Commit Graph

1339 Commits

Author SHA1 Message Date
Kittywhiskers Van Gogh
f6869929d8 build: obey bitcoin#22993 by setting macOS target to Darwin 19 2023-06-29 12:31:03 -05:00
Kittywhiskers Van Gogh
63c4e2456b
build: follow up to #5449. implementing suggestions and deduplication (#5464)
## Additional Information

* Based on suggestions by @knst made
[here](https://github.com/dashpay/dash/pull/5449#issuecomment-1609937147)
and
[here](https://github.com/dashpay/dash/pull/5426#discussion_r1241789033)
2023-06-28 13:59:16 -05:00
Kittywhiskers Van Gogh
ddb38f42da contrib: move context to repository root, use additional context for copy 2023-06-27 20:24:08 +05:30
Kittywhiskers Van Gogh
38b8344ea5 contrib: create Guix container with interactive abilities 2023-06-27 20:24:08 +05:30
Kittywhiskers Van Gogh
a283002d97 contrib: remove no longer needed packages after bitcoin#23909 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
51675eef1d merge bitcoin#25558: Make windows cross architecture reproducible 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
cc1fcb0f44 merge bitcoin#25490: more cross arch reproducibility (x86_64 -> arm64) 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
fe4b87cabb merge bitcoin#25076: native GCC 10 toolchain for Linux builds 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
4a36086368 merge bitcoin#25006: consolidate kernel headers to 5.15, specify 3.2.0 as minimum supported 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
808367dd7c merge bitcoin#24842: fix GCC 10.3.0 + mingw-w64 setjmp/longjmp issues 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
edf48e4c38 merge bitcoin#24736: fix vmov alignment issues with gcc 10.3.0 & mingw-w64 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
17103b90f9 merge bitcoin#25779: ignore additional failing certvalidator test 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
cc9f59d0fb merge bitcoin#24573: Update signapple for platform identifier fix 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
817eb46170 merge bitcoin#24506: Include arch in codesignature tarball 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
7900670bbe merge bitcoin#24503: use the latest version of signapple 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
7110c364fa merge bitcoin#24599: remove mingw-w64 std::filesystem workaround 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
51db0059e7 merge bitcoin#24489: Move guix time machine to prelude 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
f4799b172c merge bitcoin#24484: use same commit for codesigning time-machine 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
f739811061 merge bitcoin#24348: Fix Guix build for Windows 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
80d06e8447 merge bitcoin#24057: point to recent commit on the master branch 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
cceee366ba merge bitcoin#24042: Point Guix to the current top of the "version-1.4.0" branch 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
1aa7bdd074 merge bitcoin#25313: re-revert risc-v execstack workaround 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
569188e0b0 merge bitcoin#24495: only use native GCC 7 toolchain for Linux builds 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
1158ebb2e6 merge bitcoin#23778: Guix 1.4.0 & GCC 10.3 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
b1dd417f26 merge bitcoin#23909: use a static .tiff for macOS .dmg over generating 2023-06-18 11:47:54 -05:00
Andrew Chow
8f5ffef6b4 Merge bitcoin/bitcoin#27172: guix: switch to some minimal versions of packages in our manifest
2c9eb4afe1f583aafa552b2711b149f17ef8320f guix: use cmake-minimal over cmake (fanquake)
1475515312856afe3f19a95f2c32bc80c7c54484 guix: use coreutils-minimal over coreutils (fanquake)
444562141504ff7f0bb071d6e7bf7f511517e372 guix: use bash-minimal over bash (fanquake)

Pull request description:

  Minimal versions of the same packages, that should still be sufficient for our use:

  > (define-public bash-minimal
    ;; A stripped-down Bash for non-interactive use.

  > (define-public coreutils-minimal
    ;; Coreutils without its optional dependencies.

  > ;;; This minimal variant of CMake does not include the documentation.  It is
  ;;; used by the cmake-build-system.
  (define-public cmake-minimal

ACKs for top commit:
  TheCharlatan:
    ACK 2c9eb4afe1f5
  Sjors:
    tACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f
  achow101:
    ACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f
  hebasto:
    ACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f,

Tree-SHA512: f91ca9e088b8346b20c2affc80870c31640de3aedcfcc0fb98a5e82c77ef64537870b88552f26759d31d8d0956b1fd685e6c25d5acbc92f5feaececd1a7dd37e
2023-06-10 17:40:23 -05:00
fanquake
14e18f8501 Merge bitcoin/bitcoin#27361: guix: use python-minimal (3.9)
d0e571ebb187d7c4c2821f1334cb2dd4222dd8ce guix: use python-minimal (3.9) (fanquake)

Pull request description:

  This further minifies the Guix release build environment.

ACKs for top commit:
  TheCharlatan:
    ACK d0e571ebb187
  hebasto:
    ACK d0e571ebb187d7c4c2821f1334cb2dd4222dd8ce

Tree-SHA512: 0a8aa9ae861107f106c3b9c41f78ffbaf0e71e3c61f6d96e5c82415b4570b8ac85d6578d37cd0df0ec315c1c9f35fc90b281f139271ccfd15a1495ba76166789
2023-06-10 17:40:23 -05:00
Wladimir J. van der Laan
487395c8f1 Merge #20906: contrib: embed C++11 patch in install_db4.sh
92370033a2606ee88f4d080193e0bf6da481dc2e contrib: embed C++11 patch in install_db4.sh (jackielove4u)

Pull request description:

  This is a continuation of https://github.com/bitcoin/bitcoin/pull/20665.

  Closes #20722.

ACKs for top commit:
  laanwj:
    ACK 92370033a2606ee88f4d080193e0bf6da481dc2e
  fanquake:
    ACK 92370033a2606ee88f4d080193e0bf6da481dc2e.

Tree-SHA512: ebfd16f5301158de1acc1b8eeca43b3d94f0a6d438832133a30648e5e8a88268b4af983be0bb57f3018e3af8459f32f0de676c1b4e8942e199a4497c776631c5
2023-06-10 17:40:23 -05:00
Kittywhiskers Van Gogh
3c8088f2e8 merge bitcoin#26075: remove 32bit linux code from release scripts 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
ecb9ff8062 merge bitcoin#25458: parallelize LIEF build 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
e91a62be3c merge bitcoin#24561: use LIEF 0.12.0 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
77539574a7 merge bitcoin#20422: mac deployment unification 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
f2a5b472fd merge bitcoin#23148: Fix guix linker-loader path and add check_ELF_interpreter 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
e39a1de731 merge bitcoin#23839: build with and test for control flow instrumentation on x86_64 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
38c3bd0b61 merge bitcoin#23838: make security checks architecture independent 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
bd2135fbd5 merge bitcoin#23811: match on EXE_FORMATS rather than name string 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
1e9278ea11 merge bitcoin#23535: check for control flow instrumentation 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
110dbf82e8 merge bitcoin#22392: use LIEF for ELF security & symbol checks 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
cdedbea0b4 merge bitcoin#21889: check for control flow instrumentation 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
853583019b fix: add exception for 32-bit ARM builds which need glibc 2.28
note: focal uses glibc 2.31, which is used by gitian, so our build
      environment has support for a version of glibc that far exceeds
      our maximum supported version (2.28). this could be remedied by
      switching to debian buster (oldstable) which uses 2.28.
2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
24a6642b6f partial bitcoin#22381: Test security-check sanity before performing them (with macOS)
excludes:
- d6ef3543ae16847d5a91fa9271acee9bd2164b32
2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
d4a8d49e56 merge bitcoin#21428: Cleanup in test-{security,symbol}-check.py 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
1be3afd82c merge bitcoin#21255: run test-symbol-check for RISC-V 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
ef65f610bb merge bitcoin#21871: add checks for minimum required OS versions 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
067d4a4541 merge bitcoin#20608: add symbol check test for PE binaries 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
ef9300ad63 merge bitcoin#21664: use LIEF for macOS and Windows symbol & security checks 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
994fb5739c merge bitcoin#18434: add a test-security target and run it in CI 2023-06-07 14:40:37 +05:30
fanquake
50cac39d9d Merge #19669: contrib: Fixup valgrind suppressions file
fa5288cf5c50d014f046b7741f6da69529037933 contrib: Fixup valgrind suppressions file (MarcoFalke)

Pull request description:

  I am observing this one on bionic with system boost::fs:

  ```
  {
     <insert_a_suppression_name_here>
     Memcheck:Cond
     fun:__wcsnlen_avx2
     fun:wcsnrtombs
     fun:_ZNKSt7codecvtIwc11__mbstate_tE6do_outERS0_PKwS4_RS4_PcS6_RS6_
     fun:_ZN5boost10filesystem11path_traits7convertEPKwS3_RNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKSt7codecvtIwc11__mbstate_tE
     fun:_ZN5boost10filesystem6detail11unique_pathERKNS0_4pathEPNS_6system10error_codeE
  ...

ACKs for top commit:
  practicalswift:
    ACK fa5288cf5c50d014f046b7741f6da69529037933 -- patch looks correct

Tree-SHA512: 067e10e932a7f5b13e516134e0cfd3030265c1b582cdfde1cea97042e31399aa40c4590710a39429854c68ad703a0ae9f0b06e9af4cdd81e3cacb042939a84b6
2023-06-07 01:50:18 -05:00
fanquake
316f6b1895 Merge #19159: test: Make valgrind.supp work on aarch64
fab7d954b261d74b369fe2a3c1785540c4f056b4 test: Make valgrind.supp work on aarch64 (MarcoFalke)

Pull request description:

  Was easy to fix by simply removing a line

ACKs for top commit:
  practicalswift:
    ACK fab7d954b261d74b369fe2a3c1785540c4f056b4 -- diff looks correct

Tree-SHA512: d2d7c6cac453a3177c20e256ec50a03066f8dbf5ae45299077ccf4a2b45a3a40252b1b5fcaf9224a59bb5c3df5bd90ac58af27eb0f47dc87c2640df5b2b460ca
2023-06-07 01:50:18 -05:00
MarcoFalke
86094b631e Merge #17725: ci: Add valgrind run
facb416ad5ba47b01ee52c273a5c5e3709f06f07 ci: Add valgrind run (MarcoFalke)

Pull request description:

  Fixes #17460

ACKs for top commit:
  practicalswift:
    ACK facb416ad5ba47b01ee52c273a5c5e3709f06f07

Tree-SHA512: 55396e548a76f976d7b7170b68bc5f93cfd44656162267172f66db7eb549699a2a22d3b1bb0d5f180fe0697931939e652c8cdb86b435e81e7ce572485798009d
2023-06-07 01:50:18 -05:00
Kittywhiskers Van Gogh
772ec4c536 merge bitcoin#22305: Avoid fcntl64@GLIBC_2.28 in libsqlite3.a 2023-05-31 11:06:40 -05:00
Kittywhiskers Van Gogh
0fcc90cd3a partial bitcoin#20963: Build binaries for 64-bit POWER
excludes changes to gitian-linux that would make POWER64
a target platform for builds
2023-05-31 11:06:40 -05:00
Kittywhiskers Van Gogh
4c1a00e012 merge bitcoin#24639: Drop code for the unsupported i686-linux-gnu host 2023-05-31 11:06:40 -05:00
Kittywhiskers Van Gogh
8eab21bd33 contrib: add symbols and libraries used by dash 2023-05-31 11:06:40 -05:00
Kittywhiskers Van Gogh
729c6259dd contrib: update install_db4 to integrate previous backport contents
contains portions of:
- 1ac454a384
- 3352da8da1
- fac86ac7b3
- 8c9b8a3668

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2023-05-27 23:15:24 +05:30
Kittywhiskers Van Gogh
7a2e27f0a9 merge bitcoin#16086: use newer config.guess & config.sub in install_db4.sh 2023-05-27 23:15:24 +05:30
Kittywhiskers Van Gogh
d561e63cf9 merge bitcoin#14883: add --retry 5 to curl opts in install_db4.sh 2023-05-27 23:15:24 +05:30
Kittywhiskers Van Gogh
e0ffea36d7 merge bitcoin#11943: fix typo in install_db4.sh help message 2023-05-27 23:15:24 +05:30
Kittywhiskers Van Gogh
9be6231cff merge bitcoin#12095: Use BDB_LIBS/CFLAGS and pass --disable-replication 2023-05-27 23:15:24 +05:30
Kittywhiskers Van Gogh
47fe7335c0 merge bitcoin#11945: Improve BSD compatibility of contrib/install_db4.sh 2023-05-27 23:15:05 +05:30
Kittywhiskers Van Gogh
cb5ac0d292 merge bitcoin#11702: Add a script for installing db4 2023-05-27 23:15:05 +05:30
Kittywhiskers Van Gogh
4963660b15
ci: build TSan with clang 15 and add -Werror=thread-safety, fix-up stacktraces (#5375)
## Description

Pull request was inspired by the need to debug lock problems when
working on https://github.com/dashpay/dash/pull/5352.

As far as I'm aware, only macOS has `-Werror=thread-safety` as part of
its default `CXXFLAGS` despite the capability being present on Linux as
well. This PR introduces thread safety checks for that into our thread
sanitizer build.

Additionally, since we're using Clang, something that on first glimpse,
appears to be something that `stacktraces.cpp` isn't happy with, due to
`-Wl,-wrap` being available only on GCC, that no longer seems to be the
case, since the version of Clang with comes with `focal`, its `lld`
_does_ have support for `-wrap` (see [man page for `lld` on
`focal`](https://manpages.ubuntu.com/manpages/focal/en/man1/lld.1.html)).

The current `stable` version of Clang/LLVM is 15, at the time of this
pull request (see https://apt.llvm.org/) but `focal` ships with an older
version, requiring us to use the official LLVM APT repository. I feel we
should be testing with recent compilers alongside the ones shipped by
LTS distributions.

Certain bugs are only made apparent when testing on rolling release
distros or distros that have faster update cycles, like Fedora (see
https://github.com/dashpay/dash/pull/5295 for an illustration of that),
which ship with more recent compilers. Until we overhaul our CI systems
to test using those distros directly (our current infrastructure is
centered around using a "development image" with an LTS distro as the
base), this is the best we can do.

A similar pull request testing against the latest GCC stable will be
welcome as that is currently outside the scope of this PR as the changes
made were to make sure that builds were operating as expected on
Clang/LLVM 15.

---------

Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
2023-05-26 13:49:29 -05:00
Konstantin Akimov
b8b37f314b Merge #17891: scripted-diff: Replace CCriticalSection with RecursiveMutex
e09c701e0110350f78366fb837308c086b6503c0 scripted-diff: Bump copyright of files changed in 2020 (MarcoFalke)
6cbe6209646db8914b87bf6edbc18c6031a16f1e scripted-diff: Replace CCriticalSection with RecursiveMutex (MarcoFalke)

Pull request description:

  `RecursiveMutex` better clarifies that the mutex is recursive, see also the standard library naming: https://en.cppreference.com/w/cpp/thread/recursive_mutex

  For that reason, and to avoid different people asking me the same question repeatedly (e.g. https://github.com/bitcoin/bitcoin/pull/15932#pullrequestreview-339175124 ), remove the outdated alias `CCriticalSection` with a scripted-diff
2023-05-24 12:43:57 -05:00
PastaPastaPasta
16187c7670
ci: implement guix build by label request in CI (#5368)
## Issue being fixed or feature implemented
Automated guix builds in CI when specifically requested 

## What was done?
Any PR with the `build-guix` label added will automatically have the
Guix build ran and the hashes placed in the CI output to compare against


## How Has This Been Tested?
This PR

## Breaking Changes
None

## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-05-15 22:15:34 -05:00
thephez
490f32c8d1
chore: update dash_hash install and instructions (#5291)
## Issue being fixed or feature implemented
Install of dash_hash will change once
https://github.com/dashpay/dash_hash/pull/17/ is merged

## What was done?
- Changed install instructions to match new install in dash_hash README
- Updated Dockerfile to install correctly

## How Has This Been Tested?
N/A

## Breaking Changes
None

## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes
that apply. -->
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [x] I have made corresponding changes to the documentation
2023-05-11 20:19:45 -05:00
Kittywhiskers Van Gogh
a287a51b39 ci: update documentation to use focal instead of bionic 2023-05-11 09:18:48 -05:00
Kittywhiskers Van Gogh
8b054d49c7 ci: harmonize parent images, use focal consistently 2023-05-11 09:18:48 -05:00
UdjinM6
6542ea53eb
ci: clone dash_hash at a specific tag (#5369)
## Issue being fixed or feature implemented
should fix ci failures like
https://gitlab.com/dashpay/dash/-/jobs/4261565118 in #5291

## What was done?
Use the exact dash_hash version/tag instead of simply using `master`.
Bumping `DASH_HASH_VERSION` invalidates docker cache.

## How Has This Been Tested?
Ran it in my gitlab ci

## Breaking Changes
n/a


## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-05-11 12:26:07 +03:00
fanquake
a778ddd62f Merge #16477: build: skip deploying plugins we dont use in macdeployqtplus
1ac7b7f66bd53d2d719377c7e0ab8b38e970c88f scripts: filter more qt plugins we don't use in macdeployqtplus (fanquake)
57cdd0697d5c8fdae4a4c1da1cfa092916be87e7 scripts: misc cleanups in macdeployqtplus (fanquake)
51729a4dfacb5b8d3945d39fa581eaaa9ac9603d scripts: use format() in macdeployqtplus (fanquake)
1c37e81694efb08fea889d9f5151c91dbb74d025 scripts: add type annotations to macdeployqtplus (fanquake)

Pull request description:

  I frequently run `make deploy` while testing on macOS to get a properly light themed .app. With a brew installed Qt, this currently results in a pretty bloated executable:

  | branch | .app size | .dmg size | `make deploy` time |
  | ------- | --------- | --------- | --------------------- |
  | master (febf3a856bcfb8fef2cb4ddcb8d1e0cab8a22580) | 235mb | 86mb | 38s |
  | This PR (da98f6d470d236c027b7eb8b5f5552fdca04e803) | 51mb | 21mb | 22s |

  Similar change to dd367ff8c9.

