Commit Graph

1319 Commits

Author SHA1 Message Date
UdjinM6
685b1f0379
ci: use clang-16 2024-02-10 14:47:41 +03:00
fanquake
69737c0073
Merge bitcoin/bitcoin#27345: guix: use GCC tool wrappers
4133c8104f522c403c55d26bd03436a8149ff106 guix: use gcc tool wrappers (fanquake)

Pull request description:

  This way, correct `--plugin` arguments are passed through.

  This is a prerequisite for LTO (see #25391). Split out, to try move things along, as this change is isolated, and should be straight-forward.

ACKs for top commit:
  TheCharlatan:
    ACK [4133c81](4133c8104f)
  hebasto:
    ACK 4133c8104f522c403c55d26bd03436a8149ff106

Tree-SHA512: 4311a72a613cf027bd4490caa29604c985ed455589acd972285f13cbdf4806d2184a4dc6f20cb6f47c3fa751d58bfd0bacc257b87d4a804bf5ecf5b240e4a757
2024-02-07 10:14:46 -06:00
fanquake
30f6c4985b
Merge bitcoin/bitcoin#27326: guix: combine and document enable_werror
4becee396f3bda40832138dd1aaa90368ed31857 guix: combine and document enable_werror (fanquake)

Pull request description:

  Combine into `hardened-glibc`.
  Document why we don't use `--disable-werror` directly.

  https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
  > By default, the GNU C Library is built with -Werror. If you wish
  > to build without this option (for example, if building with a
  > newer version of GCC than this version of the GNU C Library was
  > tested with, so new warnings cause the build with -Werror to fail),
  > you can configure with --disable-werror.

ACKs for top commit:
  hebasto:
    ACK 4becee396f3bda40832138dd1aaa90368ed31857, the diff is correct.
  TheCharlatan:
    ACK 4becee396f3bda40832138dd1aaa90368ed31857

Tree-SHA512: 8724415f51b4d72d40c4e797faf52c93a81147fb629332b9388ffd7f113f2b16db3b7496bf3063dd978ac629fd5bde3ec7df4f1ff1ed714cb56f316a9334d119
2024-02-07 10:14:45 -06:00
fanquake
12afe0c995
Merge bitcoin/bitcoin#27153: guix: pass --enable-initfini-array to release GCC
127c637cf0a80e0ea68a7c5aaa088e5ccc9d3d13 guix: pass --enable-initfini-array to release GCC (fanquake)

Pull request description:

  This returns us to pre-Guix behaviour, where the compilers we were using to build releases, were configured with this option.

  > [--enable-initfini-array](https://gcc.gnu.org/install/configure.html)
  > Force the use of sections .init_array and .fini_array (instead of .init and .fini) for constructors and destructors. Option --disable-initfini-array has the opposite effect. If neither option is specified, the configure script will try to guess whether the .init_array and .fini_array sections are supported and, if they are, use them.

ACKs for top commit:
  TheCharlatan:
    ACK 127c637cf0a80e0ea68a7c5aaa088e5ccc9d3d13
  vincenzopalazzo:
    utACK 127c637cf0

Tree-SHA512: fa61227054d52d4dfb4524af3888203a501f680661bdef00bb0970d4e8f7c96cf7f592686c4795be5a0debca267b8e564a4960859297c31f6b261c0729238382
2024-02-07 10:14:45 -06:00
fanquake
a0f5596cf1
Merge bitcoin/bitcoin#26335: Guix documentation improvements
10660c0c60f651a52ba9c86c7dba4fa232ed6583 doc: move Guix uninstall instructions to INSTALL.md (Sjors Provoost)
68fab72a8ca7cb8fb26a154a43efd998b7f78738 guix: OpenSSL test failure workaround (Sjors Provoost)
d612dca852db493531f4c3f51e6ea9987cd5db37 guix: reminder to migrate guix-daemon-original customization (Sjors Provoost)
8aa460cd02a6ab1229463c59e965203e52b34748 guix: add guile-gnutls and guile-json to install list (Sjors Provoost)
9b9991e02693c68061ccd4d6040641e20f934e6c guix: recommend mounting a tmpfs on /tmp (Sjors Provoost)
682283445e2cc815cf2786da83314fa8b8350511 guix: bump recommended hash for manual installation (Sjors Provoost)

Pull request description:

  I'm manually installing Guix on a fresh Ubuntu machine. Will be pushing more documentation fixes to this PR as I run into things.

  1. Bump minimum hash to match time-machine bump in #25099. It's not necessary for the root Guix version to match the time-machine version in our build, because `guix build` will automatically perform an upgrade for the user, but imo it's better to get any build issues (in Guix itself) over with while the user is going though `INSTALL.md`, rather than during their first Guix build (of Bitcoin Core).
  2. Recommend mapping a tmpfs to /tmp upfront, rather than in the troubleshooting section
  3. Add `guile-gnutls` and `guile-json` to the table of stuff to install (avoids having to find out in the `./configure` phase)
  4. Improve systemd doc
  5. Workaround OpenSSL v1.1.1l and v1.1.1n test failure (change machine time)
  6. Move uninstallation instructions to INSTALL.md, drop unused footnote / links

ACKs for top commit:
  jamesob:
    ACK 10660c0c60

Tree-SHA512: ff1278b16f03ea9c63e23e97a852340ab824d5f6c64645cb70237dd828b9a439b4133b60cd2b89672573f6546e99419021d092e236f731908158a7aa6473b0ef
2024-02-07 10:14:45 -06:00
fanquake
7fdc7fb9d6
Merge bitcoin/bitcoin#26047: guix: use git-minimal over git
0cd7928133eb8a605979c6338bbcbcb116cfa669 guix: use git-minimal over git (fanquake)

Pull request description:

  From the [git-minimal package definition](https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/version-control.scm?id=998eda3067c7d21e0d9bb3310d2f5a14b8f1c681#n597):
  > The size of the closure of 'git-minimal' is two thirds that of 'git'.
  > Its test suite runs slightly faster and most importantly it doesn't
  > depend on packages that are expensive to build such as Subversion.

  We don't need any git functionality above the basics, so switch to `git-minimal` and save CPU when building the package, while also pruning the greater dependency graph (see `dependencies:` below). Note that git-minimal also lists `riscv64-linux` as a supported system, where `git` does not.

  ```diff
  -name: git
  +name: git-minimal
   version: 2.37.3
   outputs:
  -+ send-email: see Appendix H
  -+ svn: see Appendix H
  -+ credential-netrc: see Appendix H
  -+ credential-libsecret: see Appendix H
  -+ subtree: see Appendix H
  -+ gui: see Appendix H
   + out: everything else
  -systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux i686-linux armhf-linux powerpc-linux
  -dependencies: asciidoc@9.1.0 bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 docbook-xsl@1.79.2 expat@2.4.1 gettext-minimal@0.21 glib@2.70.2 libsecret@0.20.4 openssl@1.1.1l pcre2@10.37 perl-authen-sasl@2.16 perl-cgi@4.52
  -+ perl-io-socket-ssl@2.068 perl-net-smtp-ssl@1.04 perl-term-readkey@2.38 perl@5.34.0 pkg-config@0.29.2 python@3.9.9 subversion@1.14.1 tcl@8.6.11 tk@8.6.11.1 xmlto@0.0.28 zlib@1.2.11
  -location: gnu/packages/version-control.scm:222:2
  +systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux riscv64-linux i686-linux armhf-linux powerpc-linux
  +dependencies: bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 expat@2.4.1 gettext-minimal@0.21 openssl@1.1.1l perl@5.34.0 zlib@1.2.11
  +location: gnu/packages/version-control.scm:608:2
   homepage: https://git-scm.com/
   license: GPL 2
   synopsis: Distributed version control system
  ```

