mirror of
https://github.com/dashpay/dash.git
synced 2024-12-26 12:32:48 +01:00
8b054d49c7
22 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
fanquake
|
e4a6ea6032 |
Merge bitcoin/bitcoin#25861: guix: use --build={arch}-guix-linux-gnu in cross toolchain
56e79fe683d36c1944e52326fae3bcc4cb7deec7 guix: use --build={arch}-guix-linux-gnu in cross toolchain (fanquake)
Pull request description:
Technically we are always cross-compiling when Guix building, so make that explicit. `{arch}-guix-linux-gnu` is not a triplet that should be used in any other capacity, but here it serves the purpose of ensuring, that by setting `--build` to something other than `--host/--target`, we are always cross-compiling (in the eyes of autoconf etc) when building our cross toolchains. It looks like `x86_64-linux-gnu` on `x86_64-linux-gnu` currently works because of the triplet canonicalisation, i.e `x86_64-linux-gnu` becomes `x86_64-pc-linux-gnu`, and GCCs configure thinking it's cross-compiling, whereas the same canonicalisation doesn't happen for `aarch64-linux-gnu` so we don't get a cross-compile when building on aarch64.
Fixes: #22458.
Guix Build (x86_64):
```bash
e590e67d2b151e7d079f50393c61cacf9e65f5e3fdddc10bffd5dbb59cd9f5e3 guix-build-56e79fe683d3/output/aarch64-linux-gnu/SHA256SUMS.part
9222a733209dc73168722ee0f290831d1723f7ed55abc1e243dd3892ef9733f1 guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu-debug.tar.gz
a4ec01411195412e9a483397554d98b2db161a6be8aceee2dac78f0015f2a8e5 guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu.tar.gz
a4ff8f2538c1b3a63a3e7c92699c18164b2c4954ebd72c4a854bf7844e6131b6 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/SHA256SUMS.part
ac6e4dffcf6f49dac73d3677f3fe5edb08ee1127648bc7ec24b217f48a3a4d21 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf-debug.tar.gz
ab26467fce9732596b1713179618eee20c2bd44875dc1c39f9afd68f135e8ce4 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf.tar.gz
f44108d818d53ee7e70b44361cb3cc6841b7aecbe4fade1fa289263718620824 guix-build-56e79fe683d3/output/arm64-apple-darwin/SHA256SUMS.part
29adfb2d575be8b5a7092b2aff888af2084ad5783bdc74ae3de4b2dd84da7a26 guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.dmg
3d7640f604bd27cb1ae47853d70378a7631aa436b5c027eae31fa06d4dd20d4a guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.tar.gz
3f8d8fc49cf722a7a13640872762d045c14efd610fba908f0acc99a99032b903 guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin.tar.gz
b8df097e10e7acded8556a5681da2b0132c0d509b200792f5584c186b8dcaf24 guix-build-56e79fe683d3/output/dist-archive/bitcoin-56e79fe683d3.tar.gz
1a605c563038107b88e8d859fa045ca3087241340264eb7125e97b3af36874db guix-build-56e79fe683d3/output/powerpc64-linux-gnu/SHA256SUMS.part
d10be89a816ee2f47bf778ef4aaa8a7b548403c123a4b4b3aa0470ee7b9472d2 guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu-debug.tar.gz
839dd079d677c87a91ccc28f6c423657d98212350d3693ae2facb92082d10c88 guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu.tar.gz
200d7a72a7901b6788e70aa1c6fbbe16144e9dac29beb06242a9dcfe1e88acbe guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/SHA256SUMS.part
3d207bb57dc45f234d804a9ee615001aa28ac4b59b530a1e7d16d0a72c2ea514 guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu-debug.tar.gz
16a789c98409d36bd6b69a5ca38cd8886979f50f845265dc0b005c92286a3e4f guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu.tar.gz
e48f6fae9c2ffeb2bf02ffc073ac69648b2ce4ba87e0ad7a3a5059abf33b8ce2 guix-build-56e79fe683d3/output/riscv64-linux-gnu/SHA256SUMS.part
fa8d66af5f202e0c8968114af4dcd6d88099eb91d197dfaaa0144f8ae6b12f4a guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu-debug.tar.gz
86cffa62687f4272c899897ff6c1a86e1a7bdbbb7ab09a085b7b1122d3a1f1b2 guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu.tar.gz
e42a7c33da6ea4be5d0826df097bdc7e919c9fd6642e7d59fe3d45a97d9009fa guix-build-56e79fe683d3/output/x86_64-apple-darwin/SHA256SUMS.part
2f9faa88fa0025b9bfade83177b1f50833dc6c3be1ef26c4d5881aa165bcc537 guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.dmg
fdfe560968c85500dc886d4e12b851cd27a76de860b8cbf1fb6aac95ccd0582e guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.tar.gz
c3c75560befd72a9f13f5626ddf39c63ad25fb9753a4d941e48830b7e06f143e guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin.tar.gz
38100946ec1469fdd31aa8ea9e471b317dc278c298c106289c119016c2c0caa0 guix-build-56e79fe683d3/output/x86_64-linux-gnu/SHA256SUMS.part
67890771aad89dc0d20b8dcdc6b29bd838ace310e8bcbbc0d16d7afc87d3a474 guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu-debug.tar.gz
a9772b40c8b9d3c1a0bf9c9db2a60050415bf6a9bd4a19cfd8a038f4a1e712e3 guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu.tar.gz
01da0561f2c3a268c28615b1573dfdecb6346bf3f8eba7a052488191234ac1d6 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/SHA256SUMS.part
71324ac0f6fc8163e41031b2fd2d38d2e15bfd5ef4efe4cb45d7974fad474394 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-debug.zip
219b58281d3c79b2ed7e9085b1e15d7e021fd3899ef07a6ad747058b43d64443 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-setup-unsigned.exe
fe838d32587c2f942fcd9f9a0b3735611b686a867e2d2040cf3a8aa6a43d09fe guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-unsigned.tar.gz
13b537217a13293b93afd7c588b3733955c3188f79a3249b363fb4e885b74b32 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64.zip
```
Guix Build (arm64):
```bash