  ```diff
                           'QtGui.framework'],
    'pluginPath': '/usr/local/opt/qt/plugins',
    'qtPath': '/usr/local/opt/qt'}
  -[('platforminputcontexts', 'libqtvirtualkeyboardplugin.dylib'),
  - ('geoservices', 'libqtgeoservices_esri.dylib'),
  - ('geoservices', 'libqtgeoservices_mapboxgl.dylib'),
  - ('geoservices', 'libqtgeoservices_nokia.dylib'),
  - ('geoservices', 'libqtgeoservices_itemsoverlay.dylib'),
  - ('geoservices', 'libqtgeoservices_osm.dylib'),
  - ('geoservices', 'libqtgeoservices_mapbox.dylib'),
  - ('sceneparsers', 'libgltfsceneexport.dylib'),
  - ('sceneparsers', 'libgltfsceneimport.dylib'),
  - ('platforms', 'libqwebgl.dylib'),
  +[('platforms', 'libqwebgl.dylib'),
    ('platforms', 'libqoffscreen.dylib'),
    ('platforms', 'libqminimal.dylib'),
    ('platforms', 'libqcocoa.dylib'),
    ('platformthemes', 'libqxdgdesktopportal.dylib'),
  - ('printsupport', 'libcocoaprintersupport.dylib'),
  - ('webview', 'libqtwebview_webengine.dylib'),
  - ('webview', 'libqtwebview_darwin.dylib'),
  - ('geometryloaders', 'libdefaultgeometryloader.dylib'),
  - ('geometryloaders', 'libgltfgeometryloader.dylib'),
    ('styles', 'libqmacstyle.dylib'),
  - ('canbus', 'libqttinycanbus.dylib'),
  - ('canbus', 'libqtpassthrucanbus.dylib'),
  - ('canbus', 'libqtvirtualcanbus.dylib'),
  - ('canbus', 'libqtpeakcanbus.dylib'),
    ('bearer', 'libqgenericbearer.dylib'),
  - ('imageformats', 'libqgif.dylib'),
  - ('imageformats', 'libqwbmp.dylib'),
  - ('imageformats', 'libqwebp.dylib'),
  - ('imageformats', 'libqico.dylib'),
  - ('imageformats', 'libqmacheif.dylib'),
  - ('imageformats', 'libqjpeg.dylib'),
  - ('imageformats', 'libqtiff.dylib'),
  - ('imageformats', 'libqicns.dylib'),
  - ('imageformats', 'libqtga.dylib'),
  - ('imageformats', 'libqmacjp2.dylib'),
  - ('texttospeech', 'libqtexttospeech_speechosx.dylib'),
  - ('generic', 'libqtuiotouchplugin.dylib'),
  - ('renderplugins', 'libscene2d.dylib'),
  - ('gamepads', 'libdarwingamepad.dylib'),
  - ('virtualkeyboard', 'libqtvirtualkeyboard_thai.dylib'),
  - ('virtualkeyboard', 'libqtvirtualkeyboard_openwnn.dylib'),
  - ('virtualkeyboard', 'libqtvirtualkeyboard_hangul.dylib'),
  - ('virtualkeyboard', 'libqtvirtualkeyboard_pinyin.dylib'),
  - ('virtualkeyboard', 'libqtvirtualkeyboard_tcime.dylib')]
  + ('generic', 'libqtuiotouchplugin.dylib')]
  ```

ACKs for top commit:
  laanwj:
    ACK 1ac7b7f66bd53d2d719377c7e0ab8b38e970c88f (purely Python code review and the fact that this passes travis, cannot run this on a mac)
  dongcarl:
    tested ACK 1ac7b7f66bd53d2d719377c7e0ab8b38e970c88f

Tree-SHA512: 5974eeaf7229bb5bde2b283c1331ec57ee87f624db146401f6b77dee4ee5502e0bd669958a46205f10398a371f8e6c91ddacb9f0e1943f9f7d042fb6de7957a8
2023-04-25 23:41:20 -05:00
MarcoFalke
83a7235c09 Merge #17801: doc: Update license year range to 2020
8dc9aa90c3c7990dd5b491937ddc0e39bc929d1c doc: Update license year range to 2020 (Emil Engler)

Pull request description:

  See #15061
  The same procedure as every year. Happy new year to all of you :)

Top commit has no ACKs.

Tree-SHA512: f2d924a739f6becc050a22cd0e37d97653ac1ef78ec645c98b5647ae2e65b9668851e24090d3ab3585503235113e1c48ea20580c35538afac5043026589bf830
2023-04-25 23:14:25 +03:00
fanquake
d65ac30e77 Merge bitcoin/bitcoin#24129: build: Fix xargs warnings for Guix builds
c73415bc10c1baa7988e1c55a0e9201df73a6c22 build: Fix xargs warnings for Guix builds (Hennadii Stepanov)

Pull request description:

  On master (e3ce019667fba2ec50a59814a26566fb67fa9125) there are warnings in `./contrib/guix/guix-build` logs:
  ```
  xargs: warning: options --max-args and --replace/-I/-i are mutually exclusive, ignoring previous --max-args value
  ```

  This PR fixes such warnings.

ACKs for top commit:
  prusnak:
    utACK c73415b

Tree-SHA512: a7b55f59afbb19b78f795cea64acacf29903cfcd5fd7c37a771b073c1f2ff54555a26f3d00c1c73a8ef588396217ddf598e32b2ae961559042cc051b0aad162a
2023-04-17 11:17:34 -05:00
PastaPastaPasta
026d3f5fd5
build: add --hardened-runtime for macos detached signature creation to enable notarization (#5332)
## Issue being fixed or feature implemented
Slightly changes the detached signature creation code 

## What was done?
Investigated what exactly needed to be done for notarization (docs to
come), tried it again, then when it failed as expected trying to figure
it out, then figuring it out :) simple change in the end.

## How Has This Been Tested?
created macOS detached sigs and notarized 19.0.0-rc.10 binaries and
ensured that all worked as expected. See binary attached here (sha256
3829e863831b05c3d76785540183bee556c4bab03dac98f5872df06668b9cb20)

[dashcore-19.0.0-rc.10-osx.dmg.zip](https://github.com/dashpay/dash/files/11246273/dashcore-19.0.0-rc.10-osx.dmg.zip).
You can also do a signed gitian-build for rc.10 and should replicate
these hashes.


## Breaking Changes
Should be none; I would like to backport this to 19 as a 19.0.1

## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-04-17 11:12:21 -05:00
W. J. van der Laan
8ca3005a91 Merge bitcoin/bitcoin#22645: scripts: prevent GCC optimising test symbols in test-symbol-check
5449d44e37982fcd5251fd47873c5f7d34c39fc9 scripts: prevent GCC optimising test symbols in test-symbol-check (fanquake)

Pull request description:

  I noticed in #22381 that when the test-symbol-check target was being built with Clang and run in the CI it would fail due to using a too-new version of `pow` (used [here](d67330d112/contrib/devtools/test-symbol-check.py (L85))). Our CIs use Focal (glibc 2.31) and the version of `pow` was the optimized version introduced in [glibc 2.29](https://lwn.net/Articles/778286/):
  ```bash
  * Optimized generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and tanf.
  ```
  This made sense, except for that if it was failing when built using Clang, why hadn't it also been failing when being built with GCC?

  Turns out GCC is optimizing away that call to `pow` at all optimization levels, including `-O0`, see: https://godbolt.org/z/53MhzMxT7, and this has been the case forever, or at least since GCC 5.x. Clang on the other hand, will only optimize away the `pow` call at `-O1` and `-O2`, not `-O0`: https://godbolt.org/z/Wbnqj3q6c. Thus when this test was built with Clang (we don't pass `-O` so we default to `-O0`) it was failing in the CI environment, because it would actually have a call to the "new" `pow`.

  Avoid this issue by using a symbol that won't be optimized away, or that we are unlikely to ever have versioning issues with.

ACKs for top commit:
  laanwj:
    ACK 5449d44e37982fcd5251fd47873c5f7d34c39fc9

Tree-SHA512: 3a26c5c3a5f2905fd0dd90892470e241ba625c0af3be2629d06d5da3a97534c1d6a55b796bbdd41e2e6a26a8fab7d981b98c45d4238565b0eb7edf3c5da02007
2023-04-16 23:40:59 +03:00
PastaPastaPasta
770eefcd08
ci: upgrade cppcheck to 2.10; fix / suppress reported issues (#5328)
## Issue being fixed or feature implemented
Upgraded version of cppcheck

## What was done?

## How Has This Been Tested?
Ran cppcheck

## Breaking Changes
None

## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation
- [x] I have assigned this pull request to a milestone _(for repository
code-owners and collaborators only)_
2023-04-16 12:08:33 -05:00
fanquake
e4a6ea6032 Merge bitcoin/bitcoin#25861: guix: use --build={arch}-guix-linux-gnu in cross toolchain
56e79fe683d36c1944e52326fae3bcc4cb7deec7 guix: use --build={arch}-guix-linux-gnu in cross toolchain (fanquake)

Pull request description:

  Technically we are always cross-compiling when Guix building, so make that explicit. `{arch}-guix-linux-gnu` is not a triplet that should be used in any other capacity, but here it serves the purpose of ensuring, that by setting `--build` to something other than `--host/--target`, we are always cross-compiling (in the eyes of autoconf etc) when building our cross toolchains. It looks like `x86_64-linux-gnu` on `x86_64-linux-gnu` currently works because of the triplet canonicalisation, i.e `x86_64-linux-gnu` becomes `x86_64-pc-linux-gnu`, and GCCs configure thinking it's cross-compiling, whereas the same canonicalisation doesn't happen for `aarch64-linux-gnu` so we don't get a cross-compile when building on aarch64.

  Fixes: #22458.

  Guix Build (x86_64):
  ```bash
  e590e67d2b151e7d079f50393c61cacf9e65f5e3fdddc10bffd5dbb59cd9f5e3  guix-build-56e79fe683d3/output/aarch64-linux-gnu/SHA256SUMS.part
  9222a733209dc73168722ee0f290831d1723f7ed55abc1e243dd3892ef9733f1  guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu-debug.tar.gz
  a4ec01411195412e9a483397554d98b2db161a6be8aceee2dac78f0015f2a8e5  guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu.tar.gz
  a4ff8f2538c1b3a63a3e7c92699c18164b2c4954ebd72c4a854bf7844e6131b6  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/SHA256SUMS.part
  ac6e4dffcf6f49dac73d3677f3fe5edb08ee1127648bc7ec24b217f48a3a4d21  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf-debug.tar.gz
  ab26467fce9732596b1713179618eee20c2bd44875dc1c39f9afd68f135e8ce4  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf.tar.gz
  f44108d818d53ee7e70b44361cb3cc6841b7aecbe4fade1fa289263718620824  guix-build-56e79fe683d3/output/arm64-apple-darwin/SHA256SUMS.part
  29adfb2d575be8b5a7092b2aff888af2084ad5783bdc74ae3de4b2dd84da7a26  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.dmg
  3d7640f604bd27cb1ae47853d70378a7631aa436b5c027eae31fa06d4dd20d4a  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.tar.gz
  3f8d8fc49cf722a7a13640872762d045c14efd610fba908f0acc99a99032b903  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin.tar.gz
  b8df097e10e7acded8556a5681da2b0132c0d509b200792f5584c186b8dcaf24  guix-build-56e79fe683d3/output/dist-archive/bitcoin-56e79fe683d3.tar.gz
  1a605c563038107b88e8d859fa045ca3087241340264eb7125e97b3af36874db  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/SHA256SUMS.part
  d10be89a816ee2f47bf778ef4aaa8a7b548403c123a4b4b3aa0470ee7b9472d2  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu-debug.tar.gz
  839dd079d677c87a91ccc28f6c423657d98212350d3693ae2facb92082d10c88  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu.tar.gz
  200d7a72a7901b6788e70aa1c6fbbe16144e9dac29beb06242a9dcfe1e88acbe  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/SHA256SUMS.part
  3d207bb57dc45f234d804a9ee615001aa28ac4b59b530a1e7d16d0a72c2ea514  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu-debug.tar.gz
  16a789c98409d36bd6b69a5ca38cd8886979f50f845265dc0b005c92286a3e4f  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu.tar.gz
  e48f6fae9c2ffeb2bf02ffc073ac69648b2ce4ba87e0ad7a3a5059abf33b8ce2  guix-build-56e79fe683d3/output/riscv64-linux-gnu/SHA256SUMS.part
  fa8d66af5f202e0c8968114af4dcd6d88099eb91d197dfaaa0144f8ae6b12f4a  guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu-debug.tar.gz
  86cffa62687f4272c899897ff6c1a86e1a7bdbbb7ab09a085b7b1122d3a1f1b2  guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu.tar.gz
  e42a7c33da6ea4be5d0826df097bdc7e919c9fd6642e7d59fe3d45a97d9009fa  guix-build-56e79fe683d3/output/x86_64-apple-darwin/SHA256SUMS.part
  2f9faa88fa0025b9bfade83177b1f50833dc6c3be1ef26c4d5881aa165bcc537  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.dmg
  fdfe560968c85500dc886d4e12b851cd27a76de860b8cbf1fb6aac95ccd0582e  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.tar.gz
  c3c75560befd72a9f13f5626ddf39c63ad25fb9753a4d941e48830b7e06f143e  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin.tar.gz
  38100946ec1469fdd31aa8ea9e471b317dc278c298c106289c119016c2c0caa0  guix-build-56e79fe683d3/output/x86_64-linux-gnu/SHA256SUMS.part
  67890771aad89dc0d20b8dcdc6b29bd838ace310e8bcbbc0d16d7afc87d3a474  guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu-debug.tar.gz
  a9772b40c8b9d3c1a0bf9c9db2a60050415bf6a9bd4a19cfd8a038f4a1e712e3  guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu.tar.gz
  01da0561f2c3a268c28615b1573dfdecb6346bf3f8eba7a052488191234ac1d6  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/SHA256SUMS.part
  71324ac0f6fc8163e41031b2fd2d38d2e15bfd5ef4efe4cb45d7974fad474394  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-debug.zip
  219b58281d3c79b2ed7e9085b1e15d7e021fd3899ef07a6ad747058b43d64443  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-setup-unsigned.exe
  fe838d32587c2f942fcd9f9a0b3735611b686a867e2d2040cf3a8aa6a43d09fe  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-unsigned.tar.gz
  13b537217a13293b93afd7c588b3733955c3188f79a3249b363fb4e885b74b32  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64.zip
  ```

  Guix Build (arm64):
  ```bash
  e590e67d2b151e7d079f50393c61cacf9e65f5e3fdddc10bffd5dbb59cd9f5e3  guix-build-56e79fe683d3/output/aarch64-linux-gnu/SHA256SUMS.part
  9222a733209dc73168722ee0f290831d1723f7ed55abc1e243dd3892ef9733f1  guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu-debug.tar.gz
  a4ec01411195412e9a483397554d98b2db161a6be8aceee2dac78f0015f2a8e5  guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu.tar.gz
  a4ff8f2538c1b3a63a3e7c92699c18164b2c4954ebd72c4a854bf7844e6131b6  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/SHA256SUMS.part
  ac6e4dffcf6f49dac73d3677f3fe5edb08ee1127648bc7ec24b217f48a3a4d21  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf-debug.tar.gz
  ab26467fce9732596b1713179618eee20c2bd44875dc1c39f9afd68f135e8ce4  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf.tar.gz
  f44108d818d53ee7e70b44361cb3cc6841b7aecbe4fade1fa289263718620824  guix-build-56e79fe683d3/output/arm64-apple-darwin/SHA256SUMS.part
  29adfb2d575be8b5a7092b2aff888af2084ad5783bdc74ae3de4b2dd84da7a26  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.dmg
  3d7640f604bd27cb1ae47853d70378a7631aa436b5c027eae31fa06d4dd20d4a  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.tar.gz
  3f8d8fc49cf722a7a13640872762d045c14efd610fba908f0acc99a99032b903  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin.tar.gz
  b8df097e10e7acded8556a5681da2b0132c0d509b200792f5584c186b8dcaf24  guix-build-56e79fe683d3/output/dist-archive/bitcoin-56e79fe683d3.tar.gz
  1a605c563038107b88e8d859fa045ca3087241340264eb7125e97b3af36874db  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/SHA256SUMS.part
  d10be89a816ee2f47bf778ef4aaa8a7b548403c123a4b4b3aa0470ee7b9472d2  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu-debug.tar.gz
  839dd079d677c87a91ccc28f6c423657d98212350d3693ae2facb92082d10c88  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu.tar.gz
  200d7a72a7901b6788e70aa1c6fbbe16144e9dac29beb06242a9dcfe1e88acbe  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/SHA256SUMS.part
  3d207bb57dc45f234d804a9ee615001aa28ac4b59b530a1e7d16d0a72c2ea514  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu-debug.tar.gz
  16a789c98409d36bd6b69a5ca38cd8886979f50f845265dc0b005c92286a3e4f  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu.tar.gz
  e48f6fae9c2ffeb2bf02ffc073ac69648b2ce4ba87e0ad7a3a5059abf33b8ce2  guix-build-56e79fe683d3/output/riscv64-linux-gnu/SHA256SUMS.part
  fa8d66af5f202e0c8968114af4dcd6d88099eb91d197dfaaa0144f8ae6b12f4a  guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu-debug.tar.gz
  86cffa62687f4272c899897ff6c1a86e1a7bdbbb7ab09a085b7b1122d3a1f1b2  guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu.tar.gz
  e42a7c33da6ea4be5d0826df097bdc7e919c9fd6642e7d59fe3d45a97d9009fa  guix-build-56e79fe683d3/output/x86_64-apple-darwin/SHA256SUMS.part
  2f9faa88fa0025b9bfade83177b1f50833dc6c3be1ef26c4d5881aa165bcc537  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.dmg
  fdfe560968c85500dc886d4e12b851cd27a76de860b8cbf1fb6aac95ccd0582e  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.tar.gz
  c3c75560befd72a9f13f5626ddf39c63ad25fb9753a4d941e48830b7e06f143e  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin.tar.gz
  38100946ec1469fdd31aa8ea9e471b317dc278c298c106289c119016c2c0caa0  guix-build-56e79fe683d3/output/x86_64-linux-gnu/SHA256SUMS.part
  67890771aad89dc0d20b8dcdc6b29bd838ace310e8bcbbc0d16d7afc87d3a474  guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu-debug.tar.gz
  a9772b40c8b9d3c1a0bf9c9db2a60050415bf6a9bd4a19cfd8a038f4a1e712e3  guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu.tar.gz
  01da0561f2c3a268c28615b1573dfdecb6346bf3f8eba7a052488191234ac1d6  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/SHA256SUMS.part
  71324ac0f6fc8163e41031b2fd2d38d2e15bfd5ef4efe4cb45d7974fad474394  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-debug.zip
  219b58281d3c79b2ed7e9085b1e15d7e021fd3899ef07a6ad747058b43d64443  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-setup-unsigned.exe
  fe838d32587c2f942fcd9f9a0b3735611b686a867e2d2040cf3a8aa6a43d09fe  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-unsigned.tar.gz
  13b537217a13293b93afd7c588b3733955c3188f79a3249b363fb4e885b74b32  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64.zip
  ```

ACKs for top commit:
  hebasto:
    ACK 56e79fe683d36c1944e52326fae3bcc4cb7deec7

Tree-SHA512: 628ab6cda80069ad277107639bef21b44a8417198862e9ec89b45a2c41741d29aeb79aa58c5a90283fb96cf707494ae948ac790abde809bb18c86b14af999200
2023-04-16 12:07:09 -05:00
Konstantin Akimov
46a5cd4b59 fix: extra edits of guix's README.md 2023-04-15 12:13:27 -05:00
fanquake
8f70c136bc Merge bitcoin/bitcoin#22654: guix: Don't include directory name in SHA256SUMS
132cae44f2d031bdaa1e459b92ec89ad585dfc9f doc: Mention the flat directory structure for uploads (Andrew Chow)
fb17c99e35e72f3b21ec3b5473e84c21dc964776 guix: Don't include directory name in SHA256SUMS (Andrew Chow)

Pull request description:

  The SHA256SUMS file can be used in a sha256sum -c command to verify downloaded binaries. However users are likely to download just a single file and not place this file in the correct directory relative to the SHA256SUMS file for the simple verification command to work. By not including the directory name in the SHA256SUMS file, it will be easier for users to verify downloaded binaries.

ACKs for top commit:
  Zero-1729:
    re-ACK 132cae44f2d031bdaa1e459b92ec89ad585dfc9f
  fanquake:
    ACK 132cae44f2d031bdaa1e459b92ec89ad585dfc9f

Tree-SHA512: c9ff416b8dfb2f3ceaf4d63afb84aac9fcaefbbf9092f9e095061b472884ec92c7a809e6530c7132a82cfe3ab115a7328e47994a412072e1d4feb26fc502c8c5
2023-04-15 12:13:27 -05:00
fanquake
2f09a04d44 Merge bitcoin/bitcoin#22642: release: Release with separate SHA256SUMS and sig files
90b3e482e911fde73133a157c3b354471682275a release: Release with separate SHA256SUMS and sig files (Carl Dong)

Pull request description:

  This allows us to:
  - remove the rfc4880 EOL hacks, and
  - release with a SHA256SUMS.asc file that's a combination of all signer signatures

ACKs for top commit:
  achow101:
    ACK 90b3e482e911fde73133a157c3b354471682275a
  laanwj:
    Concept and code review ACK 90b3e482e911fde73133a157c3b354471682275a

Tree-SHA512: 5d5086063d303aa0cbd590e5fdf2ae8f555e25f4e43bf67545e33384449b990e94834c711622530ad0eb3dcc83f52746884a5081dadb0acff8dd799cfadafac7
2023-04-15 12:13:27 -05:00
fanquake
e82c9ad35a Merge bitcoin/bitcoin#22511: guix: Silence getent(1) invocation, doc fixups
a884a1edcd1b795799f1be65df17462041741dc3 guix/INSTALL: Misc fixups (Carl Dong)
3c4d2c418e62d421a8bd7640ef5384251c892406 guix: Silence getent(1) invocation (Carl Dong)

Pull request description:

  Otherwise the `getent(1)` checks will print out the default http, https, and ftp ports, making it seem like something is being spawned that is listening on those ports, which is not the case.

ACKs for top commit:
  fanquake:
    ACK a884a1edcd1b795799f1be65df17462041741dc3

Tree-SHA512: 7706a98fe5f2bcd766fd3a16bfffab899ec45e80d72c485b7bed2a83d2024eddbb44ae4a77e2352e308740ca203c163421a11a5a2327fa94d2032ecceef4d63f
2023-04-15 12:13:27 -05:00
Konstantin Akimov
559190fb27 docs: dashification of guix 2023-04-15 12:13:27 -05:00
Konstantin Akimov
31da303569 docs: dashification guix/README.md 2023-04-15 12:13:27 -05:00
Konstantin Akimov
f9508cb532 docs: dashification guix/INSTALL.md and added Dockerfile for guix
Co-authored-by: PastaPastaPasta <6443210+PastaPastaPasta@users.noreply.github.com>
2023-04-15 12:13:27 -05:00
fanquake
f54ec9cde7 Merge bitcoin/bitcoin#21711: guix: Add full installation and usage documentation
fac4814106c796b8786dd90053513cc35142dfe5 doc/release-process: Add torrent creation details (Carl Dong)
5d24cc3d82dad6812f8370c3ccc7c2b5a6c12c11 guix/INSTALL: Guix installs init scripts in libdir (Carl Dong)
5da2ee49d5b44de803b671aedbdd14e5c1d71ea9 guix/INSTALL: Add coreutils/inotify-dir-recreate troubleshooting (Carl Dong)
318c60700b7bbb7ec09a29bf037e7c2787646be6 guix: Adapt release-process.md to new Guix process (Carl Dong)
fcab35b2292f9221eaba521740e8b3b2511a8b78 guix-attest: Produce and sign normalized documents (Carl Dong)
c2541fd0ca99481a5a792a8f2772925d64fb0491 guix: Overhaul README (Carl Dong)
46ce6ce3782dfbd8f9d26dc2ba0f284755e75f2d tree-wide: Rename gitian-keys to builder-keys (Carl Dong)
fc4f8449f34e32b0b9ac9d218d6c3264b02467ba guix: Update various check_tools lists (Carl Dong)
263220a85c1df218431fafbda07c8b23ccc4ce4d guix: Check for a sane services database (Carl Dong)

Pull request description:

  Based on: #21462

  Keeping the README in one file so that it's easy to search through. Will add more jumping links later so navigation is easier.

  Current TODOs:
  - [x] Shell installer option: prompt user to re-login for `/etc/profile.d` entry to be picked up
  - [x] Binary tarball option: prompt user to create `/etc/profile.d` entry and re-login
  - [x] Fanquake docker option: complete section
  - [x] Arch Linux AUR option: prompt to start `guix-daemon-latest` unit after finishing "optional setup" section
  - [x] Building from source option: Insert dependency tree diagram that I made
  - [x] Building from source option: redo sectioning, kind of a mess right now
  - [x] Optional setup: make clear which parts are only needed if building from source
  - [x] Workaround 1 for GnuTLS: perhaps mention how to remove Guix build farm's key
  - [x] Overall (after everything): Make the links work.

  Note to self: wherever possible, tell user how to check that something is true rather than branching by installation option.

ACKs for top commit:
  fanquake:
    ACK fac4814106c796b8786dd90053513cc35142dfe5 - going to go ahead and merge this now. It's a lot of documentation, and could probably be nit-picked / improved further, however, that can continue over the next few weeks. I'm sure more (backportable) improvements / clarifications will be made while we progress through RCs towards a new release.

Tree-SHA512: dc46c0ecdfc67c7c7743ca26e4a603eb3f54adbf81be2f4c1f4c20577ebb84b5250b9c9ec89c0e9860337ab1c7cff94d7963c603287267deecfe1cd987fa070a
2023-04-15 12:13:27 -05:00
fanquake
b696fb16c7 Merge #17049: contrib: Bump gitian descriptors for 0.20
fa1ad8f06eba5e120c30f07263250bc382891179 build: Bump gitian descriptor versions (MarcoFalke)

Pull request description:

  Bump the gitian descriptor versions as a follow-up to #17007.

  Also fixes #17027 with a cherry-pick, and bump the manpages.

ACKs for top commit:
  fanquake:
    ACK fa1ad8f06eba5e120c30f07263250bc382891179

Tree-SHA512: c3b669c3797e5febb51a8dd01e2621a7544a291e080d73c47a2a12ea9da84ff904533e68792e2e869ebbdc2226b2fee7517214549e6cc7e988f175098f7c412c
2023-04-06 20:15:47 +03:00
fanquake
0c05d0b59d Merge #16556: Fix systemd service file configuration directory setup
f3b57f4a1c17aadbf02d408e980490c88838c6ba Unrecommend making config file owned by bitcoin (setpill)
870d4152dfc3d990e336723562948835c2dbd646 Set ProtectHome in systemd service file (setpill)
639a416e3758b3005b860b198f0ec7bdd80a7f0c Chgrp config dir to bitcoin in systemd service (setpill)
aded0528f0e1e3735ce8dd26fd9e546150b73187 Improve clarity of systemd service file comments (setpill)

Pull request description:

  Rationale: ran into a bug with the systemd service file, fixed it locally and figured I might as well contribute my fix.

  Also fixed some unrelated confusing phrasing in the comments of the same file, after discussion in IRC.

ACKs for top commit:
  sipsorcery:
    tACK f3b57f4a1c17aadbf02d408e980490c88838c6ba (nothing changed since previous tACK).
  ryanofsky:
    utACK f3b57f4a1c17aadbf02d408e980490c88838c6ba. Only change since last review is removing ConfigurationDirectoryMode churn in early commits

Tree-SHA512: 2188345878925b9e8a5c2c3df8dfba443720e2252a164db54a8e1d8007846721497b2d98c56f1d9b60a9a9ed4fdb1156c7b02c699616b220a9b614671617d32a
2023-04-06 20:14:58 +03:00
Wladimir J. van der Laan
b4285d03da Merge #18395: scripts: add PE dylib checking to symbol-check.py
1a0993ae354c36d6f219e67f82ca8236530d6201 scripts: add PE dylib checking to symbol-check.py (fanquake)

Pull request description:

  Uses `objdump -x` and looks for `DLL Name:` lines. i.e:
  ```bash
  objdump -x src/qt/bitcoin-qt.exe | grep "DLL Name:"
  	DLL Name: ADVAPI32.dll
  	DLL Name: dwmapi.dll
  	DLL Name: GDI32.dll
  	DLL Name: IMM32.dll
  	DLL Name: IPHLPAPI.DLL
  	DLL Name: KERNEL32.dll
  	DLL Name: msvcrt.dll
  	DLL Name: ole32.dll
  	DLL Name: OLEAUT32.dll
  	DLL Name: SHELL32.dll
  	DLL Name: SHLWAPI.dll
  	DLL Name: USER32.dll
  	DLL Name: UxTheme.dll
  	DLL Name: VERSION.dll
  	DLL Name: WINMM.dll
  	DLL Name: WS2_32.dll
  ```

ACKs for top commit:
  dongcarl:
    Concept ACK 1a0993ae354c36d6f219e67f82ca8236530d6201
  hebasto:
    ACK 1a0993ae354c36d6f219e67f82ca8236530d6201, tested on Linux Mint 19.3:

Tree-SHA512: 0099a50e2c616d5239a15cafa9a7c483e9c40244af41549e4738be0f5360f27a2afb956eb50b47cf446b242f4cfc6dc9d111306a056fb83789eefbd71eddabd2
2023-03-26 16:50:26 -05:00
fanquake
caeab86593 Merge bitcoin/bitcoin#24215: [22.x] guix: ignore additional failing certvalidator test
b7ecef1ddf0c9f1f53ab220bee2e19a6b8978e34 guix: ignore additioanl failing certvalidator test (fanquake)

Pull request description:

  Backports 8588591965 from #24057 so that from-scratch Guix builds for the Darwin host aren't broken due to a (very recently) expired certificate causing one of the python-certvalidator tests to fail. Kept separate from #23276 because that hasn't gotten review attention, and I don't think we should leave `22.x` Darwin Guix builds broken for any longer than we have to.

  Fixes #24110.