  Guix Build (x86_64):
  ```bash
  da4adca0304f19833893867418c8827e0213c58a1b605753355340a5f270754a  guix-build-0cd7928133eb/output/aarch64-linux-gnu/SHA256SUMS.part
  38c2b5f8e560018911ed776660fcd2aa8b6061a59af26118f06e23c9a335e80c  guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu-debug.tar.gz
  de117782318d6e0ed55efaae7b2f11d033fe05e7a72fbda3ef7bbcbc758add69  guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu.tar.gz
  6ae8ebfac28c43488b9aa386b9a87937789a57e54dc1d77a9c7b95323a417abc  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/SHA256SUMS.part
  97f5d9d14eeb4b2926304c142fa6c46b7126524b8f836655704f5643b58b9436  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf-debug.tar.gz
  37815ea73941cf0a870e5ac4aafe9249a63ed1eeaa37440de23c2d9bf2b77be8  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf.tar.gz
  64cd484fa48968dc7063c4f501e1ff62d1ba46ae9975bfa060a3c88e2a98d232  guix-build-0cd7928133eb/output/arm64-apple-darwin/SHA256SUMS.part
  4e7e0daaf0ac1b5ed5a7e5ee8085e5e6446c48e70161f78938acd0e916c55729  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.dmg
  0f2b534d16482e536552c7b3de605bd71997b898755fe5a9ac39b36aea2698b6  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.tar.gz
  03cd1f509c60919c2ad1503d2f98be444c9770b62c4d303cb4cbdc1100ce131d  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin.tar.gz
  1e28183c1c314921a8404b72283bb861dff28061310c18535618683b097e7e61  guix-build-0cd7928133eb/output/dist-archive/bitcoin-0cd7928133eb.tar.gz
  0f6459568d0369528ad35622d5378feccdac319eed618418841c22cc137cbd05  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/SHA256SUMS.part
  1cf0c8a48add60082c381935630b59a0bd483a7eda97f04b72dcb05143135109  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu-debug.tar.gz
  5332f148efa1579b077747c8c7d6c763d31804d4ac454abaf34a3e2374c9b6b2  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu.tar.gz
  5fc03945c2ab86ba43395ccf32cf4b338dcceb446e106c0f6e660dac47224183  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/SHA256SUMS.part
  5cfabdb27dc8fb7de402c558e5f962ac4fdaf2c344d201f27f7ed1370a550407  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu-debug.tar.gz
  ba265df6803d472434ecb3ad44983965a5eca1ccd42fea64760309ff70d17ee5  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu.tar.gz
  ff40a374f215eb3010291569b8ed1958054e408469fc8b2fe97a30cca0ad5451  guix-build-0cd7928133eb/output/riscv64-linux-gnu/SHA256SUMS.part
  7b7b89ac1905d58f1e96a7840c018a556c472015a44442d0742bf758cb5f67ca  guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu-debug.tar.gz
  10431bd8ffca82dd9c59f568272a1e7473cf474996f750d9bed4b576591fcff1  guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu.tar.gz
  4ef532d8dbe42900146a5b3e02de2a6a59d66b3c66a4b9d919d3aeb0e9637ab1  guix-build-0cd7928133eb/output/x86_64-apple-darwin/SHA256SUMS.part
  77a1abe4139c19d227309216e29cf55dae06c4469412b457c9f0e8cf1eccc25c  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.dmg
  33028b640efab25648d0ec1abe9e91abc983706623ca9e2e7ac5fbfca0970909  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.tar.gz
  e10d2d5617b8b1a33a622d5904d2bd8eaf57a5b3605e22ef916a57105db2311e  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin.tar.gz
  bf65d3574afed2e017c9625d38cc31e0f2cbb7f1e8a9ce346644ea3dbb938d13  guix-build-0cd7928133eb/output/x86_64-linux-gnu/SHA256SUMS.part
  ce3810e70c97b2698822e4f46fa64dfa12353f7b54400e671b64868e3e4d3472  guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu-debug.tar.gz
  4055370c15b199d1efef47cc262d9c43a3652dcd237a9434197ca3be4931b1d2  guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu.tar.gz
  e59ed970d1db5d4839fa67957945628f6919ef5491f4a595f89ed3d8c81f1a76  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/SHA256SUMS.part
  19c443fab5cb2fe75c9a5ad51fc022c97e31d7d69e049a889bd06f740f8daf78  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-debug.zip
  88f6ca5d299080114532ec550c59eca4a3cdb759d9ea35cb14eba0b135e72436  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-setup-unsigned.exe
  bcdb0b7467d3e47a694e51e9bfbaab9d5dc7162efe6c6bf4c303d368272c0cc6  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-unsigned.tar.gz
  db1d4bbfab53405080d3abd09d1f05b2642ed513f6d8fcb5d92b9d0b32745293  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64.zip
  ```

  Guix Build (arm64):
  ```bash
  da4adca0304f19833893867418c8827e0213c58a1b605753355340a5f270754a  guix-build-0cd7928133eb/output/aarch64-linux-gnu/SHA256SUMS.part
  38c2b5f8e560018911ed776660fcd2aa8b6061a59af26118f06e23c9a335e80c  guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu-debug.tar.gz
  de117782318d6e0ed55efaae7b2f11d033fe05e7a72fbda3ef7bbcbc758add69  guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu.tar.gz
  6ae8ebfac28c43488b9aa386b9a87937789a57e54dc1d77a9c7b95323a417abc  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/SHA256SUMS.part
  97f5d9d14eeb4b2926304c142fa6c46b7126524b8f836655704f5643b58b9436  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf-debug.tar.gz
  37815ea73941cf0a870e5ac4aafe9249a63ed1eeaa37440de23c2d9bf2b77be8  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf.tar.gz
  64cd484fa48968dc7063c4f501e1ff62d1ba46ae9975bfa060a3c88e2a98d232  guix-build-0cd7928133eb/output/arm64-apple-darwin/SHA256SUMS.part
  4e7e0daaf0ac1b5ed5a7e5ee8085e5e6446c48e70161f78938acd0e916c55729  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.dmg
  0f2b534d16482e536552c7b3de605bd71997b898755fe5a9ac39b36aea2698b6  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.tar.gz
  03cd1f509c60919c2ad1503d2f98be444c9770b62c4d303cb4cbdc1100ce131d  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin.tar.gz
  1e28183c1c314921a8404b72283bb861dff28061310c18535618683b097e7e61  guix-build-0cd7928133eb/output/dist-archive/bitcoin-0cd7928133eb.tar.gz
  0f6459568d0369528ad35622d5378feccdac319eed618418841c22cc137cbd05  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/SHA256SUMS.part
  1cf0c8a48add60082c381935630b59a0bd483a7eda97f04b72dcb05143135109  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu-debug.tar.gz
  5332f148efa1579b077747c8c7d6c763d31804d4ac454abaf34a3e2374c9b6b2  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu.tar.gz
  5fc03945c2ab86ba43395ccf32cf4b338dcceb446e106c0f6e660dac47224183  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/SHA256SUMS.part
  5cfabdb27dc8fb7de402c558e5f962ac4fdaf2c344d201f27f7ed1370a550407  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu-debug.tar.gz
  ba265df6803d472434ecb3ad44983965a5eca1ccd42fea64760309ff70d17ee5  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu.tar.gz
  ff40a374f215eb3010291569b8ed1958054e408469fc8b2fe97a30cca0ad5451  guix-build-0cd7928133eb/output/riscv64-linux-gnu/SHA256SUMS.part
  7b7b89ac1905d58f1e96a7840c018a556c472015a44442d0742bf758cb5f67ca  guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu-debug.tar.gz
  10431bd8ffca82dd9c59f568272a1e7473cf474996f750d9bed4b576591fcff1  guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu.tar.gz
  4ef532d8dbe42900146a5b3e02de2a6a59d66b3c66a4b9d919d3aeb0e9637ab1  guix-build-0cd7928133eb/output/x86_64-apple-darwin/SHA256SUMS.part
  77a1abe4139c19d227309216e29cf55dae06c4469412b457c9f0e8cf1eccc25c  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.dmg
  33028b640efab25648d0ec1abe9e91abc983706623ca9e2e7ac5fbfca0970909  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.tar.gz
  e10d2d5617b8b1a33a622d5904d2bd8eaf57a5b3605e22ef916a57105db2311e  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin.tar.gz
  bf65d3574afed2e017c9625d38cc31e0f2cbb7f1e8a9ce346644ea3dbb938d13  guix-build-0cd7928133eb/output/x86_64-linux-gnu/SHA256SUMS.part
  ce3810e70c97b2698822e4f46fa64dfa12353f7b54400e671b64868e3e4d3472  guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu-debug.tar.gz
  4055370c15b199d1efef47cc262d9c43a3652dcd237a9434197ca3be4931b1d2  guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu.tar.gz
  e59ed970d1db5d4839fa67957945628f6919ef5491f4a595f89ed3d8c81f1a76  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/SHA256SUMS.part
  19c443fab5cb2fe75c9a5ad51fc022c97e31d7d69e049a889bd06f740f8daf78  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-debug.zip
  88f6ca5d299080114532ec550c59eca4a3cdb759d9ea35cb14eba0b135e72436  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-setup-unsigned.exe
  bcdb0b7467d3e47a694e51e9bfbaab9d5dc7162efe6c6bf4c303d368272c0cc6  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-unsigned.tar.gz
  db1d4bbfab53405080d3abd09d1f05b2642ed513f6d8fcb5d92b9d0b32745293  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64.zip
  ```

ACKs for top commit:
  hebasto:
    ACK 0cd7928133eb8a605979c6338bbcbcb116cfa669, I have reviewed the code and it looks OK. I have also checked out the usage of the `git-minimal` in the `git-download` Guix module which is being used. Did not compare actual build dependences while building from scratch.
  jarolrod:
    ACK 0cd7928133eb8a605979c6338bbcbcb116cfa669

Tree-SHA512: f949c4d2f9560f98b8a418a981da38bbb9cfee5d0814bea6bb676b7193f3cbddafd23a92f852ee59c6a68c9c282095e6368cb65c5f2352b2ab54f9692575349c
2024-02-07 10:14:44 -06:00
MacroFake
2b70221069
Merge bitcoin/bitcoin#25833: doc: minor updates to guix README
98383d6d0dade5c2af2adcf10e274141fc7981aa doc: minor updates to guix README (Stacie)

Pull request description:

  Two minor updates to the guix docs:

  - `contrib/guix/README.md`: fix broken link
  - `contrib/guix/INSTALL.md`: Change Ubuntu version in the section on distribution maintained packages from 21.04 (Hirsute Hippo) to 22.04 (Jammy Jellyfish). The previous link to the Ubuntu Guix package (https://packages.ubuntu.com/hirsute/guix) was for Hirsute. That link is now broken, likely because Hirsute reached EOL in January. I was unable to locate a general page for Ubuntu Guix packages so I replaced the broken link with the search results for all Ubuntu Guix packages. That page currently displays Guix packages for three different versions of Ubuntu. Happy to replace this link if there is a better option.