e590e67d2b151e7d079f50393c61cacf9e65f5e3fdddc10bffd5dbb59cd9f5e3 guix-build-56e79fe683d3/output/aarch64-linux-gnu/SHA256SUMS.part
9222a733209dc73168722ee0f290831d1723f7ed55abc1e243dd3892ef9733f1 guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu-debug.tar.gz
a4ec01411195412e9a483397554d98b2db161a6be8aceee2dac78f0015f2a8e5 guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu.tar.gz
a4ff8f2538c1b3a63a3e7c92699c18164b2c4954ebd72c4a854bf7844e6131b6 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/SHA256SUMS.part
ac6e4dffcf6f49dac73d3677f3fe5edb08ee1127648bc7ec24b217f48a3a4d21 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf-debug.tar.gz
ab26467fce9732596b1713179618eee20c2bd44875dc1c39f9afd68f135e8ce4 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf.tar.gz
f44108d818d53ee7e70b44361cb3cc6841b7aecbe4fade1fa289263718620824 guix-build-56e79fe683d3/output/arm64-apple-darwin/SHA256SUMS.part
29adfb2d575be8b5a7092b2aff888af2084ad5783bdc74ae3de4b2dd84da7a26 guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.dmg
3d7640f604bd27cb1ae47853d70378a7631aa436b5c027eae31fa06d4dd20d4a guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.tar.gz
3f8d8fc49cf722a7a13640872762d045c14efd610fba908f0acc99a99032b903 guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin.tar.gz
b8df097e10e7acded8556a5681da2b0132c0d509b200792f5584c186b8dcaf24 guix-build-56e79fe683d3/output/dist-archive/bitcoin-56e79fe683d3.tar.gz
1a605c563038107b88e8d859fa045ca3087241340264eb7125e97b3af36874db guix-build-56e79fe683d3/output/powerpc64-linux-gnu/SHA256SUMS.part
d10be89a816ee2f47bf778ef4aaa8a7b548403c123a4b4b3aa0470ee7b9472d2 guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu-debug.tar.gz
839dd079d677c87a91ccc28f6c423657d98212350d3693ae2facb92082d10c88 guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu.tar.gz
200d7a72a7901b6788e70aa1c6fbbe16144e9dac29beb06242a9dcfe1e88acbe guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/SHA256SUMS.part
3d207bb57dc45f234d804a9ee615001aa28ac4b59b530a1e7d16d0a72c2ea514 guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu-debug.tar.gz
16a789c98409d36bd6b69a5ca38cd8886979f50f845265dc0b005c92286a3e4f guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu.tar.gz
e48f6fae9c2ffeb2bf02ffc073ac69648b2ce4ba87e0ad7a3a5059abf33b8ce2 guix-build-56e79fe683d3/output/riscv64-linux-gnu/SHA256SUMS.part
fa8d66af5f202e0c8968114af4dcd6d88099eb91d197dfaaa0144f8ae6b12f4a guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu-debug.tar.gz
86cffa62687f4272c899897ff6c1a86e1a7bdbbb7ab09a085b7b1122d3a1f1b2 guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu.tar.gz
e42a7c33da6ea4be5d0826df097bdc7e919c9fd6642e7d59fe3d45a97d9009fa guix-build-56e79fe683d3/output/x86_64-apple-darwin/SHA256SUMS.part
2f9faa88fa0025b9bfade83177b1f50833dc6c3be1ef26c4d5881aa165bcc537 guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.dmg
fdfe560968c85500dc886d4e12b851cd27a76de860b8cbf1fb6aac95ccd0582e guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.tar.gz
c3c75560befd72a9f13f5626ddf39c63ad25fb9753a4d941e48830b7e06f143e guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin.tar.gz
38100946ec1469fdd31aa8ea9e471b317dc278c298c106289c119016c2c0caa0 guix-build-56e79fe683d3/output/x86_64-linux-gnu/SHA256SUMS.part
67890771aad89dc0d20b8dcdc6b29bd838ace310e8bcbbc0d16d7afc87d3a474 guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu-debug.tar.gz
a9772b40c8b9d3c1a0bf9c9db2a60050415bf6a9bd4a19cfd8a038f4a1e712e3 guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu.tar.gz
01da0561f2c3a268c28615b1573dfdecb6346bf3f8eba7a052488191234ac1d6 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/SHA256SUMS.part
71324ac0f6fc8163e41031b2fd2d38d2e15bfd5ef4efe4cb45d7974fad474394 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-debug.zip
219b58281d3c79b2ed7e9085b1e15d7e021fd3899ef07a6ad747058b43d64443 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-setup-unsigned.exe
fe838d32587c2f942fcd9f9a0b3735611b686a867e2d2040cf3a8aa6a43d09fe guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-unsigned.tar.gz
13b537217a13293b93afd7c588b3733955c3188f79a3249b363fb4e885b74b32 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64.zip
```
ACKs for top commit:
hebasto:
ACK 56e79fe683d36c1944e52326fae3bcc4cb7deec7
Tree-SHA512: 628ab6cda80069ad277107639bef21b44a8417198862e9ec89b45a2c41741d29aeb79aa58c5a90283fb96cf707494ae948ac790abde809bb18c86b14af999200
|
||
|
Konstantin Akimov
|
559190fb27 | docs: dashification of guix | ||
|
fanquake
|
caeab86593 |
Merge bitcoin/bitcoin#24215: [22.x] guix: ignore additional failing certvalidator test
b7ecef1ddf0c9f1f53ab220bee2e19a6b8978e34 guix: ignore additioanl failing certvalidator test (fanquake)
Pull request description:
Backports
|
||
|
fanquake
|
cee464caa3 |
Merge bitcoin/bitcoin#22465: guix: Pin kernel-header version, time-machine to upstream 1.3.0 commit
e6a94d44469f90f4dc88a07a5a8587730811c705 guix: Bump to version-1.3.0 from upstream (Carl Dong)
90fd13b954a364963f58e6cd12962c6f1986f79b guix: Pin kernel header version (Carl Dong)
Pull request description:
```
- Use 4.19 for riscv64 (earliest LTS release w/ riscv64 support)
- Use 4.9 for all others (second-oldest LTS release, released in
combination with glibc glibc 2.24 in Debian stretch)
```
```
The chosen commit is the HEAD of Guix's version-1.3.0 branch as of July
15th, 2021.
Also fix visual indenting.
```
-----
This + the documentation PR should make our Guix system ready for release!