  ```bash
  ======================================================================
  ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests)
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft
      validate_path(context, path)
    File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path
      return _validate_path(validation_context, path)
    File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path
      raise PathValidationError(pretty_message(
  certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-01-14 12:00:00Z
  ```

  Guix Build:
  ```bash
  bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
  359755bffecc64b4c005c5cdee3824190f6b1759dbc6c20034476dcc06413959  guix-build-b7ecef1ddf0c/output/dist-archive/bitcoin-b7ecef1ddf0c.tar.gz
  0c6700270ec75991d70a97cad77e22cc00553f812edb56c1bac5ef6421f963e1  guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/SHA256SUMS.part
  87d4637a87959a304422550edf87feda3953d7305894154a6a2d413cc0dd2034  guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-osx-unsigned.dmg
  9cabae32689bd5f93e7faaaf341827f1c4069a63ab6f74276564e47819343b6c  guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-osx-unsigned.tar.gz
  bb5fb113bc022a305e49783d0ba48be90aca61e4a942beeb45206dbc5b91ca6e  guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-x86_64-apple-darwin.tar.gz
  ```

ACKs for top commit:
  MarcoFalke:
    Concept ACK b7ecef1ddf0c9f1f53ab220bee2e19a6b8978e34

Tree-SHA512: 8f761fece405b3b974b9f42ab4ebf8995d3284ce7bfb0556ff8459e1a7d30f8bd2f407cb5651e9fa1094c493148bba7a8918a251b54a83efe12acfaf3d39f350
2023-03-26 16:50:26 -05:00
fanquake
2376c61056 Merge bitcoin/bitcoin#22847: guix/prelude: Override VERSION with FORCE_VERSION
96cc6bb04f7e173e1f7637b780ac00fc75486671 guix/prelude: Override VERSION with FORCE_VERSION (Carl Dong)

Pull request description:

  ```
  Previously, if the builder exported $VERSION in their environment (as
  past Gitian-building docs told them to), but their HEAD does not
  actually point to v$VERSION, their build outputs will differ from those
  of other builders.

  This is because the contrib/guix/guix-* scripts only ever act on the
  current git worktree, and does not try to check out $VERSION if $VERSION
  is set in the environment.

  Setting $VERSION only makes the scripts pretend like the current
  worktree is $VERSION.

  This problem was seen in jonatack's attestation for all.SHA256SUMS,
  where only his bitcoin-22.0rc3-osx-signed.dmg differed from everyone
  else's.

  Here is my deduced sequence of events:

  1. Aug 27th: He guix-builds 22.0rc3 and uploads his attestations up to
     guix.sigs

  2. Aug 30th, sometime after POSIX time 1630310848: he pulls the latest
     changes from master in the same worktree where he guix-built 22.0rc3
     and ends up at 7be143a960e2

  3. Aug 30th, sometime before POSIX time 1630315907: With his worktree
     still on 7be143a960e2, he guix-codesigns. Normally, this would result
     in outputs going in guix-build-7be143a960e2, but he had
     VERSION=22.0rc3 in his environment, so the guix-* scripts pretended
     like he was building 22.0rc3, and used 22.0rc3's guix-build directory
     to locate un-codesigned outputs and dump codesigned ones.

     However, our SOURCE_DATE_EPOCH defaults to the POSIX time of HEAD
     (7be143a960e2), which made all timestamps in the resulting codesigned
     DMG 1630310848, 7be143a960e2's POSIX timestamp. This differs from the
     POSIX timestamp of 22.0rc3, which is 1630348517. Note that the
     windows codesigning procedure does not consider SOURCE_DATE_EPOCH.

  We resolve this by only allowing VERSION overrides via the FORCE_VERSION
  environment variable.
  ```

  Please ignore the branch name, it's not relevant to the change.

ACKs for top commit:
  fanquake:
    ACK 96cc6bb04f7e173e1f7637b780ac00fc75486671  - Also makes sense given there are Guix build guides recommending to set `VERSION` as part of the process. i.e https://gist.github.com/hebasto/7293726cbfcd0b58e1cfd5418316cee3.

Tree-SHA512: 9dca3fc637ce11049286a3ebee3cd61cce2125fc51d31cf472fbed7f659e1846fc44062753e0e71bfaec9e7fbab6f040bb88d9d4bc4f8acb28c6890563584acf
2023-03-26 16:50:26 -05:00
fanquake
6d8be28053 Merge bitcoin/bitcoin#22643: guix-verify: Non-zero exit code when anything fails
d451b60d22576dff7a2c8d6a8b5880d9d69e397c guix-verify: Non-zero exit code when anything fails (Carl Dong)

Pull request description:

  ```
  Previously, if verification fails, the correct message will be printed,
  but the exit code would still be 0.
  ```

ACKs for top commit:
  achow101:
    ACK d451b60d22576dff7a2c8d6a8b5880d9d69e397c

Tree-SHA512: 695d72121f308d8a66db780eca16878fb378b4d766de5b58c2d6f778c5661a2f7bdf37a96e8e8e283b0a46b5d55f24bca05fa7509aa1822f0854c50064200572
2023-03-26 16:50:26 -05:00
fanquake
9ae8a00e90 Merge bitcoin/bitcoin#22533: guix/build: Remove vestigial SKIPATTEST.TAG
9f01feda0ad99d8600f9edee1f37594c5166a7b8 guix/build: Remove vestigial SKIPATTEST.TAG (Carl Dong)

Pull request description:

  No longer needed or referenced by anything. A relic from prior to the great hierarchy overhaul of #22182

ACKs for top commit:
  achow101:
    ACK 9f01feda0ad99d8600f9edee1f37594c5166a7b8
  fanquake:
    ACK 9f01feda0ad99d8600f9edee1f37594c5166a7b8

Tree-SHA512: a94cf63f0c5cb8dbacf1025b6c0e81b219c2a3c93b3cbcefc239ccde29e602ecd4b717b1d93dbe53cb791a5017236fb09823c034aec42b0c31894fc9e0ab8b21
2023-03-26 16:50:26 -05:00
fanquake
cee464caa3 Merge bitcoin/bitcoin#22465: guix: Pin kernel-header version, time-machine to upstream 1.3.0 commit
e6a94d44469f90f4dc88a07a5a8587730811c705 guix: Bump to version-1.3.0 from upstream (Carl Dong)
90fd13b954a364963f58e6cd12962c6f1986f79b guix: Pin kernel header version (Carl Dong)

Pull request description:

  ```
  - Use 4.19 for riscv64 (earliest LTS release w/ riscv64 support)
  - Use 4.9 for all others (second-oldest LTS release, released in
    combination with glibc glibc 2.24 in Debian stretch)
  ```

  ```
  The chosen commit is the HEAD of Guix's version-1.3.0 branch as of July
  15th, 2021.