ACKs for top commit:
  jarolrod:
    ACK 98383d6d0dade5c2af2adcf10e274141fc7981aa

Tree-SHA512: 6980f5952862773e79ca317edb4aadf6ff7c71726a0e4cb873c08bf51360c64e0498aabf4f53780f13cb06838eda93c89ba10fe35c4c8ae2b23191ab961b98f8
2024-02-07 10:14:44 -06:00
fanquake
22e7845cf2
Merge bitcoin/bitcoin#25508: guix: use elfesteem 2eb1e5384ff7a220fd1afacd4a0170acff54fe56
103c0d9f7e084c94ba7d83a44e784ab0b4a6d8e4 guix: use elfesteem 2eb1e5384ff7a220fd1afacd4a0170acff54fe56 (fanquake)

Pull request description:

  Our patch has been merged upstream, see https://github.com/LRGH/elfesteem/pull/3.

  Guix Build (x86_64):
  ```bash
  3deb66d386587e7ce29b92528170081d9e74443ddf50d07b72aacaee31c11641  guix-build-103c0d9f7e08/output/aarch64-linux-gnu/SHA256SUMS.part
  5f53a059ccf07181fa1154dc6ab741a9beda663a48d123d2aa4256ca7d38497a  guix-build-103c0d9f7e08/output/aarch64-linux-gnu/bitcoin-103c0d9f7e08-aarch64-linux-gnu-debug.tar.gz
  20cdb705439ff54822f7c3cad12254b46f8ff93aae58f1716253f39bd734eaf1  guix-build-103c0d9f7e08/output/aarch64-linux-gnu/bitcoin-103c0d9f7e08-aarch64-linux-gnu.tar.gz
  ae51fb2ef8e76326bde4693f778444a5c21df1feba42b161e667c5f069aae967  guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/SHA256SUMS.part
  0ffeaa089582871a578069c0251bf51823624274c23c2fd65f04d2a3e50f3296  guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/bitcoin-103c0d9f7e08-arm-linux-gnueabihf-debug.tar.gz
  71f3da47678d8169414ef0072271604fa550e84ce86979706b3b289a1521a119  guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/bitcoin-103c0d9f7e08-arm-linux-gnueabihf.tar.gz
  f5d13de726f7705e946a2b3a63d182d8c7e70e3adc9a92552676898e9819db27  guix-build-103c0d9f7e08/output/arm64-apple-darwin/SHA256SUMS.part
  e411e8f0cc3ab18981ccb65768a6af1622748c14b6e0513401179bcd0df519a7  guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin-unsigned.dmg
  d7e9aa52f9b0a0249445e926753978d6845bab0c02639d162879b921f237b8ce  guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin-unsigned.tar.gz
  cefde91f0b75a27e945f190194dbe0dab5653a6bcc91b18bec34d952aebd72d7  guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin.tar.gz
  0b399fd5f7a85974ab25933575a0173c814d4ab578d16ab13896bb51e408b92f  guix-build-103c0d9f7e08/output/dist-archive/bitcoin-103c0d9f7e08.tar.gz
  22d6a771d2eab73ab328c8b472160333dd52c6f734761f466c79251a37bd1895  guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/SHA256SUMS.part
  a6e598b022683e0858be8bd4a6d75bc15f2fbc7632c45f8b03c7a8dff367343a  guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/bitcoin-103c0d9f7e08-powerpc64-linux-gnu-debug.tar.gz
  04ea54706ac47f8880ae0fcddabb0f4fe899a0bacf52d0d936dbbc1149e14e10  guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/bitcoin-103c0d9f7e08-powerpc64-linux-gnu.tar.gz
  059a7018ce96e141c258d516b85c3ee95f02b61dc2db4931fa14993b2bd945e3  guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/SHA256SUMS.part
  aacaa0e4827808ed189152c6f1a4e0d9300b89136a7dc064fd045f700ee06084  guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/bitcoin-103c0d9f7e08-powerpc64le-linux-gnu-debug.tar.gz
  4041f8de495b4633df0e28d75ab6cfd0bfe7ec9292384ce4d3331383d06da310  guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/bitcoin-103c0d9f7e08-powerpc64le-linux-gnu.tar.gz
  1586a47797a803cab03a9ebcd207eb395e1651c443e9192ac2b144b85e014762  guix-build-103c0d9f7e08/output/riscv64-linux-gnu/SHA256SUMS.part
  74f088bca4e7c0d44e6b7161ee4c835b38bc9291c78f37e53d3ede2da98d52c0  guix-build-103c0d9f7e08/output/riscv64-linux-gnu/bitcoin-103c0d9f7e08-riscv64-linux-gnu-debug.tar.gz
  12cfe35b28de03f2355d6fb5ed9393001d3b5a06b12a2792cb863ca4ae61db17  guix-build-103c0d9f7e08/output/riscv64-linux-gnu/bitcoin-103c0d9f7e08-riscv64-linux-gnu.tar.gz
  b021e117d1e92ad105234661468efeab98246db79d51267a766399776999bafe  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/SHA256SUMS.part
  0a6c9d00f9ea2d67ca58c867258bb1b595a3141d5f199ffb047f7235bb2863a6  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin-unsigned.dmg
  a7df5f759e792e4fae46ab7ddca5db8cff8973aa33d7d99c4bfbf7c04c2d3013  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin-unsigned.tar.gz
  801ec4f81af5f184cc0e0fcf650f4e5822d895a4202c35575f46e1c63498b1aa  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin.tar.gz
  813e9c9c6e0ce430d2096963dbffeb141f239d67b334e44b3fd1f1bc9246758d  guix-build-103c0d9f7e08/output/x86_64-linux-gnu/SHA256SUMS.part
  43e7afc360267fea8e1620e0c2ea40c45af07debbd646abf9fe631465c2e2c47  guix-build-103c0d9f7e08/output/x86_64-linux-gnu/bitcoin-103c0d9f7e08-x86_64-linux-gnu-debug.tar.gz
  0c5fc4b3c5bf4a53f1f9710cd738d5c0bbe6a2f0dc45e91f92065ae766b63635  guix-build-103c0d9f7e08/output/x86_64-linux-gnu/bitcoin-103c0d9f7e08-x86_64-linux-gnu.tar.gz
  08c031137c2c472a944f3220cf3812a8ec1dd70da9b0f264361ba16badb65b9f  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/SHA256SUMS.part
  4bbdc405075001b61e7cc48974e4b987c887a861add6db419fb51eccd914fbb0  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-debug.zip
  8de95b683500300a787dd1d0d74580e9d6ab448f00f4c32e58ad830b763f2755  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-setup-unsigned.exe
  36202c352d1f3b238daa00126f7ad369e53a510a32bb2585d69f967ef02aff48  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-unsigned.tar.gz
  6255922a31502a23ea323095dec2d176bca22977222936fc7857a55ac001f6e9  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64.zip
  ```

ACKs for top commit:
  hebasto:
    ACK 103c0d9f7e084c94ba7d83a44e784ab0b4a6d8e4, I have reviewed the code and it looks OK.

Tree-SHA512: 421956999d2daedbce2e94a13dffa20b2dafb36ca5ffa094d8dca79eb5e60ec91bfade59cd24da548b45aec00f688d570e61a3567ea8075c25d198ac7fc4efff
2024-02-07 10:14:44 -06:00
fanquake
fbc2a50388
Merge bitcoin/bitcoin#22531: guix: Fixes to guix-{attest,verify}
9b313dfef18792fcc36e78ef3caa693fafcce04e guix: Ensure EPOCH_SOURCE_DATE does not include GPG information (Andrew Chow)
43225f0a2a517ccd79dc49279b979ffd2eca6b85 guix: Remove extra \r from all.SHA256SUMS line ending (Andrew Chow)
d080c27066449f76bc8709fc50e422757971d2cf guix, doc: Add a note that codesigners need to rebuild after tagging (Andrew Chow)
4a466388a0092fbdf5f8969c6bfb65bf8cc962e1 guix: Allow changing the base manifest in guix-verify (Andrew Chow)
33455c76964b9e27b33e970d9722cc47657b291b guix: Make all.SHA256SUMS rather than codesigned.SHA256SUMS (Andrew Chow)

Pull request description:

  `guix-verify` expects `all.SHA256SUMS` but `guix-attest` produces `codesigned.SHA256SUMS`. Since `all.SHA256SUMS` makes more sense (as the file contains all the sha256sums, not just the codesigned ones), `guix-attest` has been changed to output a file of that name.