ACKs for top commit:
MarcoFalke:
review ACK e6a94d44469f90f4dc88a07a5a8587730811c705 to change to vanilla guix. Did not review the kernel change.
laanwj:
ACK e6a94d44469f90f4dc88a07a5a8587730811c705
fanquake:
ACK e6a94d44469f90f4dc88a07a5a8587730811c705
Tree-SHA512: a175e4ddb3ee786a39f5e800ce336932ad2f6797a3a28400a6f723875d0f19833fd36cedc41b3580e4604110517211bd9f557be36adf7265fd8e591c434ae032
|
||
|
fanquake
|
7084e52141 |
Merge bitcoin/bitcoin#22365: guix: Avoid relying on newer symbols by rebasing our cross toolchains on older glibcs
647f7e5f1da1089d451f3c431efc635b8e87b064 guix: Also sort SHA256SUMS.part (Carl Dong)
dc4137a60c99979b89f75d2bddba96d043f387b8 guix: Build depends/qt with our platform definition (Carl Dong)
16b0a936e15b81710755303e11ef51f608b61475 guix: Rebase toolchain on glibc 2.24 (2.27 for riscv64) (Carl Dong)
Pull request description:
After this PR, we'll have the following:
- riscv64 -> build with a toolchain targeting glibc 2.27
- everything else -> builds with a toolchain targeting glibc 2.24, but will not have symbols > 2.17 (checked by `symbol-check.py`)
ACKs for top commit:
achow101:
reACK 647f7e5f1da1089d451f3c431efc635b8e87b064
hebasto:
ACK 647f7e5f1da1089d451f3c431efc635b8e87b064
MarcoFalke:
review ACK 647f7e5f1da1089d451f3c431efc635b8e87b064
fanquake:
ACK 647f7e5f1da1089d451f3c431efc635b8e87b064 - documentation can be fixed shortly.
Tree-SHA512: ddff57a5d7c053687b0a273720d4ad7d28c6fc8816226d4304869284d017af5e3630d4b57565d91e74f2e1b7583c9c83ee8b2e5e70e41d619ab618e602c97a94
|
||
|
fanquake
|
56d2bc249b |
Merge bitcoin/bitcoin#22182: guix: Overhaul how guix-{attest,verify} works and hierarchy
e2c40a4ed5272d72fea997bd936fba28bb753226 guix-attest: Error out if SHA256SUMS is unexpected (Carl Dong)
4cc35daed557f38b080360a89036b2e97a6f78c2 Rewrite guix-{attest,verify} for new hier (Carl Dong)
28a9c9b83924f585b397f0f3b8e9e73780ac0ad6 Make SHA256SUMS fragment right after build (Carl Dong)
Pull request description:
Based on: #22075
Code reviewers: I recommend reading the new `guix-{attest,verify}` files instead of trying to read the diff
The following changes resolve many usability improvements which were pointed out to me:
1. Some maintainers like to extract their "uncodesigned tarball" inside the `output/` directory, resulting in the older `guix-attest` mistakenly attesting to the extracted contents
2. Maintainers whose GPG keys reside on an external smartcard often need to physically interact with the smartcard as a way to approve the signing operation, having one signature per platform means a lot of fidgeting
3. Maintainers wishing to sign on a separate machine now has the option of transferring only a subtree of `output/`, namely `output/*/SHA256SUMS.part`, in order to perform a signature (you may need to specify an `$OUTDIR_BASE` env var)
4. An `all.SHA256SUMS` file should be usable as the base `SHA256SUMS` in bitcoin core torrents and on the release server.
For those who sign on an separate machine than the one you do builds on, the following steps will work:
1. `env GUIX_SIGS_REPO=/home/achow101/guix.sigs SIGNER=achow101 NO_SIGN=1 ./contrib/guix/guix-attest`
2. Copy `/home/achow101/guix.sigs/<tag>/achow101` (which does not yet have signatures) to signing machine
3. Sign the `SHA256SUMS` files:
```bash
for i in "<path-to-achow101>/*.SHA256SUMS"; do
gpg --detach-sign --local-user "<your-key-here>" --armor --output "$i"{.asc,}
done
```
5. Upload `<path-to-achow101>` (now with signatures) to `guix.sigs`
-----
After this change, output directories will now include a `SHA256SUMS.part` fragment, created immediately after a successful build:
```
output
└── x86_64-w64-mingw32
├── bitcoin-4e069f7589da-win64-debug.zip
├── bitcoin-4e069f7589da-win64-setup-unsigned.exe
├── bitcoin-4e069f7589da-win64.zip
├── bitcoin-4e069f7589da-win-unsigned.tar.gz
└── SHA256SUMS.part
```
These `SHA256SUMS.part` fragments look something like:
```
3ebd7262b1a0a5bb757fef1f70e7e14033c70f98c059bc4dbfee5d1992b25825 dist-archive/bitcoin-4e069f7589da.tar.gz
def2e7d3de5ab3e3f955344e75151df4f33713f9101f5295bd13c9375bdf633b x86_64-w64-mingw32/bitcoin-4e069f7589da-win64-debug.zip
643049fe3ee4a4e83a1739607e67b11b7c9b1a66208a6f35a9ff634ba795500e x86_64-w64-mingw32/bitcoin-4e069f7589da-win64-setup-unsigned.exe
a247a1ccec0ccc2e138c648284bd01f6a761f2d8d6d07d91b5b4a6670ec3f288 x86_64-w64-mingw32/bitcoin-4e069f7589da-win-unsigned.tar.gz
fab76a836dcc592e39c04fd2396696633fb6eb56e39ecbf6c909bd173ed4280c x86_64-w64-mingw32/bitcoin-4e069f7589da-win64.zip
```
Meaning that they are valid `SHA256SUMS` files when `sha256sum --check`'d at the `guix-build-*/output` directory level
When `guix-attest` is invoked, these `SHA256SUMS.part` files are combined and sorted (by `-k2`, `LC_ALL=C`) to create:
1. `noncodesigned.SHA256SUMS` for a manifest of all non-codesigned outputs, and
3. `all.SHA256SUMS` for a manifest of all outputs including non-codesigned outputs
Then both files are signed, resulting in the following `guix.sigs` hierarchy:
```
4e069f7589da/
└── dongcarl
├── all.SHA256SUMS
├── all.SHA256SUMS.asc
├── noncodesigned.SHA256SUMS
└── noncodesigned.SHA256SUMS.asc
```
ACKs for top commit:
achow101:
ACK e2c40a4ed5272d72fea997bd936fba28bb753226
hebasto:
ACK e2c40a4ed5272d72fea997bd936fba28bb753226, tested on Linux Mint 20.1 (x86_64) with and w/o `NO_SIGN=1`. Changes in `contrib/guix/libexec/codesign.sh` and `contrib/guix/guix-verify` are reviewed only.