  Also fix visual indenting.
  ```

  -----

  This + the documentation PR should make our Guix system ready for release!

ACKs for top commit:
  MarcoFalke:
    review ACK e6a94d44469f90f4dc88a07a5a8587730811c705 to change to vanilla guix. Did not review the kernel change.
  laanwj:
    ACK e6a94d44469f90f4dc88a07a5a8587730811c705
  fanquake:
    ACK e6a94d44469f90f4dc88a07a5a8587730811c705

Tree-SHA512: a175e4ddb3ee786a39f5e800ce336932ad2f6797a3a28400a6f723875d0f19833fd36cedc41b3580e4604110517211bd9f557be36adf7265fd8e591c434ae032
2023-03-26 16:50:26 -05:00
fanquake
305649cb64 Merge bitcoin/bitcoin#22410: Avoid GCC 7.1 ABI change warning in guix build
1edddf5de41b053049ce0b0bdbc39c2fbb743c40 Avoid GCC 7.1 ABI change warning in guix build (Pieter Wuille)

Pull request description:

  The arm-linux-gnueabihf guix build output is littered with warnings like:

  ```
  /gnu/store/7a96hdqdb2qi8a39f09n84xjy2hr23rs-gcc-cross-arm-linux-gnueabihf-8.4.0/include/c++/bits/stl_vector.h:1085:4: note:
                   parameter passing for argument of type '__gnu_cxx::__normal_iterator<CRecipient*, std::vector<CRecipient> >' changed in GCC 7.1
  ```

  These are irrelevant for us. Disable them using `-Wno-psabi`.

ACKs for top commit:
  laanwj:
    ACK 1edddf5de41b053049ce0b0bdbc39c2fbb743c40
  hebasto:
    ACK 1edddf5de41b053049ce0b0bdbc39c2fbb743c40, after thorough reading related materials, I agree this change can be merged. As I mentioned above, I have been compiling my arm-32bit binaries with `-Wno-psabi` flag for two years, and no related flaws were observed.

Tree-SHA512: 485c7500547ac5da567ad23847341c18ff832607f5a1002676404cc647e437cf3445b6894ecff5b52929ca52bea946c06bd90eace1997c895e56204e787065e4
2023-03-26 16:50:26 -05:00
fanquake
088342b617 partial Merge bitcoin/bitcoin#22405: build: remove --enable-glibc-back-compat from Guix build
797b3ed9090030f32fade81803b580562d4a90a3 script: remove gitian reference from symbol-check.py (fanquake)
15fc9a0299091bfeb3370f993ad95ff638f6ba8c guix: add additional documentation to patches (fanquake)
4516e5ec9223486fe2eba7f4320d786d074a58fd lint: exclude Guix patches from spell-checking (fanquake)
de6ca41a52d2646598daae5f4620bbe766757e21 guix: no-longer pass --enable-glibc-back-compat to Guix (fanquake)
84dd81fb5bf7308b8070b53520266854fb6efad3 build: remove glibc backcompat requirement for Linux symbol checks (fanquake)

Pull request description:

  Now that our Guix toolchains are based on glibc 2.24 and 2.27 (RISCV), we don't need to use the `--enable-glibc-back-compat` option to produce binaries that don't use any symbols from glibc 2.17 and 2.27 or later.

  This also adds additional documentation to some Guix patches (pointed out in #22365) and removes Guix patches from the spelling linter, because that isn't our spelling.

  Symbol usage: https://gist.github.com/fanquake/d15604fc580718444c5aa4b3c3c75fdc.

  Guix Builds:
  ```bash
  bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
  ed54e6a6cf4fab328557c0c72eb08c73f2a58c6c70959544cf4b1882e75ea69e  guix-build-797b3ed90900/output/aarch64-linux-gnu/SHA256SUMS.part
  83bd9dadc59f89f848d143fa4fc3964f16fe0b4bdf35e5093b577ff2c4bd1f43  guix-build-797b3ed90900/output/aarch64-linux-gnu/bitcoin-797b3ed90900-aarch64-linux-gnu-debug.tar.gz
  94cb8c35281f12dec6ea5b390b66cad5e27ac8c45a30c42c8d38c438695d54c0  guix-build-797b3ed90900/output/aarch64-linux-gnu/bitcoin-797b3ed90900-aarch64-linux-gnu.tar.gz
  7318b63d65c0aa52d2446de8e1f40658d2e47ab8fb0268820c3b7585d140fb23  guix-build-797b3ed90900/output/arm-linux-gnueabihf/SHA256SUMS.part
  95e1ffb372964b73f539653ca703b70cf0c018801a9c4c0ffc46a0b63539253c  guix-build-797b3ed90900/output/arm-linux-gnueabihf/bitcoin-797b3ed90900-arm-linux-gnueabihf-debug.tar.gz
  039d3842e6499626cf955ae0a7590dd6b3d0935cdc217c98aaf9d156b0ebd3b4  guix-build-797b3ed90900/output/arm-linux-gnueabihf/bitcoin-797b3ed90900-arm-linux-gnueabihf.tar.gz
  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  guix-build-797b3ed90900/output/dist-archive/SKIPATTEST.TAG
  2c4e7b6e7aff63ba811e5bf59362d16866c3a358f8844fba8739a61192870622  guix-build-797b3ed90900/output/dist-archive/bitcoin-797b3ed90900.tar.gz
  955029b949c368eabd517dd33040d2f01e2ac6a55e7b4f9107907a7c6e0c6060  guix-build-797b3ed90900/output/powerpc64-linux-gnu/SHA256SUMS.part
  fd6d6b137f8efedf58a879d11205b1d4649e1f97d7f91e193239ef206fcc285d  guix-build-797b3ed90900/output/powerpc64-linux-gnu/bitcoin-797b3ed90900-powerpc64-linux-gnu-debug.tar.gz
  51736ac8e77737999f1b5bd4c381b0016f19a8d5e40e786fe941ff04e84c11c9  guix-build-797b3ed90900/output/powerpc64-linux-gnu/bitcoin-797b3ed90900-powerpc64-linux-gnu.tar.gz
  8c244c16bfa46c1efdb120e1d91fdd14d3f14eefee8d7e1fbb0a9b4664a5c315  guix-build-797b3ed90900/output/powerpc64le-linux-gnu/SHA256SUMS.part
  704ee593251a1b1c65a5bebeef93b23f266af4e8cbf8ae556150c3b2e8f06a6c  guix-build-797b3ed90900/output/powerpc64le-linux-gnu/bitcoin-797b3ed90900-powerpc64le-linux-gnu-debug.tar.gz
  0ec06ae7d344de20d61e3965d8b383747ef20b0e9d93a3165733ea23bdf2ead8  guix-build-797b3ed90900/output/powerpc64le-linux-gnu/bitcoin-797b3ed90900-powerpc64le-linux-gnu.tar.gz
  2dd6c6ecc67b0ea40ca9c43f92efca81ccd054b8db8c197ad84ad9674d510a25  guix-build-797b3ed90900/output/riscv64-linux-gnu/SHA256SUMS.part
  5ebb27a855a677f7a188d83995be6b2a3ea8606be152abb7fc7832713fb0677a  guix-build-797b3ed90900/output/riscv64-linux-gnu/bitcoin-797b3ed90900-riscv64-linux-gnu-debug.tar.gz
  bdaf1783f5e1861597afa37c1880364e118d9a7a7af8017302d82202791019f6  guix-build-797b3ed90900/output/riscv64-linux-gnu/bitcoin-797b3ed90900-riscv64-linux-gnu.tar.gz
  726c9092b60ac2e7d7e14b2c24467fcf276a6f89170a871ddab9dce6ac230699  guix-build-797b3ed90900/output/x86_64-apple-darwin18/SHA256SUMS.part
  2af4d709b44952654f3c08c86593bf2ccc9a44ed422783a1b95b8a199a894db2  guix-build-797b3ed90900/output/x86_64-apple-darwin18/bitcoin-797b3ed90900-osx-unsigned.dmg
  fd49ba445aa6cf3d8c47019a05e9e5740cb0f53349344dd80671297127f49f1a  guix-build-797b3ed90900/output/x86_64-apple-darwin18/bitcoin-797b3ed90900-osx-unsigned.tar.gz
  3f51cbf8cf18420d4be70e656aa993675cf5e828a255c2030047ae2e059ed5b7  guix-build-797b3ed90900/output/x86_64-apple-darwin18/bitcoin-797b3ed90900-osx64.tar.gz
  afd1edee1447bb88d81e972abfae4c4e065b5b1827769f033cff9472084c7c1b  guix-build-797b3ed90900/output/x86_64-linux-gnu/SHA256SUMS.part
  ec468ef886d25e685f4f7a18b4f7d497dedf757495e0d5beb72c23cc32ab69b5  guix-build-797b3ed90900/output/x86_64-linux-gnu/bitcoin-797b3ed90900-x86_64-linux-gnu-debug.tar.gz
  1934d7294f0c9e083d38a3f68d4a61cd679defa79ce0a89f77386978692b9b18  guix-build-797b3ed90900/output/x86_64-linux-gnu/bitcoin-797b3ed90900-x86_64-linux-gnu.tar.gz
  94c11c328a628052eb6f50e9816aa768f87ea7acfbbbafdab60f6928da766811  guix-build-797b3ed90900/output/x86_64-w64-mingw32/SHA256SUMS.part
  fd371922ba93d81bd4a2b711d617af6756f9f0494db6d83aa0e5f491a24168ef  guix-build-797b3ed90900/output/x86_64-w64-mingw32/bitcoin-797b3ed90900-win-unsigned.tar.gz
  4e4ad976bc029bbbf9596ad8493accaaba8b0d5c598dd342f8da330609bbdf21  guix-build-797b3ed90900/output/x86_64-w64-mingw32/bitcoin-797b3ed90900-win64-debug.zip
  3a89a16b9101e9a17d98efb9234b5bdd264c0bba2c6326511017730e1a08311f  guix-build-797b3ed90900/output/x86_64-w64-mingw32/bitcoin-797b3ed90900-win64-setup-unsigned.exe
  e285ab737e3c843fd3f1c26c2f053e421a3c39b33995747ce48281884d3f28d1  guix-build-797b3ed90900/output/x86_64-w64-mingw32/bitcoin-797b3ed90900-win64.zip
  ```

ACKs for top commit:
  sipa:
    utACK 797b3ed9090030f32fade81803b580562d4a90a3
  hebasto:
    ACK 797b3ed9090030f32fade81803b580562d4a90a3

Tree-SHA512: 3a569702d8832c155c5ce8d2f6d823f7f12603885576078bc5192bc9038a48261ecb541800f79d1e9bc86d71fa640265c5b8b89df9d8bb680b3bb05d9d78a666
2023-03-26 16:50:26 -05:00
fanquake
7084e52141 Merge bitcoin/bitcoin#22365: guix: Avoid relying on newer symbols by rebasing our cross toolchains on older glibcs
647f7e5f1da1089d451f3c431efc635b8e87b064 guix: Also sort SHA256SUMS.part (Carl Dong)
dc4137a60c99979b89f75d2bddba96d043f387b8 guix: Build depends/qt with our platform definition (Carl Dong)
16b0a936e15b81710755303e11ef51f608b61475 guix: Rebase toolchain on glibc 2.24 (2.27 for riscv64) (Carl Dong)

Pull request description:

  After this PR, we'll have the following:
  - riscv64 -> build with a toolchain targeting glibc 2.27
  - everything else -> builds with a toolchain targeting glibc 2.24, but will not have symbols > 2.17 (checked by `symbol-check.py`)

ACKs for top commit:
  achow101:
    reACK 647f7e5f1da1089d451f3c431efc635b8e87b064
  hebasto:
    ACK 647f7e5f1da1089d451f3c431efc635b8e87b064
  MarcoFalke:
    review ACK 647f7e5f1da1089d451f3c431efc635b8e87b064
  fanquake:
    ACK 647f7e5f1da1089d451f3c431efc635b8e87b064 - documentation can be fixed shortly.

Tree-SHA512: ddff57a5d7c053687b0a273720d4ad7d28c6fc8816226d4304869284d017af5e3630d4b57565d91e74f2e1b7583c9c83ee8b2e5e70e41d619ab618e602c97a94
2023-03-26 16:50:26 -05:00
fanquake
56d2bc249b Merge bitcoin/bitcoin#22182: guix: Overhaul how guix-{attest,verify} works and hierarchy
e2c40a4ed5272d72fea997bd936fba28bb753226 guix-attest: Error out if SHA256SUMS is unexpected (Carl Dong)
4cc35daed557f38b080360a89036b2e97a6f78c2 Rewrite guix-{attest,verify} for new hier (Carl Dong)
28a9c9b83924f585b397f0f3b8e9e73780ac0ad6 Make SHA256SUMS fragment right after build (Carl Dong)

Pull request description:

  Based on:  #22075
  Code reviewers: I recommend reading the new `guix-{attest,verify}` files instead of trying to read the diff

  The following changes resolve many usability improvements which were pointed out to me:
  1. Some maintainers like to extract their "uncodesigned tarball" inside the `output/` directory, resulting in the older `guix-attest` mistakenly attesting to the extracted contents
  2. Maintainers whose GPG keys reside on an external smartcard often need to physically interact with the smartcard as a way to approve the signing operation, having one signature per platform means a lot of fidgeting
  3. Maintainers wishing to sign on a separate machine now has the option of transferring only a subtree of `output/`, namely `output/*/SHA256SUMS.part`, in order to perform a signature (you may need to specify an `$OUTDIR_BASE` env var)
  4. An `all.SHA256SUMS` file should be usable as the base `SHA256SUMS` in bitcoin core torrents and on the release server.

  For those who sign on an separate machine than the one you do builds on, the following steps will work:
  1. `env GUIX_SIGS_REPO=/home/achow101/guix.sigs SIGNER=achow101 NO_SIGN=1 ./contrib/guix/guix-attest`
  2. Copy `/home/achow101/guix.sigs/<tag>/achow101` (which does not yet have signatures) to signing machine
  3. Sign the `SHA256SUMS` files:
      ```bash
      for i in "<path-to-achow101>/*.SHA256SUMS"; do
          gpg --detach-sign --local-user "<your-key-here>" --armor --output "$i"{.asc,}
      done
      ```
  5. Upload `<path-to-achow101>` (now with signatures) to `guix.sigs`

  -----

  After this change, output directories will now include a `SHA256SUMS.part` fragment, created immediately after a successful build:
  ```
  output
  └── x86_64-w64-mingw32
      ├── bitcoin-4e069f7589da-win64-debug.zip
      ├── bitcoin-4e069f7589da-win64-setup-unsigned.exe
      ├── bitcoin-4e069f7589da-win64.zip
      ├── bitcoin-4e069f7589da-win-unsigned.tar.gz
      └── SHA256SUMS.part
  ```

  These `SHA256SUMS.part` fragments look something like:
  ```
  3ebd7262b1a0a5bb757fef1f70e7e14033c70f98c059bc4dbfee5d1992b25825  dist-archive/bitcoin-4e069f7589da.tar.gz
  def2e7d3de5ab3e3f955344e75151df4f33713f9101f5295bd13c9375bdf633b  x86_64-w64-mingw32/bitcoin-4e069f7589da-win64-debug.zip
  643049fe3ee4a4e83a1739607e67b11b7c9b1a66208a6f35a9ff634ba795500e  x86_64-w64-mingw32/bitcoin-4e069f7589da-win64-setup-unsigned.exe
  a247a1ccec0ccc2e138c648284bd01f6a761f2d8d6d07d91b5b4a6670ec3f288  x86_64-w64-mingw32/bitcoin-4e069f7589da-win-unsigned.tar.gz
  fab76a836dcc592e39c04fd2396696633fb6eb56e39ecbf6c909bd173ed4280c  x86_64-w64-mingw32/bitcoin-4e069f7589da-win64.zip
  ```

  Meaning that they are valid `SHA256SUMS` files when `sha256sum --check`'d at the `guix-build-*/output` directory level

  When `guix-attest` is invoked, these `SHA256SUMS.part` files are combined and sorted (by `-k2`, `LC_ALL=C`) to create:

  1. `noncodesigned.SHA256SUMS` for a manifest of all non-codesigned outputs, and
  3. `all.SHA256SUMS` for a manifest of all outputs including non-codesigned outputs

  Then both files are signed, resulting in the following `guix.sigs` hierarchy:
  ```
  4e069f7589da/
  └── dongcarl
      ├── all.SHA256SUMS
      ├── all.SHA256SUMS.asc
      ├── noncodesigned.SHA256SUMS
      └── noncodesigned.SHA256SUMS.asc
  ```