  As a quality of life improvement, `guix-verify` can take `SIGNER` and use the signer's manifest as the base to compare against. This makes it easier to compare a single person's attestations with everyone else's and can make it more obvious when one builder is clearly mismatching with everyone else.

  Lastly `release-process.md` is updated with a note about a gotcha that can cause a mismatch in the codesigned attestation.

ACKs for top commit:
  fanquake:
    ACK 9b313dfef18792fcc36e78ef3caa693fafcce04e

Tree-SHA512: 0d60627def38288dbd3059ad1e72cad224f9205da11b1a561c082ef28250a074df5cc5f2797c91a7be027bc486a3fda3319c2e496a8724e5b539337236c6f990
2024-02-07 10:14:42 -06:00
fanquake
09fe21bb0e
partial Merge #19041: ci: tsan with -stdlib=libc++-10
BACKPORT NOTICE:
this PR doesn't actually swithc to libc++ due to multiple CI failures such as
linking errors or other
------------------
faf62e6ed0ca45db44c370844c3515eb5a8cda12 ci: Remove unused workaround (MarcoFalke)
fa7c8509153bfd2d5b4dcff86ad27dfd73e8788b ci: Install llvm to get llvm symbolizer (MarcoFalke)
fa563cef61e8a217c5e8ec059e174afae61087a5 test: Add more tsan suppressions (MarcoFalke)
fa0cc02c0a029133f080680ae9186002a144738f ci: Mute depends logs completely (MarcoFalke)
fa906bf2988c799765a04c484269f890964ec3ee test: Extend tsan suppressions for clang stdlib (MarcoFalke)
fa10d850790bbe52d948659bb1ebbb88fe718065 ci: Use libc++ instead of libstdc++ for tsan (MarcoFalke)
fa0d5ee1126a8cff9f30f863eb8f5c78bf57e168 ci: Set halt_on_error=1 for tsan (MarcoFalke)
fa2ffe87f794caa74f80c1c2d6e6067ee4849632 ci: Deduplicate DOCKER_EXEC (MarcoFalke)
fac2eeeb9d718bdb892eef9adf333ea61ba8f3d0 cirrus: Remove no longer needed install step (MarcoFalke)

Pull request description:

  According to the [ThreadSanitizer docs](https://clang.llvm.org/docs/ThreadSanitizer.html#current-status):
  >  C++11 threading is supported with **llvm libc++**.

  For example, the thread sanitizer build is currently not checking for double lock of mutexes.

  Fixes (partially) https://github.com/bitcoin/bitcoin/issues/19038#issuecomment-632138003

ACKs for top commit:
  practicalswift:
    ACK faf62e6ed0ca45db44c370844c3515eb5a8cda12
  fanquake:
    ACK faf62e6ed0ca45db44c370844c3515eb5a8cda12
  hebasto:
    ACK faf62e6ed0ca45db44c370844c3515eb5a8cda12, maybe re-organize commits to modify suppressions in a single one?

Tree-SHA512: 98ce5154b4736dfb811ffdb6e6f63a7bc25fe50d3b73134404a8f3715ad53626c31f9c8132dbacf85de47b9409f1e17a4399e35f78b1da30b1577167ea2982ad
2024-01-27 22:44:47 -06:00
MarcoFalke
924b8e4eb8
Merge #19348: test: Bump linter versions
39d526bde48d98af4fa27906e85db0399b6aa8b1 test: Bump linter versions (Duncan Dean)

Pull request description:

  As per #19346, `mypy==0.700` was incompatible with Python 3.8.

  I've bumped the versions of all the linters to their latest stable versions.

  Checked with both Python 3.7 and 3.8 and everything still seems to work fine.

ACKs for top commit:
  hebasto:
    ACK 39d526bde48d98af4fa27906e85db0399b6aa8b1, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: f3ee7fda8095aa25aa68685e863076d52a6b82649770d24b0064d652763c0ceb8ebcbf9024fc74fca45c754e67b2a831dd070b3af23bc099140e6d27e89a5319
2024-01-27 22:44:47 -06:00
fanquake
19ab740694
Merge #20168: contrib: Fix gen_key_io_test_vectors.py imports
fa68755364473e48cf039e8cc2d08036fe58c1f6 contrib: Fix gen_key_io_test_vectors.py imports (MarcoFalke)

Pull request description:

  The script currently fails with

  ```
  Traceback (most recent call last):
    File "./gen_key_io_test_vectors.py", line 18, in <module>
      from segwit_addr import bech32_encode, decode, convertbits, CHARSET
  ImportError: cannot import name 'decode' from 'segwit_addr'
  ```

  Fix that.
  Also, unrelated cleanup to use the `bytearray.hex()` method instead of importing a library. https://docs.python.org/3.5/library/stdtypes.html#bytes.hex

ACKs for top commit:
  theStack:
    tested ACK fa68755364473e48cf039e8cc2d08036fe58c1f6

Tree-SHA512: 45ff7d710de3d0ef5ac6d91543cff0edff6189d2cd00b0f8889f4361e66ef1825f12aea9e71d62038c14a7a531bfc95ffe9a1df83b85aa7f3dd666df07a6be81
2024-01-26 12:50:30 -06:00
Konstantin Akimov
4b8dc1e435
Merge bitcoin-core/gui#14: scripted-diff: rename movie folder to animation
80968cf scripted-diff: rename movie folder to animation (Peter Bushnell)

Pull request description:

  Rename the movies directory and RES_MOVIES make variable to animation and RES_ANIMATION respectively. Movies is a bit of an unexpected term to be found.

ACKs for top commit:
  MarcoFalke:
    ACK 80968cf
  hebasto:
    ACK 80968cf, tested on Linux Mint 20 (Qt 5.12.8).

Tree-SHA512: 6bd31ce36e821f6a1bef8a7972086a2387d6258c48fc9df12d3ffdae07d0237036afbc2dec673384b78d9567b91d6e12eafa59fa2305aa79153dfd9b7c3a8655
2024-01-19 10:34:31 -06:00
PastaPastaPasta
7b9623fddd
feat: use dashcore-binaries.thepasta.org as keybase.pub is defunct and validate all .asc files (#5820)
## Issue being fixed or feature implemented
keybase.pub isn't a thing anymore; instead use thepasta.org; also
validate all .asc files

## What was done?


## How Has This Been Tested?
Validated 20.0.4, 20.0.3 and 20.0.2 with the script

## Breaking Changes


## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_

---------

Co-authored-by: Wladimir J. van der Laan <laanwj@protonmail.com>
Co-authored-by: fanquake <fanquake@gmail.com>
Co-authored-by: Konstantin Akimov <knstqq@gmail.com>
2024-01-19 09:12:51 -06:00
Wladimir J. van der Laan
bf702f7c78
Merge #20884: script: Improve robustness of bitcoind.service on startup
9d026546778629472574b26fa73338efc63d02da doc: Fix systemd spelling and link to doc/init.md (Hennadii Stepanov)
601778c3107adbd8d96eb0bb5c16a9d0a4b81594 script: Add Documentation key to bitcoind.service (Hennadii Stepanov)
d9392b724cae53b7a16fa5f84ebe152eea496502 script: Improve robustness of bitcoind.service on startup (Hennadii Stepanov)

Pull request description:

  If network interfaces are not properly up the following happens:
  ```
  ...
  2021-01-08T10:17:11Z scheduler thread start
  2021-01-08T10:17:11Z libevent: getaddrinfo: address family for nodename not supported
  2021-01-08T10:17:11Z Binding RPC on address 127.0.0.1 port 8332 failed.
  2021-01-08T10:17:11Z HTTP: creating work queue of depth 16
  2021-01-08T10:17:11Z Using random cookie authentication.
  2021-01-08T10:17:11Z Generated RPC authentication cookie /var/lib/bitcoind/.cookie
  2021-01-08T10:17:11Z HTTP: starting 2 worker threads
  2021-01-08T10:17:11Z init message: Loading banlist...
  2021-01-08T10:17:11Z SetNetworkActive: true
  2021-01-08T10:17:11Z Error: Cannot resolve -externalip address: <EDITED>
  2021-01-08T10:17:11Z Shutdown: In progress...
  2021-01-08T10:17:11Z scheduler thread exit
  2021-01-08T10:17:11Z Shutdown: done
  ```

  This PR improves robustness on startup in such cases in documented way:
  https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

  Also minor doc improvements are added.