Tree-SHA512: 618aacefb0eb6595735a9ab6a98ea6598fce65f9ccf33fa1e7ef93bf140c0f6cfc16e34870c6aa3e4777dd3f004b92a82a994141879870141742df948ec59c1f
|
||
|
fanquake
|
7297abfcaf |
Merge bitcoin/bitcoin#22190: Use latest signapple commit
683d197970a533690ca1bd4d06d021900e87cb8b Use latest signapple commit (Andrew Chow)
Pull request description:
Update gitian and guix to use the same latest signapple commit.
Also changed guix to use the actual repo. The changes from the fork were incorporated upstream.
ACKs for top commit:
fanquake:
ACK 683d197970a533690ca1bd4d06d021900e87cb8b - sanity checked that the updated package is built:
Tree-SHA512: a4981f8bbe33e6c5654632bc9b9f6f2f1e675741a19ac7296205e370f1e64a747101ecb632e0cc82a0134e4c2e9ce47b3f7b4d8c8f75f0f06dd069c078303759
|
||
|
W. J. van der Laan
|
033e30de8b |
Merge bitcoin/bitcoin#21239: guix: Add codesignature attachment support for osx+win
ee883201cf134952284632e9e9ae72bf1c8c792f guix: repro: Sort find output in libtool for gcc-8 (Carl Dong)
ee0a67c32a8861eab650bf8894af06807578eba0 codesigning: Use SHA256 as digest for osslsigncode (Windows) (Carl Dong)
38eb91eb0616ed6dbe34c23e11588d130fef07f8 guix: Add codesigning functionality (Carl Dong)
bac2690e6f683fcedb883fe1d32f3c33c628a141 guix: Package codesigning tools (Carl Dong)
0a2176d47767972e4cd5ed302c1dbeedece1708b guix: Reindent existing manifest.scm (Carl Dong)
c090a3e9238ba2df07875b4708e908d8dca4ed9b Makefile.am: use APP_DIST_DIR instead of hard-coding dist (Carl Dong)
Pull request description:
This is the last PR before we reach feature-parity with the Gitian process!
Note: I tried using the `Makefile` inside the distsrc to make the dmg instead of manually listing out the commands, but `make` seems to want to re-make a lot of other files which broke the dmg.
The workflow looks something like this:
1. `env [ FOO=bar... ] ./contrib/guix/guix-build` (add additional env vars as necessary)
2. Codesigners only:
1. Copy `guix-build-<short-id>/output/x86_64-apple-darwin18/bitcoin-<short-id>-osx-unsigned.tar.gz` and `guix-build-<short-id>/output/x86_64-w64-mingw32/bitcoin-<short-id>-win-unsigned.tar.gz` to signing computer
2. Codesign with `./detached-sig-create.sh` inside the tarball
3. Upload contents of `signature-{osx,win}.tar.gz` to https://github.com/bitcoin-core/bitcoin-detached-sigs (as a new tag)
3. Checkout new tag for `bitcoin-core/bitcoin-detached-sigs` with the detached signatures
4. `env [ FOO=bar... ] DETACHED_SIGS_REPO=<path/to/bitcoin-detached-sigs> ./contrib/guix/guix-codesign` (modify env vars as necessary)
5. Make sure `guix.sigs` is cloned and updated
6. `env GUIX_SIGS_REPO=<path/to/guix.sigs> SIGNER=0x96AB007F1A7ED999=dongcarl ./contrib/guix/guix-attest` (modify env vars as necessary)
7. Commit your new signatures and SHA256SUMS in `guix.sigs`
8. Optionally, after there are multiple signatures in `guix.sigs`: `env GUIX_SIGS_REPO=<path/to/guix.sigs> ./contrib/guix/guix-verify`
ACKs for top commit:
laanwj:
Tested ACK ee883201cf134952284632e9e9ae72bf1c8c792f
achow101:
ACK ee883201cf134952284632e9e9ae72bf1c8c792f
Tree-SHA512: e812a07a5f19f900600c70cb9c717769ef544a6c0c12760b5558b76b6b37df863257f3dbf38b0757e6e06e334470267e94c9f2bdbc27409d6837b1a0bfc6acbc
|
||
|
W. J. van der Laan
|
67efaa8808 |
Merge bitcoin/bitcoin#21799: guix: Use gcc-8 across the board
c90f6e51094a1ba4fb2aab35b78f23b6fda645d0 guix: Consistently use gcc-8 for $HOST (Carl Dong) Pull request description: Only non-base commit is the last commit: |
||
|
fanquake
|
7d78f06a92 |
partial Merge bitcoin/bitcoin#19817: build: macOS toolchain bump
a5550f877a2c46d01bb620ae051c0c8ed0fecd0b build: use -stdlib++-isystem with Clang 10 (fanquake) 51d9d1607f2e9d593693ca799393f068192e41aa guix: use Clang 10 for the macOS cross compile (fanquake) b80a6af9e55325d444e117e85bbfc76d88d898a8 build: no longer patch threading out of ld64 (fanquake) c29cba44b3706e0a2035e440e560f2d15d50433b build: Xcode 12.1, macOS SDK 10.15.6 (fanquake) 9ed2f19d385aa95f65807999bba2e18417b143dc build: native cctools 973.0.1, ld64 609 (fanquake) f48f187cce7fa43646fb0d796c244e1515e763ec build: Clang 10.0.1 (Hennadii Stepanov) 9b193cd2a3ca20917611fbed56dfbcd8a39aeab8 build: libtapi 1100.0.11 (fanquake) Pull request description: Bumps our macOS toolchain to be using the following: * Clang 10.0.1 (gitian) & Clang 10.0.0 (Guix) * ld64 609 * libtapi 1100.0.11 * cctools 973.0.1 * Xcode 12.1 * macOS SDK 10.15.6 which are currently the most recent releases available as open source. See upstream [`cctools`](https://github.com/tpoechtrager/cctools-port/commits/973.0.1-ld64-609) and [`libtapi`](https://github.com/tpoechtrager/apple-libtapi/tree/1100.0.11). This should improve the possibility of Apple ARM cross-compilation in depends. This also removes our [patching out of pthreads usage](https://github.com/bitcoin/bitcoin/blob/master/depends/patches/native_cctools/ld64_disable_threading.patch) in `ld64`. There have been multiple changes since `ld64 450.3`, which have likely fixed the non-determinism we were working around. i.e from [InputFiles.cpp](https://opensource.apple.com/source/ld64/ld64-609/src/ld/InputFiles.cpp.auto.html): ```cpp // <rdar://problem/15002251> make implicit dylib order be deterministic by sorting by install_name std::sort(implicitDylibs.begin(), implicitDylibs.end(), DylibByInstallNameSorter()); ``` ```cpp // <rdar://problem/42675402> ld64 output is not deterministic due to dylib processing order std::sort(unprocessedDylibs.begin(), unprocessedDylibs.end(), [](const ld::dylib::File* lhs, const ld::dylib::File* rhs) { return strcmp(lhs->path(), rhs->path()) < 0; }); ``` Guix Build: ```bash find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum f6c3817b8fe5f7370299d1ae2533e4a3acd313ba9f9aa8d423a8956117e52dd5 guix-build-a5550f877a2c/output/dist-archive/bitcoin-a5550f877a2c.tar.gz 4954dcf563c2d496b8d9fecd48f8e3f7fba2f319ffa254a5bc8ee12cfee6acf0 guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx-unsigned.dmg 8f6095b445c7f1a8e6accd86bb7f0696d5849402084927d2b726b7d557831c3a guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx-unsigned.tar.gz cc40f25477b4defc1617ae694313d80f307ddf6742fe6cc85c6bc0e215ef8be0 guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx64.tar.gz ``` Gitian Build: ```bash Generating report 506a8abdefe559999b43dd9f14905b9b2b5a3363b1cd013d45ae47acc1f7ef6c bitcoin-a5550f877a2c-osx-unsigned.dmg f606997f74026dd12d110d683c6f116b40df324836904ef507dd7ac787e6ebe2 bitcoin-a5550f877a2c-osx-unsigned.tar.gz 5b495ef15f2c3260c2950921b61326912a9bf533cccd51e13818809fd225489e bitcoin-a5550f877a2c-osx64.tar.gz f6c3817b8fe5f7370299d1ae2533e4a3acd313ba9f9aa8d423a8956117e52dd5 src/bitcoin-a5550f877a2c.tar.gz 9eb0221e962d2839770963bd03c6c9e98e8bf3078566bee2ae42f06233a710fa bitcoin-core-osx-22-res.yml Done. ``` ACKs for top commit: hebasto: ACK a5550f877a2c46d01bb620ae051c0c8ed0fecd0b Tree-SHA512: 504c4b0f9cd3b939714a322298320c5bde07e9356a48a9a000060b36f8dce4d6134ed60c3a5188810476a28ec5b108733eabbc6fb8053231b9ea8a494cc91b12 |
||
|
W. J. van der Laan
|
dfd1045284 |
Merge #21375: guix: Misc feedback-based fixes + hier restructuring
7476b46f1893a4858616d2a8456a7c43238851ed guix: Build dmg as a static binary (Carl Dong)
06d6cf6784421290e6235fe8684d5e08ed6f1b62 depends: libdmg-hfsplus: Skip CMake RPATH patching (Carl Dong)
65176ab5730dff34466caaecdd292625ef8294fc guix: Remove codesign_allocate+pagestuff from unsigned tarball (Carl Dong)
ca85679eb43b8375a95d82101977829d08fb1e1b guix: Use clang-toolchain instead of clang (Carl Dong)
1aec0eda8fd31a57b0621eea616398017c2ead98 guix: Fallback to local build for substitute-enabled Guix users (Carl Dong)
1742f8e12d163852df09575e03edcd3db73198ee guix: Add early health check for guix-daemon (Carl Dong)
c1ae726a13ecfa5e7e9fdc3030a8110b8bb263f8 guix: More thoroughly control native toolchain (Carl Dong)
39741128d3775d198dbee34dc827353bfd18acd8 guix: Supply --link-profile (Carl Dong)
d55a1056ee565afed64e42d6f6efb6b0adc5599b guix: Add troubleshooting documentation entries (Carl Dong)
7f401c953f8bb3574cec48561e13ef3b47dedc6e guix: Adapt guix-build to prelude, restructure hier (Carl Dong)
4eccf063b252bfe256cf72d363a24cf0183e926e guix: Remove guix-build.sh filename extension (Carl Dong)
7753357a7bae98ec775c707b9dec4cea1e945802 guix: Add source-able bash prelude and utils (Carl Dong)
e5b49a01f5d0f631e7f08f86ca8a2c2b8213319f guix: Create windeploy inside distsrc-* (Carl Dong)
3e9982ab3877eb8fe0a8c0cb3d847ac0913c7336 contrib: Silence git-describe when looking for tag (Carl Dong)
d5a71e97853ea9e1b879e8c76bfb01d4bef33172 guix: Use --cores instead of --max-jobs (Carl Dong)
Pull request description:
This PR addresses a few hiccups encountered by the brave souls who've been experimenting with the Guix scripts:
- Resolves confusion between `--cores=` and `--max-jobs=`
- `guix`'s `--cores=` actually corresponds to make's `--jobs=`, so let's just control `--cores=` with our overridable env var
- `git-describe` will scream `fatal: no tag exactly matches '<hash>'` when looking for a tag, but we don't care, so silence that
- `windeploy/unsigned` should be inside `distsrc-*` and created idempotently (sorry I know this one annoyed people)
- Add troubleshooting documentation to `README.md`
- Add early health check for `guix-daemon` in case user forgot to start a `guix-daemon`
- Depending on configuration, a `--fallback` flag may be needed to tell Guix to not fail if substitutes fail but fallback to building locally
- `codesign_allocate` and `pagestuff` are now unnecessary for codesigning as we're now using `signapple`
A few robustness changes are also included:
- We supply the `--link-profile` flag, as some Guix packages may expect the profile to be available under `$HOME/.guix-profile`
- We now clear and manually set all toolchain-related env vars (e.g. `C*_INCLUDE_PATH`) ourselves, after patching a Qt::moc bug
- We use the native `clang-toolchain` package for darwin builds instead of `clang`, lining up with all our other toolchain packages.
Finally, we restructure the guix building hierarchy such that it looks something like:
```
guix-build-<short-hash-or-version-tag>
├── distsrc-<short-hash-or-version-tag>-${HOST}
│ ├── contrib
│ ├── depends
│ ├── src
│ └── ...