ACKs for top commit:
  achow101:
    ACK e2c40a4ed5272d72fea997bd936fba28bb753226
  hebasto:
    ACK e2c40a4ed5272d72fea997bd936fba28bb753226, tested on Linux Mint 20.1 (x86_64) with and w/o `NO_SIGN=1`. Changes in `contrib/guix/libexec/codesign.sh` and `contrib/guix/guix-verify` are reviewed only.

Tree-SHA512: 618aacefb0eb6595735a9ab6a98ea6598fce65f9ccf33fa1e7ef93bf140c0f6cfc16e34870c6aa3e4777dd3f004b92a82a994141879870141742df948ec59c1f
2023-03-26 16:50:26 -05:00
fanquake
7297abfcaf Merge bitcoin/bitcoin#22190: Use latest signapple commit
683d197970a533690ca1bd4d06d021900e87cb8b Use latest signapple commit (Andrew Chow)

Pull request description:

  Update gitian and guix to use the same latest signapple commit.

  Also changed guix to use the actual repo. The changes from the fork were incorporated upstream.

ACKs for top commit:
  fanquake:
    ACK 683d197970a533690ca1bd4d06d021900e87cb8b - sanity checked that the updated package is built:

Tree-SHA512: a4981f8bbe33e6c5654632bc9b9f6f2f1e675741a19ac7296205e370f1e64a747101ecb632e0cc82a0134e4c2e9ce47b3f7b4d8c8f75f0f06dd069c078303759
2023-03-26 16:50:26 -05:00
fanquake
ff34f3e3b4 Merge bitcoin/bitcoin#22075: guix: Misc leftover usability improvements
108a6be92adc1e80839d90b552e72b8142140f6c guix: Check for disk space availability before building (Carl Dong)
d7dec89091ee4a456ff64ad7ce675ae6813668f1 guix: Remove dest if OUTDIR mv fails (Carl Dong)

Pull request description:

  There seems to be some corner cases that can be hit when guix scripts unexpectedly fail in the middle of operation, see: https://gnusha.org/bitcoin-builds/2021-05-24.log

  - Perform an early disk space check for `guix-build`
  - Overwrite existing output directory after a successful build (the existing one might be malformed), and cleanup output directory if the `mv` somehow fails

ACKs for top commit:
  laanwj:
    Tested ACK 108a6be92adc1e80839d90b552e72b8142140f6c
  achow101:
    ACK 108a6be92adc1e80839d90b552e72b8142140f6c

Tree-SHA512: cf6438317da40bf55714cd2d8cce859b3d435cc66cabefe8d4a53552d7880966acfe84ffe8fadf1c80e368ae6b037992258a6d409df85ffc6ce8bf780e98e2e5
2023-03-26 16:50:26 -05:00
fanquake
0cc419752b Merge bitcoin/bitcoin#21654: build, qt: Make Qt rcc output always deterministic
a58868d201cb6d263aa552815f7f86562c1ca9a5 build: Makes rcc output always deterministic (Hennadii Stepanov)

Pull request description:

  The Qt Resource Compiler ([rcc](https://doc.qt.io/qt-5/rcc.html)) has a command-line option `--format-version` which has the [default value](https://code.qt.io/cgit/qt/qtbase.git/tree/src/tools/rcc/main.cpp?h=5.12.10#n172) 2.

  The only difference from `--format-version 1` is adding a [last modified timestamp](https://code.qt.io/cgit/qt/qtbase.git/tree/src/tools/rcc/rcc.cpp?h=5.12.10#n207) to the output file ([credits](https://github.com/bitcoin/bitcoin/pull/21654#issuecomment-819198228) to **fanquake**). That, in turn, forces us to use `QT_RCC_SOURCE_DATE_OVERRIDE=1` to get deterministic builds (#13732).

  This change makes rcc output always deterministic by using `--format-version 1` option that makes usage of the
  `QT_RCC_SOURCE_DATE_OVERRIDE` needless.

  ---

  Also it improves interaction with ccache:

  On master (f6c44e999b7d1d9a0de5d678ac8f1679aa271f65):
  ```
  $ make && make clean && ccache --zero-stats && make && ccache --show-stats
  ...
  cache directory                     /home/hebasto/.ccache
  primary config                      /home/hebasto/.ccache/ccache.conf
  secondary config      (readonly)    /etc/ccache.conf
  stats updated                       Sun Apr 11 15:45:43 2021
  stats zeroed                        Sun Apr 11 15:45:05 2021
  cache hit (direct)                   638
  cache hit (preprocessed)               0
  cache miss                             1
  cache hit rate                     99.84 %
  called for link                       10
  cleanups performed                     0
  files in cache                     20023
  cache size                          13.2 GB
  max cache size                      15.0 GB
  ```

  The missed file is always `qt/libbitcoinqt_a-qrc_bitcoin_locale.o`.

  With this PR:
  ```
  $ make && make clean && ccache --zero-stats && make && ccache --show-stats
  ...
  cache directory                     /home/hebasto/.ccache
  primary config                      /home/hebasto/.ccache/ccache.conf
  secondary config      (readonly)    /etc/ccache.conf
  stats updated                       Sun Apr 11 15:28:46 2021
  stats zeroed                        Sun Apr 11 15:28:21 2021
  cache hit (direct)                   639
  cache hit (preprocessed)               0
  cache miss                             0
  cache hit rate                    100.00 %
  called for link                       10
  cleanups performed                     0
  files in cache                     20012
  cache size                          13.2 GB
  max cache size                      15.0 GB
  ```

ACKs for top commit:
  fanquake:
    ACK a58868d201cb6d263aa552815f7f86562c1ca9a5

Tree-SHA512: 52f4a3267f41883d13025c0de79b6da22e92d60c729e01b986935c6812bbfe7fadc40b742bd715bfdf09df94af6838d4fbbe8208c6123f366108e38c8e1121c5
2023-03-26 16:50:26 -05:00
W. J. van der Laan
033e30de8b Merge bitcoin/bitcoin#21239: guix: Add codesignature attachment support for osx+win
ee883201cf134952284632e9e9ae72bf1c8c792f guix: repro: Sort find output in libtool for gcc-8 (Carl Dong)
ee0a67c32a8861eab650bf8894af06807578eba0 codesigning: Use SHA256 as digest for osslsigncode (Windows) (Carl Dong)
38eb91eb0616ed6dbe34c23e11588d130fef07f8 guix: Add codesigning functionality (Carl Dong)
bac2690e6f683fcedb883fe1d32f3c33c628a141 guix: Package codesigning tools (Carl Dong)
0a2176d47767972e4cd5ed302c1dbeedece1708b guix: Reindent existing manifest.scm (Carl Dong)
c090a3e9238ba2df07875b4708e908d8dca4ed9b Makefile.am: use APP_DIST_DIR instead of hard-coding dist (Carl Dong)

Pull request description:

  This is the last PR before we reach feature-parity with the Gitian process!

  Note: I tried using the `Makefile` inside the distsrc to make the dmg instead of manually listing out the commands, but `make` seems to want to re-make a lot of other files which broke the dmg.

  The workflow looks something like this:
  1. `env [ FOO=bar... ] ./contrib/guix/guix-build` (add additional env vars as necessary)
  2. Codesigners only:
      1.  Copy `guix-build-<short-id>/output/x86_64-apple-darwin18/bitcoin-<short-id>-osx-unsigned.tar.gz` and `guix-build-<short-id>/output/x86_64-w64-mingw32/bitcoin-<short-id>-win-unsigned.tar.gz` to signing computer
      2. Codesign with `./detached-sig-create.sh` inside the tarball
      3. Upload contents of `signature-{osx,win}.tar.gz` to https://github.com/bitcoin-core/bitcoin-detached-sigs (as a new tag)
  3. Checkout new tag for `bitcoin-core/bitcoin-detached-sigs` with the detached signatures
  4. `env [ FOO=bar... ] DETACHED_SIGS_REPO=<path/to/bitcoin-detached-sigs> ./contrib/guix/guix-codesign` (modify env vars as necessary)
  5. Make sure `guix.sigs` is cloned and updated
  6. `env GUIX_SIGS_REPO=<path/to/guix.sigs> SIGNER=0x96AB007F1A7ED999=dongcarl ./contrib/guix/guix-attest` (modify env vars as necessary)
  7. Commit your new signatures and SHA256SUMS in `guix.sigs`
  8. Optionally, after there are multiple signatures in `guix.sigs`: `env GUIX_SIGS_REPO=<path/to/guix.sigs> ./contrib/guix/guix-verify`

ACKs for top commit:
  laanwj:
    Tested ACK ee883201cf134952284632e9e9ae72bf1c8c792f
  achow101:
    ACK ee883201cf134952284632e9e9ae72bf1c8c792f

Tree-SHA512: e812a07a5f19f900600c70cb9c717769ef544a6c0c12760b5558b76b6b37df863257f3dbf38b0757e6e06e334470267e94c9f2bdbc27409d6837b1a0bfc6acbc
2023-03-26 16:50:26 -05:00
W. J. van der Laan
f95b802504 Merge bitcoin/bitcoin#21462: guix: Add guix-{attest,verify} scripts
d420e5c1c015f58d07aca4d6a805086488f74d03 guix-attest: Avoid incomplete sigdirs with ERR traps (Carl Dong)
feda2c8e3180cb983c35976d4440cea23a155b7f guix: Skip attesting to dist-archive (Carl Dong)
d522d8006b891eccd7901faf391f9c041ddf8e38 guix: Attest to inputs in inputs.SHA256SUMS (Carl Dong)
f9e2960c018103be756a7f8a506816b49d662514 guix: Construct $OUTDIR in ${DISTSRC}/output (Carl Dong)
022abc85fc7e711a900fed8e5071919a151c0a63 guix: Minor quoting fix in libexec/build.sh (Carl Dong)
c83c4fa5b78aef33bba36b3a0d273422297bd630 guix-attest: Allow skipping GPG signing with NO_SIGN (Carl Dong)
0e1c2e448c25568f276e4f022128870c76ca216b guix-attest: Use ascii-armor signatures (Carl Dong)
b5fd89c4c89136007429688601ce4fa497f5f09e guix-attest: Only use cross-platform flags for find+xargs (Carl Dong)
5926432ba68ba154df6c8eaa74adb18cc0123167 guix: Add guix-verify script (Carl Dong)
30daf76a97c57a5f74c8dad1da282dcc0ff8b3fb guix: Add guix-attest script (Carl Dong)

Pull request description:

  Adds replacements for `gsign` and `gverify`.

  Personally I'm not a big fan of using the word "sign" as it's been used to refer to both codesigning and GPG signing.

ACKs for top commit:
  laanwj:
    Code review and tested ACK d420e5c1c015f58d07aca4d6a805086488f74d03

Tree-SHA512: 93d82d201f4596eaea0e3825aa55b013dfb91790e6ccee79893833d37921513d7b4e735f0641103e1e2ea8308abe4cb6218b73160924708802f2e0e3f7f6caf1
2023-03-26 16:50:26 -05:00
W. J. van der Laan
67efaa8808 Merge bitcoin/bitcoin#21799: guix: Use gcc-8 across the board
c90f6e51094a1ba4fb2aab35b78f23b6fda645d0 guix: Consistently use gcc-8 for $HOST (Carl Dong)

Pull request description:

  Only non-base commit is the last commit: b5abb07d0d

  Right now, here's what we use in Gitian:
  - Linux: Focal's [`g++-8-<arch>-linux-gnu`](https://packages.ubuntu.com/focal/g++-8-aarch64-linux-gnu) (`8.4.0-3ubuntu1cross1`)
  - MinGW-w64: Focal's [`g++-mingw-w64`](https://packages.ubuntu.com/focal/g++-mingw-w64) (`9.3.0-7ubuntu1+22~exp1ubuntu4`)

  In Guix right now we use `gcc-9` across the board.

  I think it makes more sense to use `gcc-8` across the board, as it doesn't suffer from the `memcmp` bug, and is what debian buster (stable) does, meaning it will be well tested ([`g++-mingw-w64`](https://packages.debian.org/buster/g++-mingw-w64), [`g++-aarch64-linux-gnu`](https://packages.debian.org/buster/g++-aarch64-linux-gnu)).

  We can accomplish this somewhat easily using Guix as we have tighter control over the toolchain (see: b5abb07d0d).

  Let me know your thoughts!

ACKs for top commit:
  MarcoFalke:
    Approach ACK c90f6e51094a1ba4fb2aab35b78f23b6fda645d0, haven't reviewed
  laanwj:
    Code review ACK c90f6e51094a1ba4fb2aab35b78f23b6fda645d0
  hebasto:
    ACK c90f6e51094a1ba4fb2aab35b78f23b6fda645d0, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: 3e5b9297305232273323aa745ec417ed1be2418ead0e432db7742f5d5f45efe6e4a2ed44328731512cff4bfde80e5f2dc350a131b8b8fb9207a2ef66bce27ed2
2023-03-26 16:50:26 -05:00
fanquake
7d78f06a92 partial Merge bitcoin/bitcoin#19817: build: macOS toolchain bump
a5550f877a2c46d01bb620ae051c0c8ed0fecd0b build: use -stdlib++-isystem with Clang 10 (fanquake)
51d9d1607f2e9d593693ca799393f068192e41aa guix: use Clang 10 for the macOS cross compile (fanquake)
b80a6af9e55325d444e117e85bbfc76d88d898a8 build: no longer patch threading out of ld64 (fanquake)
c29cba44b3706e0a2035e440e560f2d15d50433b build: Xcode 12.1, macOS SDK 10.15.6 (fanquake)
9ed2f19d385aa95f65807999bba2e18417b143dc build: native cctools 973.0.1, ld64 609 (fanquake)
f48f187cce7fa43646fb0d796c244e1515e763ec build: Clang 10.0.1 (Hennadii Stepanov)
9b193cd2a3ca20917611fbed56dfbcd8a39aeab8 build: libtapi 1100.0.11 (fanquake)

Pull request description:

  Bumps our macOS toolchain to be using the following:
  * Clang 10.0.1 (gitian) & Clang 10.0.0 (Guix)
  * ld64 609
  * libtapi 1100.0.11
  * cctools  973.0.1
  * Xcode 12.1
  * macOS SDK 10.15.6

  which are currently the most recent releases available as open source. See upstream [`cctools`](https://github.com/tpoechtrager/cctools-port/commits/973.0.1-ld64-609) and [`libtapi`](https://github.com/tpoechtrager/apple-libtapi/tree/1100.0.11).

  This should improve the possibility of Apple ARM cross-compilation in depends.

  This also removes our [patching out of pthreads usage](https://github.com/bitcoin/bitcoin/blob/master/depends/patches/native_cctools/ld64_disable_threading.patch) in `ld64`. There have been multiple changes since `ld64 450.3`, which have likely fixed the non-determinism we were working around. i.e from [InputFiles.cpp](https://opensource.apple.com/source/ld64/ld64-609/src/ld/InputFiles.cpp.auto.html):
  ```cpp
  // <rdar://problem/15002251> make implicit dylib order be deterministic by sorting by install_name
  std::sort(implicitDylibs.begin(), implicitDylibs.end(), DylibByInstallNameSorter());
  ```