ACKs for top commit:
  Sjors:
    ACK 9d02654
  practicalswift:
    ACK 9d026546778629472574b26fa73338efc63d02da: patch looks correct
  darosior:
    ACK 9d026546778629472574b26fa73338efc63d02da -- been using the first patch too

Tree-SHA512: 38294f5682c09e6ea9008de7d7459098c920cf1b98ad8ef8a5d2ca01f2f781c0fec5591dc40ef36eeb19d94991b0c7fb7cb38c4e716bc7219875c9bcd0a55e1b
2024-01-16 09:29:46 -06:00
laanwj
2ce8f7716f
Merge bitcoin/bitcoin#25197: contrib: Remove keys that are no longer used for merging
d4b3dc5b0a726cc4cc7a8467be43126e78f841cf contrib: Remove keys that are no longer used for merging (Hennadii Stepanov)

Pull request description:

  See:
  - https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-10-21#726591
  - https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-12-09#750000

  Also updated `trusted-git-root` to be right after **meshcollider**'s last merge.

  The latest similar change was bitcoin/bitcoin#7713.

  A related discussion on [IRC](https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-10-22#727090):
  > [12:28](https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-10-22#727090) \<MarcoFalke> jonasschnelli: I was about to ask you whether you planned to remove your fingerprint from the "trusted-keys" for merging, but it looks like this will break verify-commits ...
  > [12:31](https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-10-22#727091) \<laanwj> you would also have a add all his merge commits to exceptions, i guess
  > [12:32](https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-10-22#727092) \<laanwj> or patch the script to allow different key for different ranges of commits
  > [13:15](https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-10-22#727118) \<jonasschnelli> MarcoFalke: I had no plan to remove my keyid,… would that make sense and how would you fix verify commits?
  > [13:16](https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-10-22#727119) \<jonasschnelli> Ideally, we should set en expiration date next to those keyid

ACKs for top commit:
  laanwj:
    ACK d4b3dc5b0a726cc4cc7a8467be43126e78f841cf

Tree-SHA512: 6c23c932288b56b546a9ba45288205fae063e3f98ff308393acffd5d79eb5097417de1c3d8e865a3f66734740ca2388b2452c3c810e45cdf3b15ccfa215f574e
2024-01-14 11:05:37 -06:00
UdjinM6
f72650d2de
feat: Set client version for non-release binaries and version in guix based on git tags (#5653)
## Issue being fixed or feature implemented
Client version string is inconsistent. Building `v20.0.0-beta.8` tag
locally produces binaries that report `v20.0.0-beta.8` version but
binaries built in guix would report
`v20.0.0rc1-g3e732a952226a20505f907e4fd9b3fdbb14ea5ee` instead. Building
any commit after `v20.0.0-beta.8` locally would result in versions like
`v20.0.0rc1-8c94153d2497` which is close but it's still yet another
format. And both versions with `rc1` in their names are confusing cause
you'd expect them to mention `beta.8` instead maybe (or is it just me?
:D ).

## What was done?
Change it so that the version string would look like this:
on tag: ~`v20.0.0-beta.8-dev` or `v20.0.0-beta.8-gitarc`~
`v20.0.0-beta.8`
post-tag: ~`v20.0.0-beta.8-1-gb837e08164-gitarc`~
`v20.0.0-beta.8-1-gb837e08164`

post-tag format is
`recent tag`-`commits since that tag`-`g+12 chars of commit hash`-`dirty
(optional)` ~-`dev or gitarc`~

~`dev`/`gitarc` suffixes should help avoiding confusion with the release
versions and they also indicate the way non-release binaries were
built.~

Note that release binaries do not use any of this, they still use
`PACKAGE_VERSION` from `configure` like before.

Also, `CLIENT_VERSION_RC` is no longer used in this setup so it was
removed.

Few things aren't clear to me yet:
1. Version bump in `configure.ac` no longer affects the reported version
(unless it's an actual release). Are there any downsides I might be
missing?
2. Which tag should we use on `develop` once we bump version in
configure? `v21.0.0-init`? `v21.0.0-alpha1`?
3. How is it going to behave once `merge master back into develop` kind
of PR is merged? E.g. say `develop` branch is on `v21.0.0-alpha1` tag
and we merge v20.1.0 from `master` back into it. Will this bring
`v20.1.0` release tag into `develop`? Will it become the one that will
be used from that moment? If so we will probably need another tag on
`develop` every time such PR is merged e.g. `v21.0.0-alpha2` (or
whatever the next number is).

Don't think these are blockers but would like to hear thoughts from
others.

## How Has This Been Tested?
Built binaries locally, built them using guix at a specific tag and at
some commit on top of it.

## Breaking Changes
n/a

## Checklist:
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2024-01-11 21:43:42 -06:00
PastaPastaPasta
a7eeda5d3f
feat: use a self-signed windows code signing certificate instead of e… (#5814)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

## Issue being fixed or feature implemented
Implement a new code-singing certificate for windows. 

Previously we used a certificate issued by DigiCert, however that
certificate recently expired. A renewed certificate would cost roughly
$200/year at the cheapest CAs and $370/year with DigiCert. EV
certificates are relatively novel types of certificates that start out
with positive reputation, reducing smart screen popups for users. EV
certificates start at $270/year.

As a result we had (/have) 4 options:
1. Get a new code signing certificate from a trusted CA
- - Pro: Certificate gains reputation over time in smart screen and
binaries are signed
- - Pro: Shows "Verified Publisher" and "Dash Core Group Inc" on install
- - Con: Costs, feels manipulative to pay at least $600 simply for
someone to sign a certificate
2. Get a new EV code signing certificate
- - Pro: Certificate starts with good reputation and gains reputation
over time
- - Con: Even greater costs for a signature that says that we are from
Dash Core Group
3. Continue signing with the expired certificate
- - Con: This is, it has been discovered, a terrible idea and these
binaries are treated worse than unsigned binaries
4. Deliver unsigned windows binaries
- - Pro: Binary will gain reputation over time as users download it
- - Pro: Easy, is what it says on the tin
- - Con: Binaries are completely unsigned, could be tampering or
corruption issues that go undetected
- - Con: Will visibly state "Unknown Publisher"
5. Deliver self-signed windows binaries
- - Pro: Binary will gain reputation over time as users download it
- - Pro: *Possibility* that certificate will gain reputation over time
as users download binaries signed by it. It may also be that only
certificates issued by a CA will gain reputation over time.
- - Pro: Binaries are still signed
- - Pro: Users have the option to import certificate into keychain to
remove "Unknown Publisher"
- - Pro: In limited testing, install is sometimes is treated better than
unsigned, otherwise is treated the same
- - Con: may appear sketchy, as Root CA is not a trusted Root CA
- - Con: will display "Unknown Publisher" to most users
- - Con: greater potential uncertainty around future changes to
treatment of self signing systems

Based on the above discussion and testing, the best route currently is
option 5; that is what this PR implements. In the future it may make
sense to move towards a codesigning certificate issued by a trusted CA.

The root certificate authority has the following information

![image](https://github.com/dashpay/dash/assets/6443210/66a90588-9bd9-4fe5-902c-04e8d1e47b6f)
with a sha256 fingerprint of `46 84 FF 27 11 D7 C8 C5 BB FA D1 55 41 B3
F0 43 77 97 AC 67 4C 32 19 AE B4 E7 15 11 1F BB 42 A0`

The code signing certificate is issued by the root CA, has a common name
of "Dash Core Windows Signing" and a sha256 fingerprint of `1A 09 54 6E
D3 81 E9 FC AD 62 44 32 35 40 39 FF 5F A7 30 0E 5E 03 C4 E0 96 5A 62 AA
19 2B 79 EE`. This certificate is only authorized for the purpose of
code signing.