├── distsrc-<short-hash-or-version-tag>-...
└── output
├── dist-archive
│ └── bitcoin-<short-hash-or-version-tag>.tar.gz
├── *-linux-*
│ ├── bitcoin-<short-hash-or-version-tag>-*-linux-*-debug.tar.gz
│ └── bitcoin-<short-hash-or-version-tag>-*-linux-*.tar.gz
├── x86_64-apple-darwin18
│ ├── bitcoin-<short-hash-or-version-tag>-osx64.tar.gz
│ ├── bitcoin-<short-hash-or-version-tag>-osx-unsigned.dmg
│ └── bitcoin-<short-hash-or-version-tag>-osx-unsigned.tar.gz
└── x86_64-w64-mingw32
├── bitcoin-<short-hash-or-version-tag>-win64-debug.zip
├── bitcoin-<short-hash-or-version-tag>-win64-setup-unsigned.exe
├── bitcoin-<short-hash-or-version-tag>-win64.zip
└── bitcoin-<short-hash-or-version-tag>-win-unsigned.tar.gz
```
Separating guix builds by their version identifier (basically namespacing them) allows us to change the layout in the future without worry about potential naming conflicts.
ACKs for top commit:
sipa:
ACK 7476b46f1893a4858616d2a8456a7c43238851ed
laanwj:
ACK 7476b46f1893a4858616d2a8456a7c43238851ed
Tree-SHA512: 0e899aa941aafdf552b2a7e8a08131ee9283180bbef7334439e2461a02aa7235ab7b9ca9c149b80fc5d0a9f4bbd35bc80fcee26197c0836ba8eaf2d86ffa0386
|
||
|
Wladimir J. van der Laan
|
5fda1ea15a |
Merge #21337: guix: Update darwin native packages dependencies
c967fb7fb97a86fc434912d0fff621f9f50dfe80 guix: Remove libcap from manifest (Hennadii Stepanov) 7bbb409314c63750a9731dedaaf6dd6ecd17d988 guix: Update darwin native packages dependencies (Hennadii Stepanov) Pull request description: It is a #20470 follow up. ACKs for top commit: fanquake: ACK c967fb7fb97a86fc434912d0fff621f9f50dfe80 Tree-SHA512: 66ce05770f578ba61a44c58747c5a2669f425a989ed987838058bd86e3b49e342ac5a4f8852fc49f2b3a86b58fb6a340fdf3e34c1fc19bdab910729febba4bc7 |
||
|
fanquake
|
af614fece0 |
Merge #21298: guix: Bump time-machine, glibc, and linux-headers
c33b199456e57d83c21eacd36d3c56d0a123b0d0 guix: Bump glibc and linux-headers (Carl Dong)
65363a1bd8b886f5aef5fbc97ca88c9c9b243b21 guix: Rebase on 95aca2991b (1.2.0-12.dffc918) (Carl Dong)
Pull request description:
On bumping the time-machine:
```
A few changes which are useful for us:
1. 'gnu: cross-gcc-arguments: Enable 128 bit long double for POWER9.' is
now merged into master.
2. gnutls is bumped to 3.6.15 and the temporal test failure in
status-request-revoked is fixed. Note that this does not fix the case
where one has installed Guix v1.2.0 and is running a substitute-less
bootstrap build, since the `guix time-machine` command itself has a
dependency on gnutls v3.6.12 (the one with the broken test) and will
thus try to build it before attempting to jump forwards in time. This
does however, mean that those who build a version of Guix that also
contains this fix will not go backwards in time to build the broken
gnutls v3.6.12.
```
On bumping the rest:
```
Bump glibc and linux-headers to match those of our Gitian counterparts.
We also require a glibc >= 2.28 for the test-symbol-check scripts to
work properly.
The default BASE-GCC-FOR-LIBC also has to be bumped since glibc 2.31
requires a gcc >= 6.2
```
This is a prerequisite for #20980
ACKs for top commit:
fanquake:
ACK c33b199456e57d83c21eacd36d3c56d0a123b0d0 - I think going ahead with this now and to sycn back up to gitian is fine. It will also unblock #20980. Potential code signing related issues can be sorted out in #21239 and later PRs.
Tree-SHA512: 31f022aadb93ba44813b0da005b1f2e5d67d76e8cdcdb53368924d1ea6cb076a21218c26831a6b0dcdcfe33507f54934330489ba557371d740f5587b7d727b95
|
||
|
fanquake
|
9c8f5f71dc |
partial Merge #21089: guix: Add support for powerpc64{,le}
95990b9f3278360b63e79d6975af4ab5009c66ba guix: Update conservative space requirements (Carl Dong)
5e6df1132656995ce5b9ce279d5a9808ea52ab32 guix: Add support for powerpc64{,le} (Carl Dong)
Pull request description:
```
The new time-machine commit contains a few small changes that make the
powerpc cross-toolchain work.
```
See this compare to review my custom patches to Guix:
|
||
|
Wladimir J. van der Laan
|
cd0d7d2991 |
Merge #21088: guix: Jump forwards in time-machine and adapt
d02076b8852d8faae95cee6e3de434460c07412a guix: Jump forwards in time-machine and adapt (Carl Dong)
f8ca8c5c28d3050b780e67d47a50ac65fc2dc3ad guix: Supply --keep-failed for debugging (Carl Dong)
Pull request description:
```
The new time-machine commit is Guix v1.2.0 with a yet-unupstreamed patch
for NSIS.
A few important changes:
1. Guix switched back from using CPATH to C{,PLUS}_INCLUDE_PATH as the
way to indicate #include search paths.
2. GCC's library is now split into a separate output, whereas before it
was included in the default output. This means that our gcc toolchain
packages need to propagate that output.