  ```cpp
  // <rdar://problem/42675402> ld64 output is not deterministic due to dylib processing order
  std::sort(unprocessedDylibs.begin(), unprocessedDylibs.end(), [](const ld::dylib::File* lhs, const ld::dylib::File* rhs) {
  return strcmp(lhs->path(), rhs->path()) < 0;
  });
  ```

  Guix Build:
  ```bash
  find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
  f6c3817b8fe5f7370299d1ae2533e4a3acd313ba9f9aa8d423a8956117e52dd5  guix-build-a5550f877a2c/output/dist-archive/bitcoin-a5550f877a2c.tar.gz
  4954dcf563c2d496b8d9fecd48f8e3f7fba2f319ffa254a5bc8ee12cfee6acf0  guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx-unsigned.dmg
  8f6095b445c7f1a8e6accd86bb7f0696d5849402084927d2b726b7d557831c3a  guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx-unsigned.tar.gz
  cc40f25477b4defc1617ae694313d80f307ddf6742fe6cc85c6bc0e215ef8be0  guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx64.tar.gz
  ```

  Gitian Build:
  ```bash
  Generating report
  506a8abdefe559999b43dd9f14905b9b2b5a3363b1cd013d45ae47acc1f7ef6c  bitcoin-a5550f877a2c-osx-unsigned.dmg
  f606997f74026dd12d110d683c6f116b40df324836904ef507dd7ac787e6ebe2  bitcoin-a5550f877a2c-osx-unsigned.tar.gz
  5b495ef15f2c3260c2950921b61326912a9bf533cccd51e13818809fd225489e  bitcoin-a5550f877a2c-osx64.tar.gz
  f6c3817b8fe5f7370299d1ae2533e4a3acd313ba9f9aa8d423a8956117e52dd5  src/bitcoin-a5550f877a2c.tar.gz
  9eb0221e962d2839770963bd03c6c9e98e8bf3078566bee2ae42f06233a710fa  bitcoin-core-osx-22-res.yml
  Done.
  ```

ACKs for top commit:
  hebasto:
    ACK a5550f877a2c46d01bb620ae051c0c8ed0fecd0b

Tree-SHA512: 504c4b0f9cd3b939714a322298320c5bde07e9356a48a9a000060b36f8dce4d6134ed60c3a5188810476a28ec5b108733eabbc6fb8053231b9ea8a494cc91b12
2023-03-26 16:50:26 -05:00
fanquake
c62a180d2d Merge #21655: build, qt: No longer need to set QT_RCC_TEST=1 for determinism
c799a19b4bb8d0cc5ffd9b49746b5b267745c9b5 build, qt: No longer need to set QT_RCC_TEST=1 for determinism (Hennadii Stepanov)

Pull request description:

  The Qt Resource Compiler (rcc) output order relies on [`QHash`](https://doc.qt.io/qt-5/qhash.html):
  > This randomization of `QHash` is enabled by default. Even though programs should never depend on a particular `QHash` ordering, there may be situations where you temporarily need deterministic behavior, for example for debugging or regression testing. To disable the randomization, define the environment variable `QT_HASH_SEED` to have the value 0.

  Since #3620 we use `QT_RCC_TEST=1` to achieve a deterministic output.

  Since Qt 5.3.1 hash seeding is disabled for all of the bootstrapped tools, including rcc. Therefore, `QT_RCC_TEST=1` is no longer needed.
  See commit [5283a6c87beac5a43f612786fefd6e43f2c70bf6](5283a6c87b).

ACKs for top commit:
  fanquake:
    ACK c799a19b4bb8d0cc5ffd9b49746b5b267745c9b5

Tree-SHA512: 9d116ac1e8c605ee3e8ed7f618586f0de85d8b06bbbb70fe8c298939ce203d2a7e97264a9afac037179993ab54c5f69a65ebb9ab27ca7f45acb963011bd45743
2023-03-26 16:50:26 -05:00
fanquake
6c46d02157 Merge #21672: doc: remove boostrap info from GUIX_COMMON_FLAGS doc
09b3e468480538977d2844ba083c66197c9d1d08 doc: remove boostrap info from GUIX_COMMON_FLAGS doc (fanquake)

Pull request description:

  Passing `ADDITIONAL_GUIX_COMMON_FLAGS="--no-substitutes --bootstrap"` as suggested doesn't work:
  ```bash
        ...outputting in: '/bitcoin/guix-build-a1f0b8b62eb8/output/x86_64-linux-gnu'
            ...bind-mounted in container to: '/outdir-base/x86_64-linux-gnu'
  guix time-machine: error: bootstrap: unrecognized option
  ```

  and I think bootstrapping is more than covered in the preceding "Choose your security model" section.

ACKs for top commit:
  dongcarl:
    ACK 09b3e468480538977d2844ba083c66197c9d1d08
  jarolrod:
    ACK 09b3e468480538977d2844ba083c66197c9d1d08
  laanwj:
    Documentation review ACK 09b3e468480538977d2844ba083c66197c9d1d08

Tree-SHA512: e533a0b925a2ec091884ec04313f56376b4e85f615c8853dd51840181493d61bd01fee1c019e34880c32d7896e4871ea77e63398ba02b022f614c03bb16531aa
2023-03-26 16:50:26 -05:00
fanquake
70154718f6 Merge #21661: doc: Fix name of script guix-build
08151e19d97f0407e99826007df3ba5b257129b4 doc: Fix name of script guix-build (Stephan Oeste)

Pull request description:

ACKs for top commit:
  hebasto:
    ACK 08151e19d97f0407e99826007df3ba5b257129b4
  jarolrod:
    ACK 08151e19d97f0407e99826007df3ba5b257129b4

Tree-SHA512: 50e52f91b489db6616b5c9a993474bc1b8c196c3cac4fd5ded7c8fece5a7d72f85d9f566ee6a3df56a132a22a91dd72801ce849ec5e430a7850ff05abcab6b37
2023-03-26 16:50:26 -05:00
W. J. van der Laan
0d5bc0b0f5 Merge #21304: guix: Add guix-clean script + establish gc-root for container profiles
867a5e172a23899a4a70eca4a396c64f1951745e guix: Register garbage collector root for containers (Carl Dong)
8f8b96fb542701b7717683caa3848390b24f77ab guix: Update hint messages to mention guix-clean (Carl Dong)
44f6d4f56b16e1dc5e8a23318b8e7aad0665f178 guix: Record precious directories and add guix-clean (Carl Dong)
84912d4b24382ae022da3a863bd6caa2b8948d94 build: Remove spaces from variable-printing rules (Carl Dong)

Pull request description:

  ```
  guix: Record precious directories and add guix-clean

  Many users have reported problems that stem from having an unclean
  working tree. To that end, I've written a guix-clean script which should
  help reset the working tree while respecting user-specified precious
  directories.

  Precious directories, such as:

  - SOURCES_PATH
  - BASE_CACHE
  - SDK_PATH
  - OUTDIR

  Should be preserved when cleaning the working tree, and are thus
  recorded in ./contrib/guix/var/precious_dirs.