## What was done?

## How Has This Been Tested?
Multiple users installing binaries of type 1,3,4 and 5. 

## Breaking Changes
This new windows signing certificate should be documented in the release
notes.

## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- - [x] I have performed a self-review of my own code
- - [ ] I have commented my code, particularly in hard-to-understand
areas
- - [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- - [ ] I have made corresponding changes to the documentation
- - [x] I have assigned this pull request to a milestone _(for
repository code-owners and collaborators only)_


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKVkDYuyHioH9PCArUlJ77avoeYQFAmWfAbUACgkQUlJ77avo
eYTSCBAAuDEoWABdonIMs/4RaYP+DGTULltRu9CHBAqYuksXrl/4iV0r17DPSWWW
L/5vLNAUTI47Tsa7R45ZPb0hR8VPMBkvxTQipKBYK7vZpwefcR4VOprEBJJ0Bl3g
ZHtAVjZbcANEIAW3SlaiOgWbxWGKfDyM7gN3aNfoidMFBefbcYKEttuAGCnktWRI
Y3eLMGPCpxOVB0O1nLU+pzwixAWXOeVChiK31ecFfQrF3JmUc12yiFUI+OJTogg4
0G2GMIQYHiVwclj8hSWT/yZfjcyxXdLYqkmH4Nr5mye39hRI2aUQEkmkYOy8pjcB
ykKLg8JpUg/zg6GSuS6mFJnd5NHq5iSBxSRHPfR8xij1xFpmdgAaNCw4/6j9PEXB
l8cfuJ7hgX3yX09L4p2E4t7MYpM8igaenAIWAK37hmKs1WADBmaj/nf6ThKhjvzI
2GR0FOzm6Is36KYvdUQJDE0g70g31SvGy+qjlcK49MtX6BvecYt+dg8AaNZ5FIn7
d1kFI4NXM6JX2WdiHMenz5d+oFYRS/P1sXjQ1wtl9HSkiZQQkEBbgiWXfh+EXjpW
fNc8cej2LLCNZlhVcpffF8UaINsMTZVQsEGWGInjSi5eCs/YNrqL8XDdC/8mmZCu
cNvp0QBtQ+4lpbUSdhFUdgic0MRCsdeHuYIBfvPJN9tl8McbknA=
=kL6E
-----END PGP SIGNATURE-----
2024-01-11 09:38:43 -06:00
fanquake
7a39d5d031
Merge #19172: test: Do not swallow flake8 exit code
5d77549d8b287eb773db695b88c165ebe3be1005 doc: Add mypy to test dependencies (Hennadii Stepanov)
7dda912e1c28b02723c9f24fa6c4e9003d928978 test: Do not swallow flake8 exit code (Hennadii Stepanov)

Pull request description:

  After #18210 the `flake8` exit code in `test/lint/lint-python.sh` just not used that makes the linter broken.

  This PR:
  - combines exit codes of `flake8` and `mypy` into the  `test/lint/lint-python.sh` exit code
  - documents `mypy` as the test dependency

ACKs for top commit:
  MarcoFalke:
    Approach ACK 5d77549d8b287eb773db695b88c165ebe3be1005, fine with me
  practicalswift:
    ACK 5d77549d8b287eb773db695b88c165ebe3be1005

Tree-SHA512: e948ba04dc4d73393967ebf3c6a26c40d428d33766382a0310fc64746cb7972e027bd62e7ea76898b742a656cf7d0fcda2fdd61560a21bfd7be249cea27f3d41
2024-01-10 12:07:54 -06:00
UdjinM6
52f04119f9
build: Disable miner for Windows binaries built via Guix (#5801)
## Issue being fixed or feature implemented
We had this in Gitian
https://github.com/dashpay/dash/blob/master/contrib/gitian-descriptors/gitian-win.yml#L38.
We also had it for macos
https://github.com/dashpay/dash/blob/master/contrib/gitian-descriptors/gitian-osx.yml#L42
but it looks like it's no longer an issue there (or at least I did not
see anyone complaining about it).

## What was done?
tweak `CONFIGFLAGS` for `mingw` host

## How Has This Been Tested?
n/a

## Breaking Changes
n/a

## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2024-01-09 07:56:44 -06:00
Konstantin Akimov
f1a02c1c3d
chore: update udjin's expired builder's key 2024-01-06 19:25:49 -06:00
Konstantin Akimov
bf883268c1
chore: update expired pasta's builder key 2024-01-06 19:25:46 -06:00
laanwj
15201445f1
Merge bitcoin/bitcoin#24491: contrib: fix implicit function decleration in win symbol check
e4e9dd3a287f134356044f636e189da704de8ed4 contrib: fix implicit function decleration in win symbol check (fanquake)

Pull request description:

  ```bash
  test3.c: In function 'main':
  test3.c:6:21: warning: implicit declaration of function 'CoFreeUnusedLibrariesEx' [-Wimplicit-function-declaration]
      6 |                     CoFreeUnusedLibrariesEx(0,0);
  ```

  ```bash
  bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
  1907745369f13b0b01583795e395b7e8ecda174a8a3b6309184b14609bfdcb20  guix-build-e4e9dd3a287f/output/dist-archive/bitcoin-e4e9dd3a287f.tar.gz
  6973025bd46acdbc327118541f26d36885434305d20a7fa33e0db61f66f8b930  guix-build-e4e9dd3a287f/output/x86_64-w64-mingw32/SHA256SUMS.part
  4cdc4efc0d27b3fcfb8f36244dfd956d19ae5df0414dcc23e733c88188f1f93a  guix-build-e4e9dd3a287f/output/x86_64-w64-mingw32/bitcoin-e4e9dd3a287f-win-unsigned.tar.gz
  022e9743b13f5366cd0f4b52ff8350b42d8c6a506c98363071501a6c4ac735f1  guix-build-e4e9dd3a287f/output/x86_64-w64-mingw32/bitcoin-e4e9dd3a287f-win64-debug.zip
  62e65f04fdcacb3d3fbcffbea5204f723f2b27a5f9a62a77abaf0b7ee7de3744  guix-build-e4e9dd3a287f/output/x86_64-w64-mingw32/bitcoin-e4e9dd3a287f-win64-setup-unsigned.exe
  d773f5ba6afe456b7b5286f0cf98bcb711da8087b96a31f2e38f9c43af44fe96  guix-build-e4e9dd3a287f/output/x86_64-w64-mingw32/bitcoin-e4e9dd3a287f-win64.zip
  ```

ACKs for top commit:
  laanwj:
    Code review ACK e4e9dd3a287f134356044f636e189da704de8ed4
  hebasto:
    ACK e4e9dd3a287f134356044f636e189da704de8ed4, tested on Ubuntu 22.04.

Tree-SHA512: e075b052f848a654ed11fb8bc29e2a7b015ab2b44878535d84ac61ecec507410d68e866526c5e0acd1b1b99e65c9d738231208cbb676c8d3f73691317c94c9e0
2024-01-01 17:48:18 -06:00
W. J. van der Laan
1e374be334
Merge bitcoin/bitcoin#23658: contrib: add check for wget command in install_db4.sh
b062da009001c1beb362169d700663d7220eef5e contrib: add check for wget command in install_db4.sh (Florian Baumgartl)

Pull request description:

  This PR is motivated by 7bb8eb0bc3 commit (see also https://github.com/bitcoin/bitcoin/pull/23579) and ensures that `install_db4.sh` will check for `curl` and `wget` utilities. Currently, the conditional statement in the `http_get()` function assumes that `wget` is always available but we actually do not know it since there is no check or validation for the `wget` command. So let's make sure that we check for both commands and print an error message if they are missing.

ACKs for top commit:
  jamesob:
    ACK b062da0090
  laanwj:
    Tested ACK b062da009001c1beb362169d700663d7220eef5e
  shaavan:
    ACK b062da009001c1beb362169d700663d7220eef5e

Tree-SHA512: bfc1ccad9a5b99764b759e02dde1976616c2af4747b7d5af8e71d33624c2cb21d93a09a60d244756e86bbd5fd7541331c62d7eb84d3458b6a059f1d9cb2a5f42
2023-12-26 22:26:20 -06:00
W. J. van der Laan
f0c41e8118
Merge bitcoin/bitcoin#23579: script install_db4.sh check for patch command before continuing to install db4
7bb8eb0bc352b47ee962283898f9becbb4f36c62 script install_db4.sh added check for patch command (Nathan Garabedian)

Pull request description:

  First contribution.  I've read the CONTRIBUTING guide and hope I'm doing this correctly, but please kindly point out anything I should do differently.

  I found while running the contrib/install_db4.sh patch that it would fail suddenly with "patch: command not found".  I'd rather see it fail early before doing any work, allow me to install the `patch` command, and then run again.  (CentOS Linux) Here's a PR proposed to fix it.

  error message:
  ```
  ...
  db-4.8.30.NC/txn/txn_rec.c
  db-4.8.30.NC/txn/txn_region.c
  db-4.8.30.NC/txn/txn_stat.c
  db-4.8.30.NC/txn/txn_util.c
  ./contrib/install_db4.sh: line 71: patch: command not found
  ```

ACKs for top commit:
  laanwj:
    Code review and tested ACK 7bb8eb0bc352b47ee962283898f9becbb4f36c62

Tree-SHA512: f0c59ec509dff6637c41eec2923fe708456c3a7ae04495b12c5492681a1f95d1d9a643a2649df13ba8e6ac708680c627657b6989b62eff63be021e92e1d7c4a8
2023-12-26 22:26:19 -06:00
Konstantin Akimov
b5dc598525
chore: add builder key for knst (#5786)
## What was done?
Add builder key for @knst 

## How Has This Been Tested?
It is the same file with:
https://github.com/dashpay/guix.sigs/blob/master/builder-keys/knst.pgp
Checked a signature of guix.sigs for 20.0.2: `gpg --status-fd 1 --verify
20.0.2/knst/codesigned.SHA256SUMS.asc` - matched.