3. A few package versions were bumped
```
See this compare to review my custom patches to Guix: https://github.com/dongcarl/guix/compare/version-1.2.0...7d6bd44da57926e0d4af25eba723a61c82beef98
ACKs for top commit:
laanwj:
ACK d02076b8852d8faae95cee6e3de434460c07412a
Tree-SHA512: 896d5bf1b6e5fda2f0106013c568c119bbbb86cb31a8c0a22432bada9b7da51678b96374bf8fd7c15353698ba47ac9dd39874d40c39001281471db7c78bf1705
|
||
|
fanquake
|
a6e7dda55b |
Merge #17920: guix: Build support for macOS
f1694757ddbcb3635213b085e864851e285c8c12 guix: Fix typo (Carl Dong)
771c4b98a8693eee642f2b118b3193fe6e022291 guix: README: Add darwin HOSTS entry (Carl Dong)
8dbf18cb1d3260d34ba822ceb12e67b1f124ea13 guix: Check for macOS SDK before building anything (Carl Dong)
34b23f597ec52efb795d72e9e5620712d0010edd guix: Set ZERO_AR_DATE for darwin build determinism (Carl Dong)
f3835dc6a3732dcd4afbb5987f84dc27f2bf55af build: Make xorrisofs reproducible with -volume_date (Carl Dong)
c9eb4cf3a0f81bfd72f06fd43b5610f0a4f5e804 guix: Add support for darwin builds (Carl Dong)
37fe73a092b08fe9d7ce636a1021429de6cda757 build: Add var printing target to src/Makefile.am (Carl Dong)
Pull request description:
This PR brings our Guix builds on par with Gitian in terms of supported architectures.
Reviewers: if you run a build, please submit:
```
find output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
```
So that we can compare hashes and ensure reproducibility!
ACKs for top commit:
fanquake:
ACK f1694757ddbcb3635213b085e864851e285c8c12 - I think we can make some small usability improvements, but this is ok to merge now.
Tree-SHA512: 4af2b71654a9736467dcc681d10601c6eee37800d7847011a50585455b67b55d61742ca5604585f310a2fd75335b674e5e27dfb5169cb2f26e112aa4c411d8be
|
||
|
fanquake
|
1c79710e65 |
Merge #20937: guix: Make nsis reproducible by respecting SOURCE-DATE-EPOCH
1fca9811e1331ac5dae8188f6178cc37da4929a7 lint: Skip whitespace lint for guix patches (Carl Dong) a91c46c57d88fc399432afab7bb0fb14c3e490a7 guix: Make nsis reproducible by respecting SOURCE-DATE-EPOCH (Carl Dong) Pull request description: ``` When building nsis, if VERSION is not specified, it defaults to cvs_version which is non-deterministic as it includes the current date. This patches nsis to default to SOURCE_DATE_EPOCH if it exists so that nsis is reproducible. Upstream change: https://github.com/kichik/nsis/pull/13 ``` Sidenote: also a good demonstration of how Guix allows us to flexibly patch our tools! Note to reviewers: if you want to compare hashes, please build after Jan 16th 2021 without my substitute server enabled! ACKs for top commit: fanquake: ACK 1fca9811e1331ac5dae8188f6178cc37da4929a7 Tree-SHA512: b800e0ce5f73827ad353739effb9167ec3a6bdb362c725ae20dd3f025ce78660f85c70ce1d75cd0896facf1e8fe38a9e058459ed13dec71ab3a2fe41e20eaa5d |
||
|
fanquake
|
700d46b26d |
Merge #18741: guix: Make source tarball using git-archive
bfe1ba2f5b36056e0c41edf8206b93d3d83098df rel-builds: Specify core.abbrev for git-rev-parse (Carl Dong) 27e63e01cce368d67092de8f0c736927d6f6aa69 build: Accomodate makensis v2.x (Carl Dong) 1f2c39a30e0f82046c7aecddfda3eb99cb536816 guix: Remove logical cores requirement (Carl Dong) a4f6ffa71e335d4b2a6bf525b7f416968f9cd9f7 lint: Also enable source statements for non-gitian (Carl Dong) d256f91cb1b0d6ff5170106b99b0266cbe51f5a2 rel-builds: Directly deploy win installer to OUTDIR (Carl Dong) fa791da02f9684e3fd554b687fb692ae6a23d65a nsis: Specify OutFile path only once (Carl Dong) 14701604d0904bc5bbf1c67de08f8ee6d3215523 guix: Expose GIT_COMMON_DIR in container as readonly (Carl Dong) f5a6ac4f48b18f93050d77bcb23f9cf45ec34647 guix: Make source tarball using git-archive (Carl Dong) 395c1137f630dc495ffb2752a23bc1dfd470ee53 gitian: Limit sourced script to just assignments (Carl Dong) Pull request description: Based on: #18556 Related: https://github.com/bitcoin/bitcoin/pull/17595#discussion_r399728721 ACKs for top commit: fanquake: ACK bfe1ba2f5b36056e0c41edf8206b93d3d83098df - I agree with Carl, and am going to merge this. I'd like for Linux Guix builds to be working again, and we can rebase #18818. Tree-SHA512: c87ada7e3de17ca0b692a91029b86573442ded5780fc081c214773f6b374a0cdbeaf6f6898c36669c2e247ee32aa7f82defb1180f8decac52c65f0c140f18674 |
||
|
fanquake
|
dff599acff |
Merge #17595: guix: Enable building for x86_64-w64-mingw32 target
a35e3235891d35daa167116cc70340140e883f06 guix: Appease travis. (Carl Dong) 0b66d22da5f53640e22f05adf880782c613e6d0f guix: Use gcc-9 for mingw-w64 instead of 8 (Carl Dong) ba0b99bdd613ba7f17c6247ece3001e1b44759a3 guix: Don't set MINGW_HAS_SECURE_API CFLAG in depends (Carl Dong) 93439a71eda49fb69f1e82966a23a946733aa6fa guix: Bump to upstream commit with mingw-w64 changes (Carl Dong) 35a96792dda9e78165b1598aeac7b2ab759e7be5 guix: Check mingw symbols, improve SSP fix docs (Carl Dong) 449d8fe25bbe25daacfc67aa89ca32b0a3254c5a guix: Expand on INT trap message (Carl Dong) 3f1f03c67a8e9edf487f08d272adb18b0a3942c8 guix: Spelling fixes (Carl Dong) ff821dd2a1c600488d11e7d9a20e9179ecc9144b guix: Reinstate make-ssp-fixed-gcc (Carl Dong) 360a9e0ad50a36ec79a1a160dbed3966689fd41c guix: Bump time-machine for mingw-w64 patches (Carl Dong) 93e41b7e3b54c17fd1b4c61ee95fc0dc2827e954 guix: Use gcc-8 for mingw-w64 instead of 7 (Carl Dong) ef4f7e4c45c60a69406134122f091c77c6ef740f guix: Set the well-known timezone env var (Carl Dong) acf4b3b3b5accf60a19441a0298ef27001b78e72 guix: Make x86_64-w64-mingw32 builds reproducible (Carl Dong) c4cce00eac691625b78b92f7dba0b7f57def19e5 guix: Remove dead links from README. (Carl Dong) df953a4c9a6143f45864757b706c88b6fa70545a guix: Appease shellcheck. (Carl Dong) 91897c95e191d293eb27d8af15cbeafc5b8f3895 guix: Improve guix-build.sh documentation (Carl Dong) 570d769c6c59b9f6d1a2b95b2ed60432cb33b3ba guix: Build support for Windows (Carl Dong) Pull request description: ~~Based on: https://github.com/bitcoin/bitcoin/pull/16519~~ Based on: #17933 (Time Machines are... shall we say... superior 😁) This PR allows us to perform Guix builds for the `x86_64-w64-mingw32` target. We do this _without_ splitting up the build script like we do in Gitian by using this newfangled alien technology called `case` statements. (This is WIP and might be changed to `if` statements soon) ACKs for top commit: fanquake: ACK a35e3235891d35daa167116cc70340140e883f06 2/3 Tree-SHA512: c471951c23eb2cda919a71285d8b8f2580cb20f09d5db17b53e13dbd8813e01b3e7a83ea848e4913fd0f2bc12c6c133c5f76b54e65c0d89fed4dfd2e0be19875 |
||
|
fanquake
|
355a735e78 |
Merge #18320: guix: Remove now-unnecessary gcc make flag
0ae42a16c766a7ecb8711bfad6f22b8581ea0258 guix: Remove now-unnecessary gcc make flag (Carl Dong)
Pull request description:
```
Previously, Guix would produce a gcc which did not know to use the SSP
function from glibc, and required a gcc make flag for it to do so, in my
attempt to fix it upstream I realized that this is no longer the case.
