zmq \ parallel \ @@ -166,12 +158,6 @@ RUN apt-get update && apt-get install $APT_ARGS \ zip \ && rm -rf /var/lib/apt/lists/* -# This is a hack. It is needed because gcc-multilib and g++-multilib are conflicting with g++-arm-linux-gnueabihf. This is -# due to gcc-multilib installing the following symbolic link, which is needed for -m32 support. However, this causes -# arm builds to also have the asm folder implicitly in the include search path. This is kind of ok, because the asm folder -# for arm has precedence. -RUN ln -s x86_64-linux-gnu/asm /usr/include/asm - # Make sure std::thread and friends is available RUN \ update-alternatives --set x86_64-w64-mingw32-gcc /usr/bin/x86_64-w64-mingw32-gcc-posix; \ diff --git a/contrib/containers/deploy/Dockerfile b/contrib/containers/deploy/Dockerfile index 06e9b6aacfff7..e5c3b7bafb434 100644 --- a/contrib/containers/deploy/Dockerfile +++ b/contrib/containers/deploy/Dockerfile @@ -1,18 +1,13 @@ -FROM phusion/baseimage:jammy-1.0.4 +FROM phusion/baseimage:noble-1.0.0 LABEL maintainer="Dash Developers " LABEL description="Dockerised DashCore, built from CI" -ARG USER_ID -ARG GROUP_ID - -ENV HOME="/home/dash" - -# add user with specified (or default) user/group ids -ENV USER_ID="${USER_ID:-1000}" -ENV GROUP_ID="${GROUP_ID:-1000}" -RUN groupadd -g ${GROUP_ID} dash && \ - useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash && \ - mkdir /home/dash/.dashcore && \ +# Setup unprivileged user +ARG USER_ID=1000 \ + GROUP_ID=1000 +RUN groupmod -g ${GROUP_ID} -n dash ubuntu; \ + usermod -u ${USER_ID} -md /home/dash -l dash ubuntu; \ + mkdir -p /home/dash/.dashcore && \ chown ${USER_ID}:${GROUP_ID} -R /home/dash COPY bin/* /usr/local/bin/ diff --git a/contrib/containers/deploy/Dockerfile.GitHubActions.Dispatch b/contrib/containers/deploy/Dockerfile.GitHubActions.Dispatch index 4db05ed6c25f5..e2439f72c09c2 100644 --- a/contrib/containers/deploy/Dockerfile.GitHubActions.Dispatch +++ b/contrib/containers/deploy/Dockerfile.GitHubActions.Dispatch @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1.3 -FROM --platform=$BUILDPLATFORM ubuntu:jammy as builder +FROM --platform=$BUILDPLATFORM ubuntu:noble as builder RUN apt-get update && \ apt-get -y install --no-install-recommends \ automake \ @@ -42,7 +42,7 @@ RUN mkdir built-target && \ "linux/amd64") cp depends/x86_64-pc-linux-gnu/bin/dash* /home/dash/built-target ;; \ esac -FROM ubuntu:jammy +FROM ubuntu:noble LABEL maintainer="Dash Developers " LABEL description="Dockerised DashCore" @@ -52,12 +52,12 @@ ARG TAG ENV HOME="/home/dash" -# add user with specified (or default) user/group ids -ENV USER_ID="${USER_ID:-1000}" -ENV GROUP_ID="${GROUP_ID:-1000}" -RUN groupadd -g ${GROUP_ID} dash && \ - useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash && \ - mkdir /home/dash/.dashcore && \ +# Setup unprivileged user +ARG USER_ID=1000 \ + GROUP_ID=1000 +RUN groupmod -g ${GROUP_ID} -n dash ubuntu; \ + usermod -u ${USER_ID} -md /home/dash -l dash ubuntu; \ + mkdir -p /home/dash/.dashcore && \ chown ${USER_ID}:${GROUP_ID} -R /home/dash RUN apt-get update && \ diff --git a/contrib/containers/deploy/Dockerfile.GitHubActions.Release b/contrib/containers/deploy/Dockerfile.GitHubActions.Release index c32bada29c588..e222faf07bc80 100644 --- a/contrib/containers/deploy/Dockerfile.GitHubActions.Release +++ b/contrib/containers/deploy/Dockerfile.GitHubActions.Release @@ -1,4 +1,4 @@ -FROM ubuntu:jammy +FROM ubuntu:noble LABEL maintainer="Dash Developers " LABEL description="Dockerised DashCore" @@ -9,12 +9,12 @@ ARG GITHUB_REPOSITORY ENV HOME /home/dash -# add user with specified (or default) user/group ids -ENV USER_ID ${USER_ID:-1000} -ENV GROUP_ID ${GROUP_ID:-1000} -RUN groupadd -g ${GROUP_ID} dash && \ - useradd -u ${USER_ID} -g dash -s /bin/bash -m -d /home/dash dash && \ - mkdir /home/dash/.dashcore && \ +# Setup unprivileged user +ARG USER_ID=1000 \ + GROUP_ID=1000 +RUN groupmod -g ${GROUP_ID} -n dash ubuntu; \ + usermod -u ${USER_ID} -md /home/dash -l dash ubuntu; \ + mkdir -p /home/dash/.dashcore && \ chown ${USER_ID}:${GROUP_ID} -R /home/dash RUN apt-get update && \ diff --git a/contrib/containers/develop/Dockerfile b/contrib/containers/develop/Dockerfile index e6157e09c945c..fa0926ad0d9db 100644 --- a/contrib/containers/develop/Dockerfile +++ b/contrib/containers/develop/Dockerfile @@ -1,6 +1,6 @@ # syntax = edrevo/dockerfile-plus -FROM ubuntu:jammy +FROM ubuntu:noble INCLUDE+ ci/Dockerfile diff --git a/contrib/containers/guix/Dockerfile b/contrib/containers/guix/Dockerfile index 861678502c0ad..89d052403e4c5 100644 --- a/contrib/containers/guix/Dockerfile +++ b/contrib/containers/guix/Dockerfile @@ -2,7 +2,7 @@ # to use 'docker compose run guix_ubuntu' to drop into an # interactive shell -FROM ubuntu:jammy +FROM ubuntu:noble SHELL ["/bin/bash", "-c"] @@ -65,15 +65,11 @@ RUN groupadd --system guixbuild && \ "guixbuilder${i}" ; \ done -# Create unprivileged user +# Setup unprivileged user and grant it passwordless sudo ARG USER_ID=1000 \ - GROUP_ID=1000 \ - USERNAME=ubuntu -RUN groupadd -g ${GROUP_ID} ${USERNAME} && \ - useradd -u ${USER_ID} -g ${USERNAME} -s /bin/bash -m -d /home/${USERNAME} ${USERNAME} - -# Grant it passwordless admin permissions -RUN usermod -aG sudo ${USERNAME} && \ + GROUP_ID=1000 +RUN groupmod -g ${GROUP_ID} ubuntu; \ + usermod -u ${USER_ID} -aG sudo ubuntu; \ echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers # Copy required files to container @@ -85,16 +81,16 @@ COPY --from=docker_root ./scripts/setup-sdk /usr/local/bin/setup-sdk # Create directories for mounting to save/restore cache and grant necessary permissions RUN mkdir -p \ - /home/${USERNAME}/.cache \ + /home/ubuntu/.cache \ /src/dash/depends/{built,sources,work}; \ chown -R ${USER_ID}:${GROUP_ID} \ - /home/${USERNAME}/.cache \ + /home/ubuntu/.cache \ /src; WORKDIR "/src/dash" # Switch to unprivileged context -USER ${USERNAME} +USER ubuntu # Set entrypoint to copied file ENTRYPOINT ["/usr/local/bin/entrypoint"] diff --git a/depends/packages/qt.mk b/depends/packages/qt.mk index 67d6b812b7f71..cc8094cc332d1 100644 --- a/depends/packages/qt.mk +++ b/depends/packages/qt.mk @@ -25,6 +25,7 @@ $(package)_patches += memory_resource.patch $(package)_patches += clang_18_libpng.patch $(package)_patches += utc_from_string_no_optimize.patch $(package)_patches += windows_lto.patch +$(package)_patches += zlib-timebits64.patch $(package)_qttranslations_file_name=qttranslations-$($(package)_suffix) $(package)_qttranslations_sha256_hash=5b94d1a11b566908622fcca2f8b799744d2f8a68da20be4caa5953ed63b10489 @@ -257,6 +258,7 @@ define $(package)_preprocess_cmds patch -p1 -i $($(package)_patch_dir)/fast_fixed_dtoa_no_optimize.patch && \ patch -p1 -i $($(package)_patch_dir)/guix_cross_lib_path.patch && \ patch -p1 -i $($(package)_patch_dir)/windows_lto.patch && \ + patch -p1 -i $($(package)_patch_dir)/zlib-timebits64.patch && \ mkdir -p qtbase/mkspecs/macx-clang-linux &&\ cp -f qtbase/mkspecs/macx-clang/qplatformdefs.h qtbase/mkspecs/macx-clang-linux/ &&\ cp -f $($(package)_patch_dir)/mac-qmake.conf qtbase/mkspecs/macx-clang-linux/qmake.conf && \ diff --git a/depends/patches/qt/zlib-timebits64.patch b/depends/patches/qt/zlib-timebits64.patch new file mode 100644 index 0000000000000..139c1dfa77f3e --- /dev/null +++ b/depends/patches/qt/zlib-timebits64.patch @@ -0,0 +1,31 @@ +From a566e156b3fa07b566ddbf6801b517a9dba04fa3 Mon Sep 17 00:00:00 2001 +From: Mark Adler +Date: Sat, 29 Jul 2023 22:13:09 -0700 +Subject: [PATCH] Avoid compiler complaints if _TIME_BITS defined when building + zlib. + +zlib does not use time_t, so _TIME_BITS is irrelevant. However it +may be defined anyway as part of a sledgehammer indiscriminately +applied to all builds. + +From https://github.com/madler/zlib/commit/a566e156b3fa07b566ddbf6801b517a9dba04fa3.patch +--- + qtbase/src/3rdparty/zlib/src/gzguts.h | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/qtbase/src/3rdparty/zlib/src/gzguts.h b/qtbase/src/3rdparty/zlib/src/gzguts.h +index e23f831f5..f9375047e 100644 +--- a/qtbase/src/3rdparty/zlib/src/gzguts.h ++++ b/qtbase/src/3rdparty/zlib/src/gzguts.h +@@ -26,9 +26,8 @@ + # ifndef _LARGEFILE_SOURCE + # define _LARGEFILE_SOURCE 1 + # endif +-# ifdef _FILE_OFFSET_BITS +-# undef _FILE_OFFSET_BITS +-# endif ++# undef _FILE_OFFSET_BITS ++# undef _TIME_BITS + #endif + + #ifdef HAVE_HIDDEN diff --git a/test/sanitizer_suppressions/ubsan b/test/sanitizer_suppressions/ubsan index ba08cef801a9b..13787ed3bdc37 100644 --- a/test/sanitizer_suppressions/ubsan +++ b/test/sanitizer_suppressions/ubsan @@ -100,3 +100,8 @@ shift-base:streams.h shift-base:test/fuzz/crypto_diff_fuzz_chacha20.cpp shift-base:util/bip32.cpp vptr:bls/bls.h + +# -fsanitize=float-cast-overflow suppressions +# =============================== +# See QTBUG-133261 +float-cast-overflow:qRound