## Breaking Changes
N/A

## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone
2023-12-22 14:16:45 -06:00
PastaPastaPasta
3855f9775e
chore: do not include dash-qt in the docker images (#5775)
## Issue being fixed or feature implemented
Remove dash-qt from docker images; save ~41MB

## What was done?


## How Has This Been Tested?
Hasn't

## Breaking Changes
I guess in theory someone could've been relying on dash-qt from docker 🤷

## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-12-21 21:59:01 -06:00
Konstantin Akimov
75b6c4471f cleanup: remove release_alpha.yml workflow and Dockerfile for GitHubActions 2023-12-06 12:40:58 -06:00
Konstantin Akimov
0b4f419d17 cleanup: drop Gitian mentioning from Dockerfile 2023-12-06 12:40:58 -06:00
Konstantin Akimov
be332a0c5d cleanup: remove dash's specific gitian files 2023-12-06 12:40:58 -06:00
MarcoFalke
1c0cb3e8cc Merge bitcoin/bitcoin#22418: release: Remove gitian
ab9c34237ab7b056394e0bd1f7cb131ffd95754c release: remove gitian (fanquake)

Pull request description:

  Note that this doesn't yet touch any glibc back compat related code.

ACKs for top commit:
  laanwj:
    Code review ACK ab9c34237ab7b056394e0bd1f7cb131ffd95754c

Tree-SHA512: 8e2fe3ec1097f54bb11ab9136b43818d90eab5dbb0a663ad6a552966ada4bdb49cc12ff4e66f0ec0ec5400bda5c81f3a3ce70a9ebb6fe1e0db612da9f00a51a7
2023-12-06 12:40:58 -06:00
fanquake
bfe050d1ca Merge #21437: gitian, ci: Drop unneeded python3-dev package for macOS builds
e4c0cada791135e2d0a36638541c03feff0bd6bc ci, gitian: Drop unneeded python3-dev package for macOS builds (Hennadii Stepanov)

Pull request description:

ACKs for top commit:
  fanquake:
    ACK e4c0cada791135e2d0a36638541c03feff0bd6bc - gitian builds match and I checked that this doesn't end up installed as a side-effect of another package.

Tree-SHA512: 520a3909b106a0e005b195c5395691edf62b76ee2df43b6971b7aa193648d68e6dac69cb4f1dc474f594b015a2fc2074061865e571d89365174beb5c1780356f
2023-12-06 12:40:58 -06:00
PastaPastaPasta
2099a5c2e5
fix: use proper GitHub.repository and add an echo for testing (#5757)
## Issue being fixed or feature implemented


## What was done?
Add an echo

## How Has This Been Tested?

## Breaking Changes
None

## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-12-06 12:24:12 -06:00
fanquake
2da9982e55 Merge #17829: scripted-diff: Bump copyright of files changed in 2019
aaaaad6ac95b402fe18d019d67897ced6b316ee0 scripted-diff: Bump copyright of files changed in 2019 (MarcoFalke)

Pull request description:

ACKs for top commit:
  practicalswift:
    ACK aaaaad6ac95b402fe18d019d67897ced6b316ee0
  promag:
    ACK aaaaad6ac95b402fe18d019d67897ced6b316ee0 🎉
  fanquake:
    ACK aaaaad6ac95b402fe18d019d67897ced6b316ee0 - going to merge this now because the year is over and conflicts are minimal.

Tree-SHA512: 58cb1f53bc4c1395b2766f36fabc7e2332e213780a802762fff0afd59468dad0c3265f553714d761c7a2c44ff90f7dc250f04458f4b2eb8eef8b94f8c9891321
2023-12-06 11:40:14 -06:00
fanquake
693abb2083 Merge bitcoin/bitcoin#22538: doc: fix command typo in guix README
198ceb82f91bfdeac6e143ca7433f4a524f6f36f script, doc: guix touchups (jonatack)
d7b7f610a53aa62bd82f6704a9c518a93c896963 Updated Readme, Corrected the codesign typo (h)

Pull request description:

ACKs for top commit:
  jamesob:
    ACK 198ceb82f9
  jonatack:
    ACK 198ceb82f91bfdeac6e143ca7433f4a524f6f36f

Tree-SHA512: 408360cebb51cff330fdd5d5d8ae91a168cdc99fb1377913fd9119e6eba536e58f87ff5c5b479e21a21fa3403323b137c338005bbd67e6fd24314929cdff9325
2023-12-03 20:13:09 -06:00
UdjinM6
bc9af856ec
ci: Bump Guix build timeout and implement cacheing (#5727)
## Issue being fixed or feature implemented
Hopefully fixes issues like
>The job running on runner ubuntu-core-x64_i-05ed4263b8e049c7a has
exceeded the maximum execution time of 360 minutes

https://github.com/dashpay/dash/actions/runs/6932017275


https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes

## What was done?
Bump timeouts for the job itself and for the corresponding step. Also,
implemented caching for `.cache` and `depends` folders.

## How Has This Been Tested?
#5729


https://github.com/dashpay/dash/actions/runs/6996271543/job/19031968814?pr=5729

## Breaking Changes
n/a

## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-12-01 09:11:35 -06:00
fanquake
007076d372 Merge bitcoin/bitcoin#24603: macdeploy: remove unused detached-sig-apply.sh
979271a5d9ff887cb2efb199feaf9602c9b2086d macdeploy: remove unused detached-sig-apply (fanquake)

Pull request description:

  Signature application is now done with signapple.

  8435d7f11a/contrib/guix/libexec/codesign.sh (L84-L85)

ACKs for top commit:
  laanwj:
    ACK 979271a5d9ff887cb2efb199feaf9602c9b2086d
  gruve-p:
    ACK 979271a5d9
  achow101:
    ACK 979271a5d9ff887cb2efb199feaf9602c9b2086d
  hebasto:
    ACK 979271a5d9ff887cb2efb199feaf9602c9b2086d, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: ab51a609d00cead4f33bcfc5b5ff1008ee02363ab1f4c4bf9544631069c237bfa92eac4dfa231bff8a1d702bda6cc92b4151361f74f58e77b595e0cb82a8391a
2023-11-24 11:23:46 -06:00
laanwj
8b61966944 Merge bitcoin/bitcoin#24669: build: further consolidate macOS deployment
3d415215699e718b3f6eea6e3c9fb2948476f930 build: perform /Applications symlink generation in macdeployqtplus (fanquake)
dac693671928aa3fc304e6a802abfffb2f4ec8fd build: perform all .tiff copying in macdeployqtplus (fanquake)

Pull request description:

  Rather than maintaining 2 different versions of the same code (`.tiff` copying and symlink generation), consolidate to just the Python code, and use it on macOS and Linux. Previously Linux would  perform the 2 actions in the makefile, and then would still be running the `macdeployqtplus` script, so it makes sense to further consolidate deployment operations into the script.

  Guix Build (on x86_64):
  ```bash
  23343f04c426c7ff078afae4e600a7028970d4d86eed8b7834696d9e4d684151  guix-build-3d415215699e/output/arm64-apple-darwin/SHA256SUMS.part
  c28b2a2e4888bf84369aa25804e2576347d5ab09416354ec8b95c76a9d38ff96  guix-build-3d415215699e/output/arm64-apple-darwin/bitcoin-3d415215699e-arm64-apple-darwin-unsigned.dmg
  9a57077b2bd722a7d85d26b66cbce5abdb791985fe9d9d37e884c79ba8751e24  guix-build-3d415215699e/output/arm64-apple-darwin/bitcoin-3d415215699e-arm64-apple-darwin-unsigned.tar.gz
  d2b06dc5b86541798ace41dab569849f7403e7ff9ec329bda671ec84e6fad549  guix-build-3d415215699e/output/arm64-apple-darwin/bitcoin-3d415215699e-arm64-apple-darwin.tar.gz
  608e7d51a44ab9c5b28eb3703a0f4fe98b4adff22c77a5502786b84bd96cc188  guix-build-3d415215699e/output/dist-archive/bitcoin-3d415215699e.tar.gz
  3e483705b1f9f1fb8f6afedc8ad0214a6cb00e77f766c0b03c42d56f410d4362  guix-build-3d415215699e/output/x86_64-apple-darwin/SHA256SUMS.part
  9370e3e3b7d47b5a44e64554cf3b6d7e0671b072c08cd251eacc7ec72ce2b53f  guix-build-3d415215699e/output/x86_64-apple-darwin/bitcoin-3d415215699e-x86_64-apple-darwin-unsigned.dmg
  ad0f68682d78c311497669fc3d627138be37510215d259b5f0b686d93e7d83b7  guix-build-3d415215699e/output/x86_64-apple-darwin/bitcoin-3d415215699e-x86_64-apple-darwin-unsigned.tar.gz
  e09dce4ff692ef66d1f4818083c1880bcf3a79c53112561d9e929bb6e5ffc011  guix-build-3d415215699e/output/x86_64-apple-darwin/bitcoin-3d415215699e-x86_64-apple-darwin.tar.gz
  ```

ACKs for top commit:
  laanwj:
    Re-ACK 3d415215699e718b3f6eea6e3c9fb2948476f930