This can be verified by performing a Guix build and doing
readelf -s ... | grep __stack_chk
to check that symbols are coming from glibc, and doing
readelf -d ... | grep NEEDED | grep ssp
to see that libssp.so is not being depended on
```
ACKs for top commit:
fanquake:
ACK 0ae42a16c766a7ecb8711bfad6f22b8581ea0258 - ran a Guix build (hashes below) and checked all the linux binaries:
Tree-SHA512: 701b91e7c323b12a29af9539cb2656d10ce0a93af573a02e57f0b7fea05a6e1819798536eadb24d0a17e7f35b503f5e863fee5e7409db1b8a3973c4375e49d4e
|
||
|
MarcoFalke
|
8a293adb88 |
partial Merge #17351: doc: Fix some misspellings
ac831339cbfa65b1f7576c53b5d9a94841db9868 doc: Fix some misspellings (randymcmillan)
Pull request description:
Here is a more thorough lint-spelling update.
This PR takes care of easy to fix spelling errors to clean up the linting stages.
There are misspellings coded into the functional tests.
That is a whole separate job within itself.
ACKs for top commit:
practicalswift:
ACK ac831339cbfa65b1f7576c53b5d9a94841db9868 -- diff looks correct
Tree-SHA512: d8fad83fed083715655f148263ddeffc6752c8007d568fcf3dc2c418ccd5db70089ce3ccfd3994fcbd78043171402eb9cca5bdd5125287e22c42ea305aaa6e9d
|
||
|
Wladimir J. van der Laan
|
aec7441ac2 |
Merge #15277: contrib: Enable building in Guix containers
751549b52a9a4cd27389d807ae67f02bbb39cd7f contrib: guix: Additional clarifications re: substitutes (Carl Dong) cd3e947f50db7cfe05c05b368c25742193729a62 contrib: guix: Various improvements. (Carl Dong) 8dff3e48a9e03299468ed3b342642f01f70da9db contrib: guix: Clarify SOURCE_DATE_EPOCH. (Carl Dong) 3e80ec3ea9691c7c89173de922a113e643fe976b contrib: Add deterministic Guix builds. (Carl Dong) Pull request description: ~~**This post is kept updated as this project progresses. Use this [latest update link](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-497303718) to see what's new.**~~ Please read the `README.md`. ----- ### Guix Introduction This PR enables building bitcoin in Guix containers. [Guix](https://www.gnu.org/software/guix/manual/en/html_node/Features.html) is a transactional package manager much like Nix, but unlike Nix, it has more of a focus on [bootstrappability](https://www.gnu.org/software/guix/manual/en/html_node/Bootstrapping.html) and [reproducibility](https://www.gnu.org/software/guix/blog/tags/reproducible-builds/) which are attractive for security-sensitive projects like bitcoin. ### Guix Build Walkthrough Please read the `README.md`. [Old instructions no. 4](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-497303718) [Old instructions no. 3](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-493827011) [Old instructions no. 2](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-471658439) <details> <summary>Old instructions no. 1</summary> In this PR, we define a Guix [manifest](https://www.gnu.org/software/guix/manual/en/html_node/Invoking-guix-package.html#profile_002dmanifest) in `contrib/guix/manifest.scm`, which declares what packages we want in our environment. We can then invoke ``` guix environment --manifest=contrib/guix/manifest.scm --container --pure --no-grafts --no-substitutes ``` To have Guix: 1. Build an environment containing the packages we defined in our `contrib/guix/manifest.scm` manifest from the Guix bootstrap binaries (see [bootstrappability](https://www.gnu.org/software/guix/manual/en/html_node/Bootstrapping.html) for more details). 2. Start a container with that environment that has no network access, and no access to the host's filesystem except to the `pwd` that it was started in. 3. Drop you into a shell in that container. > Note: if you don't want to wait hours for Guix to build the entire world from scratch, you can eliminate the `--no-substitutes` option to have Guix download from available binary sources. Note that this convenience doesn't necessarily compromise your security, as you can check that a package was built correctly after the fact using `guix build --check <packagename>` Therefore, we can perform a build of bitcoin much like in Gitian by invoking the following: ``` make -C depends -j"$(nproc)" download && \ cat contrib/guix/build.sh | guix environment --manifest=contrib/guix/manifest.scm --container --pure --no-grafts --no-substitutes ``` We don't include `make -C depends -j"$(nproc)" download` inside `contrib/guix/build.sh` because `contrib/guix/build.sh` is run inside the container, which has no network access (which is a good thing). </details> ### Rationale I believe that this represents a substantial improvement for the "supply chain security" of bitcoin because: 1. We no longer have to rely on Ubuntu for our build environment for our releases ([oh the horror]( |