Tree-SHA512: 80dd66a6e94c5b3e8823ccb57dcb08a8851a1e70a154b62385443f8d2d5ed5af900a0ac5003143959863586f1c7b90002fe6bff3ca5e37697253e051f69d7629
2023-11-24 11:23:46 -06:00
fanquake
23adfb7bfd Merge bitcoin/bitcoin#22546: build, qt: Fix make deploy on M1-based macOS with system frameworks
1513727e2b38800c694d1204cb454cc6fabc4937 build, qt: (Re-)sign package (Hennadii Stepanov)
c26a0a5af76bed9c2eb65f1a19725508c55299e8 build, qt: Align frameworks with macOS codesign tool requirements (Hennadii Stepanov)

Pull request description:

  Fixes #22403

  This PR follows Apple [docs](https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-universal-apps-release-notes):
  >  - New in macOS 11 on Macs with Apple silicon, and starting in macOS Big Sur 11 beta 6, the operating system enforces that any executable must be signed before it’s allowed to run. There isn’t a specific identity requirement for this signature: a simple ad-hoc signature is sufficient...
  >  - ... If you use a custom workflow involving tools that modify a binary after linking (e.g. `strip` or `install_name_tool`) you might need to manually call `codesign` as an additional build phase to properly ad-hoc sign your binary. These new signatures are not bound to the specific machine that was used to build the executable, they can be verified on any other system and will be sufficient to comply with the new default code signing requirement on Macs with Apple silicon...

  When building with system Qt frameworks (i.e., without depends), a new string has been added to the `make deploy` log on M1-based macOS:
  ```
  % make deploy
  ...
  + Generating .DS_Store +
  dist/Bitcoin-Qt.app: replacing existing signature
  + Preparing .dmg disk image +
  ...
  ```

  This PR does not change build system behavior:
  - when building with depends
  - on Intel-based macOS

ACKs for top commit:
  jarolrod:
    ACK 1513727e2b38800c694d1204cb454cc6fabc4937
  fanquake:
    ACK 1513727e2b38800c694d1204cb454cc6fabc4937 - although didn't test on M1 hardware. Given the forced signing is scoped to only occur when running the deploy script on macOS, this doesn't interfere with our release signing.

Tree-SHA512: 3aa778fdd6ddb54f029f632f2fe52c2ae3bb197ba564cb776493aa5c3a655bd51d10ccbe6c007372d717e9b01fc4193dd5c29ea0bc7e069dcae7e991ae259f0c
2023-11-24 11:23:46 -06:00
fanquake
736b7a47f1 Merge bitcoin/bitcoin#22199: macdeploy: minor fixups and simplifications
0a5723beea9c909b437e8c3fa434506019c1198c macdeploy: cleanup .temp.dmg if present (fanquake)
ecffe8689dfbdc33deba8119376dcc8f208f0f72 macdeploy: remove qt4 related code (fanquake)
639f0642539c6b5ba9bc7b39bb8bb52752029bee macdeploy: select the plugins we need, rather than excluding those we don't (fanquake)
3d26b6b9e928e3cdc4b3d8d1f66ec7ed022b411b macdeploy: fix framework printing when passing -verbose (fanquake)
dca6c9032993f2bbf8047751d52f2a5c7ebd3ee4 macdeploy: remove unused plistlib import (fanquake)

Pull request description:

  This includes [one followup](https://github.com/bitcoin/bitcoin/pull/20422#discussion_r534207899) and [one bug fix](3d26b6b9e9) from #20422, as well as some simplifications to the `macdeployqtplus` code.

ACKs for top commit:
  hebasto:
    ACK 0a5723beea9c909b437e8c3fa434506019c1198c, tested on macOS Big Sur 11.4 (20F71, x86_64) + Homebrew's Qt 5.15.2.

Tree-SHA512: cfad9505eacd32fe3a9d06eb13b2de0b6d2cad7b17778e90b503501cbf922e53d4e7f7f74952d1aed58410bdae9b0bb3248098583ef5b85689cb27d4dc06c029
2023-11-24 11:23:46 -06:00
UdjinM6
1d9991fe24
fix: pass GITHUB_REPOSITORY into Dockerfile.GitHubActions.Release (#5724)
## Issue being fixed or feature implemented
Should hopefully fix
https://github.com/dashpay/dash-dev-branches/actions/runs/6939402277/job/18876687119

#5716 follow-up

## What was done?
`$GITHUB_REPOSITORY` is not available inside docker, pass it inside

## How Has This Been Tested?

## Breaking Changes
n/a

## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-11-24 11:23:10 -06:00
PastaPastaPasta
1908f51baa
ci: change Dockerfile.GitHubActions.Release to use local repo and not always dashpay/dash (#5716)
## Issue being fixed or feature implemented
In order to provide nightly builds over at dash-dev-branches we need to
be able to run this automation with other REPOs

## What was done?
Make it repo specific.

## How Has This Been Tested?
Hasn't yet

## Breaking Changes
None

## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-11-20 22:15:07 -06:00
UdjinM6
7fc8a04e1c
fix: make CONFIGFLAGS optional (#5713)
## Issue being fixed or feature implemented
make it possible to run `./contrib/guix/guix-build` without specifying
`CONFIGFLAGS`

## What was done?

## How Has This Been Tested?
run `./contrib/guix/guix-build` w/ and w/out this patch

## Breaking Changes
n/a

## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-11-16 13:19:18 -06:00
PastaPastaPasta
a81310ad2c
build(guix): add debug symbols for osx (#5708)
## Issue being fixed or feature implemented
Add debug symbols for Darwin

## What was done?
Added Darwin debug symbols and combine them as output

## How Has This Been Tested?
guix build

## Breaking Changes
  _Please describe any breaking changes your code introduces_


## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_

---------

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2023-11-16 12:38:59 -06:00
UdjinM6
74f42218ce
build: let additional configure params to be passed into guix (#5705)
## Issue being fixed or feature implemented
Make it possible to pass additional configure params into Guix. This
could be used to setup various sets of nightly/debug builds which could
then be deployed automagically to catch potential issues early.

## What was done?


## How Has This Been Tested?
`CONFIGFLAGS="--enable-debug" HOSTS="x86_64-linux-gnu"
./contrib/guix/guix-build`

## Breaking Changes
n/a

## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-11-16 12:11:11 -06:00
UdjinM6
7e55f09a98 chore: update mainnet seeds
```
cd contrib/seeds
dash-cli protx list valid 1 > protx.txt
./makeseeds.py protx.txt > nodes_main.txt
./generate-seeds.py . > ../../src/chainparamsseeds.h
```
2023-11-13 10:13:12 -06:00
Kittywhiskers Van Gogh
5d7367e366 merge bitcoin#22050: remove tor v2 support 2023-09-24 09:50:50 -05:00
Kittywhiskers Van Gogh
aa76506bc9 partial bitcoin#21560: Add Tor v3 hardcoded seeds
excludes:
- 2a257de113fd31539b68c28c47ef94f257b6e427
- 9b29d5df7fc555eaea42029f334f2995c6ccde3d
2023-09-24 09:50:50 -05:00
Pander
5e04b9f1d4
docs: improved Docker documentation (#5543)
## Issue being fixed or feature implemented
Make Dash on Docker Hub easier to find, a search on `dash` there does
not provide the result.

## What was done?
Improved Docker documentation in `contrib/containers/README.md`

## How Has This Been Tested?
n/a

## Breaking Changes
n/a

## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [x] I have made corresponding changes to the documentation
- [ ] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-09-19 21:26:43 +03:00
Konstantin Akimov
4aa197dbdb Merge #18673: scripted-diff: Sort test includes
fa4632c41714dfaa699bacc6a947d72668a4deef test: Move boost/stdlib includes last (MarcoFalke)
fa488f131fd4f5bab0d01376c5a5013306f1abcd scripted-diff: Bump copyright headers (MarcoFalke)
fac5c373006a9e4bcbb56843bb85f1aca4d87599 scripted-diff: Sort test includes (MarcoFalke)

Pull request description:

  When writing tests, often includes need to be added or removed. Currently the list of includes is not sorted, so developers that write tests and have `clang-format` installed will either have an unrelated change (sorting) included in their commit or they will have to manually undo the sort.

  This pull preempts both issues by just sorting all includes in one commit.

  Please be aware that this is **NOT** a change to policy to enforce clang-format or any other developer guideline or process. Developers are free to use whatever tool they want, see also #18651.

  Edit: Also includes a commit to bump the copyright headers, so that the touched files don't need to be touched again for that.

ACKs for top commit:
  practicalswift:
    ACK fa4632c41714dfaa699bacc6a947d72668a4deef
  jonatack:
    ACK fa4632c41714dfaa, light review and sanity checks with gcc build and clang fuzz build

Tree-SHA512: 130a8d073a379ba556b1e64104d37c46b671425c0aef0ed725fd60156a95e8dc83fb6f0b5330b2f8152cf5daaf3983b4aca5e75812598f2626c39fd12b88b180
2023-08-29 22:00:59 -05:00