  The ./contrib/guix/guix-clean script is able to parse that file and make
  sure to avoid them when cleaning out the working tree.
  ```

ACKs for top commit:
  laanwj:
    ACK 867a5e172a23899a4a70eca4a396c64f1951745e

Tree-SHA512: c498fad781ff5e6406639df2b91b687fc528273fdf266bcdba8f6eec3b3b37ecce544b6da0252f0b9c6717f9d88e844e4c7b72d1877bdbabfc6871ddd0172af5
2023-03-26 16:50:26 -05:00
fanquake
27032ca6be partial Merge #21626: doc: Fix typos from codespell
94c7dd9ac810a60f9c818c494273ad798cbac34b doc: Fix typos from codespell lint (Yerzhan Mazhkenov)

Pull request description:

  Typos from codespell linter: https://cirrus-ci.com/task/6677401661865984?logs=lint#L856
  - txrequest.cpp: `annoucements` ==> `announcements`
  - contrib/guix/README.md:298: `stil` ==> `still`
  - contrib/guix/guix-build:18: `invokable` ==> `invocable`
  - contrib/guix/libexec/prelude.bash:12: `invokable` ==> `invocable`
  - src/test/fuzz/tx_pool.cpp:37: `acess` ==> `access`
  - src/txorphanage.h:29: `orginating` ==> `originating`

ACKs for top commit:
  practicalswift:
    cr ACK 94c7dd9ac810a60f9c818c494273ad798cbac34b: thnaks fro fiixng tpyos!
  jarolrod:
    ACK 94c7dd9ac810a60f9c818c494273ad798cbac34b

Tree-SHA512: e0fac462a2f9e68b6a161c9f5d95b4d0648ce5c618fd7cd243d57db8f0256138b8823b166ea406b21e95586eae43047df1ef0df04616858082a39c1d1eb13a86
2023-03-26 16:50:26 -05:00
fanquake
e5f4614404 Merge #21611: Fix a typo in guix-build output
5c09bcadc4563abd2009e58e5528b130c6375565 Fix a typo in guix-build output (Pieter Wuille)

Pull request description:

  This was overlooked in #21375.

ACKs for top commit:
  fanquake:
    ACK 5c09bcadc4563abd2009e58e5528b130c6375565

Tree-SHA512: 81d8ad4061abb17d5f16ae72ab0c88df76d5a2f100cb9f471ca700d2e87583103036367ea1958a1066f9613f63908d1b2b35734a7eb77ec9850d4c8b079732e1
2023-03-26 16:50:26 -05:00
W. J. van der Laan
dfd1045284 Merge #21375: guix: Misc feedback-based fixes + hier restructuring
7476b46f1893a4858616d2a8456a7c43238851ed guix: Build dmg as a static binary (Carl Dong)
06d6cf6784421290e6235fe8684d5e08ed6f1b62 depends: libdmg-hfsplus: Skip CMake RPATH patching (Carl Dong)
65176ab5730dff34466caaecdd292625ef8294fc guix: Remove codesign_allocate+pagestuff from unsigned tarball (Carl Dong)
ca85679eb43b8375a95d82101977829d08fb1e1b guix: Use clang-toolchain instead of clang (Carl Dong)
1aec0eda8fd31a57b0621eea616398017c2ead98 guix: Fallback to local build for substitute-enabled Guix users (Carl Dong)
1742f8e12d163852df09575e03edcd3db73198ee guix: Add early health check for guix-daemon (Carl Dong)
c1ae726a13ecfa5e7e9fdc3030a8110b8bb263f8 guix: More thoroughly control native toolchain (Carl Dong)
39741128d3775d198dbee34dc827353bfd18acd8 guix: Supply --link-profile (Carl Dong)
d55a1056ee565afed64e42d6f6efb6b0adc5599b guix: Add troubleshooting documentation entries (Carl Dong)
7f401c953f8bb3574cec48561e13ef3b47dedc6e guix: Adapt guix-build to prelude, restructure hier (Carl Dong)
4eccf063b252bfe256cf72d363a24cf0183e926e guix: Remove guix-build.sh filename extension (Carl Dong)
7753357a7bae98ec775c707b9dec4cea1e945802 guix: Add source-able bash prelude and utils (Carl Dong)
e5b49a01f5d0f631e7f08f86ca8a2c2b8213319f guix: Create windeploy inside distsrc-* (Carl Dong)
3e9982ab3877eb8fe0a8c0cb3d847ac0913c7336 contrib: Silence git-describe when looking for tag (Carl Dong)
d5a71e97853ea9e1b879e8c76bfb01d4bef33172 guix: Use --cores instead of --max-jobs (Carl Dong)

Pull request description:

  This PR addresses a few hiccups encountered by the brave souls who've been experimenting with the Guix scripts:
  - Resolves confusion between `--cores=` and `--max-jobs=`
    - `guix`'s `--cores=` actually corresponds to make's `--jobs=`, so let's just control `--cores=` with our overridable env var
  - `git-describe` will scream `fatal: no tag exactly matches '<hash>'` when looking for a tag, but we don't care, so silence that
  - `windeploy/unsigned` should be inside `distsrc-*` and created idempotently (sorry I know this one annoyed people)
  - Add troubleshooting documentation to `README.md`
  - Add early health check for `guix-daemon` in case user forgot to start a `guix-daemon`
  - Depending on configuration, a `--fallback` flag may be needed to tell Guix to not fail if substitutes fail but fallback to building locally
  - `codesign_allocate` and `pagestuff` are now unnecessary for codesigning as we're now using `signapple`

  A few robustness changes are also included:
  - We supply the `--link-profile` flag, as some Guix packages may expect the profile to be available under `$HOME/.guix-profile`
  - We now clear and manually set all toolchain-related env vars (e.g. `C*_INCLUDE_PATH`) ourselves, after patching a Qt::moc bug
  - We use the native `clang-toolchain` package for darwin builds instead of `clang`, lining up with all our other toolchain packages.

  Finally, we restructure the guix building hierarchy such that it looks something like:
  ```
  guix-build-<short-hash-or-version-tag>
  ├── distsrc-<short-hash-or-version-tag>-${HOST}
  │   ├── contrib
  │   ├── depends
  │   ├── src
  │   └── ...
  ├── distsrc-<short-hash-or-version-tag>-...
  └── output
      ├── dist-archive
      │   └── bitcoin-<short-hash-or-version-tag>.tar.gz
      ├── *-linux-*
      │   ├── bitcoin-<short-hash-or-version-tag>-*-linux-*-debug.tar.gz
      │   └── bitcoin-<short-hash-or-version-tag>-*-linux-*.tar.gz
      ├── x86_64-apple-darwin18
      │   ├── bitcoin-<short-hash-or-version-tag>-osx64.tar.gz
      │   ├── bitcoin-<short-hash-or-version-tag>-osx-unsigned.dmg
      │   └── bitcoin-<short-hash-or-version-tag>-osx-unsigned.tar.gz
      └── x86_64-w64-mingw32
          ├── bitcoin-<short-hash-or-version-tag>-win64-debug.zip
          ├── bitcoin-<short-hash-or-version-tag>-win64-setup-unsigned.exe
          ├── bitcoin-<short-hash-or-version-tag>-win64.zip
          └── bitcoin-<short-hash-or-version-tag>-win-unsigned.tar.gz
  ```
  Separating guix builds by their version identifier (basically namespacing them) allows us to change the layout in the future without worry about potential naming conflicts.

ACKs for top commit:
  sipa:
    ACK 7476b46f1893a4858616d2a8456a7c43238851ed
  laanwj:
    ACK 7476b46f1893a4858616d2a8456a7c43238851ed

Tree-SHA512: 0e899aa941aafdf552b2a7e8a08131ee9283180bbef7334439e2461a02aa7235ab7b9ca9c149b80fc5d0a9f4bbd35bc80fcee26197c0836ba8eaf2d86ffa0386
2023-03-26 16:50:26 -05:00
Wladimir J. van der Laan
5fda1ea15a Merge #21337: guix: Update darwin native packages dependencies
c967fb7fb97a86fc434912d0fff621f9f50dfe80 guix: Remove libcap from manifest (Hennadii Stepanov)
7bbb409314c63750a9731dedaaf6dd6ecd17d988 guix: Update darwin native packages dependencies (Hennadii Stepanov)

Pull request description:

  It is a #20470 follow up.

ACKs for top commit:
  fanquake:
    ACK c967fb7fb97a86fc434912d0fff621f9f50dfe80

Tree-SHA512: 66ce05770f578ba61a44c58747c5a2669f425a989ed987838058bd86e3b49e342ac5a4f8852fc49f2b3a86b58fb6a340fdf3e34c1fc19bdab910729febba4bc7
2023-03-26 16:50:26 -05:00
fanquake
2c4bf310df partial Merge #21325: lint: Fix spelling errors in comments
fbbb2d4fc13971c98c83a51635166ac532e71a32 lint: Fix spelling errors in comments (fyquah)

Pull request description:

  Found some spelling errors while running spelling linter  https://github.com/bitcoin/bitcoin/pull/21245

  This PR fixes them.

ACKs for top commit:
  fanquake:
    ACK fbbb2d4fc13971c98c83a51635166ac532e71a32 - I thought we just fixed all of these.

Tree-SHA512: 95525040001f94e899b778c616cb66ebafb679dff88835b66fccf6349d8eb942d6b7374c536a44e393f13156bce9a32ed57e6a82bb02074d2b3cddb2696addb2
2023-03-26 16:50:26 -05:00
fanquake
af614fece0 Merge #21298: guix: Bump time-machine, glibc, and linux-headers
c33b199456e57d83c21eacd36d3c56d0a123b0d0 guix: Bump glibc and linux-headers (Carl Dong)
65363a1bd8b886f5aef5fbc97ca88c9c9b243b21 guix: Rebase on 95aca2991b (1.2.0-12.dffc918) (Carl Dong)

Pull request description:

  On bumping the time-machine:

  ```
  A few changes which are useful for us:

  1. 'gnu: cross-gcc-arguments: Enable 128 bit long double for POWER9.' is
     now merged into master.
  2. gnutls is bumped to 3.6.15 and the temporal test failure in
     status-request-revoked is fixed. Note that this does not fix the case
     where one has installed Guix v1.2.0 and is running a substitute-less
     bootstrap build, since the `guix time-machine` command itself has a
     dependency on gnutls v3.6.12 (the one with the broken test) and will
     thus try to build it before attempting to jump forwards in time. This
     does however, mean that those who build a version of Guix that also
     contains this fix will not go backwards in time to build the broken
     gnutls v3.6.12.
  ```

  On bumping the rest:

  ```
  Bump glibc and linux-headers to match those of our Gitian counterparts.

  We also require a glibc >= 2.28 for the test-symbol-check scripts to
  work properly.

  The default BASE-GCC-FOR-LIBC also has to be bumped since glibc 2.31
  requires a gcc >= 6.2
  ```

  This is a prerequisite for #20980

ACKs for top commit:
  fanquake:
    ACK c33b199456e57d83c21eacd36d3c56d0a123b0d0 - I think going ahead with this now and to sycn back up to gitian is fine. It will also unblock #20980. Potential code signing related issues can be sorted out in #21239 and later PRs.

Tree-SHA512: 31f022aadb93ba44813b0da005b1f2e5d67d76e8cdcdb53368924d1ea6cb076a21218c26831a6b0dcdcfe33507f54934330489ba557371d740f5587b7d727b95
2023-03-26 16:50:26 -05:00
fanquake
86a6cf3005 Merge #21323: guix, doc: Update default HOSTS value
a0a7a4337d06553ab625bbd66ed4198c4bf7f18c guix, doc: Update default HOSTS value (Hennadii Stepanov)

Pull request description:

  This is a #21089 follow up.

ACKs for top commit:
  fanquake:
    ACK a0a7a4337d06553ab625bbd66ed4198c4bf7f18c

Tree-SHA512: c1813cc2b9212a79fd34d4e25cd0816b58264e1890daf777cd59411bd20fcc9affe312871d06fab1308b8f55c1a78ac1101e631882c18360a4709ecef4529f05
2023-03-26 16:50:26 -05:00
Wladimir J. van der Laan
42f4e752dd Merge #21321: guix: Add curl to required tool list
97f10621f4b76fbfcc0849b10d5edb4d6898ec5e guix: Add curl to required tool list (Hennadii Stepanov)

Pull request description:

  On Ubuntu Hirsute (minimum installation) with the system `guix` package:
  ```
  $ HOSTS=x86_64-linux-gnu ./contrib/guix/guix-build.sh
  make: Entering directory '/home/hebasto/bitcoin/depends'
  make[1]: Entering directory '/home/hebasto/bitcoin/depends'
  Checksum missing or mismatched for boost source. Forcing re-download.
  Fetching boost_1_71_0.tar.bz2 from https://dl.bintray.com/boostorg/release/1.71.0/source/
  /bin/sh: 1: curl: not found
  Fetching boost_1_71_0.tar.bz2 from https://bitcoincore.org/depends-sources
  /bin/sh: 1: curl: not found
  make[1]: *** [funcs.mk:276: /home/hebasto/bitcoin/depends/sources/download-stamps/.stamp_fetched-boost-boost_1_71_0.tar.bz2.hash] Error 127
  make[1]: Leaving directory '/home/hebasto/bitcoin/depends'
  make: *** [Makefile:281: download-linux] Error 2
  make: Leaving directory '/home/hebasto/bitcoin/depends'
  ```

  This PR fixes that issue.

ACKs for top commit:
  laanwj:
    ACK 97f10621f4b76fbfcc0849b10d5edb4d6898ec5e
  jonasschnelli:
    utACK 97f10621f4b76fbfcc0849b10d5edb4d6898ec5e

Tree-SHA512: b9e1ba966782b13e25c85d4a9cfd381bcda190244cb9821ae1a72fd51f82f23ed5e98d9a02384619e3299feb7a34e1da8b9190081a6005221f47f93ae18f3c0b
2023-03-26 16:50:26 -05:00
Wladimir J. van der Laan
a305fc4c51 Merge #21272: guix: Passthrough SDK_PATH into container
13a9fd11a507fd3398bc2c0a0575bdc81579243f guix: Passthrough SDK_PATH into container (Carl Dong)

Pull request description:

  This is a usability improvement for Guix builders so that they don't have to extract the Xcode tarball into `depends/SDKs` every time.

  Inspiration: https://github.com/bitcoin/bitcoin/pull/21089#issuecomment-778639698

ACKs for top commit:
  laanwj:
    Tested ACK 13a9fd11a507fd3398bc2c0a0575bdc81579243f

Tree-SHA512: 63392d537e48a0da9f0ee04a929613b139bef1ac5643187871c9ea5376afd2a3d95df0f5e0950ae0eccd2813b166667be98401e5a248ae9c187fe4e84e54d427
2023-03-26 16:50:26 -05:00
fanquake
0b78348aa1 Merge #21271: guix: Explicitly set umask in build container
d98f4593cf00ab2973f8113e30506861b24383bc guix: Explicitly set umask in build container (Carl Dong)

Pull request description:

  Opened as a separate PR to fix non-reproducibility found through testing here: https://github.com/bitcoin/bitcoin/pull/21089#issuecomment-783549633

  Many thanks to everyone who helped find this!

ACKs for top commit:
  laanwj:
    ACK d98f4593cf00ab2973f8113e30506861b24383bc
  fanquake:
    ACK d98f4593cf00ab2973f8113e30506861b24383bc - I'm seeing matching hashes.

Tree-SHA512: ea339c3902f2f4dea32e8ef5cc675a1df0679530881260ae999aaaf7339d5b12c46e01e58677cbb079f33e573ad105e2b443a835f3e944ef8e943a25f83027f1
2023-03-26 16:50:26 -05:00
fanquake
12a586e35a Merge #21078: guix: only download sources for hosts being built
a6a1b106dcc4350e420c461171c47e4934087175 guix: only download sources for hosts being built (fanquake)

Pull request description:

  For example, if a user is only interested in building for Linux, this saves downloading the macOS compiler and additional dependencies, which is meaningful on a slow/poor connection. This will result in a few additional `make` invocations, for the Linux hosts, however this is low overhead, and time-wise irrelevant in terms of the overall build.

ACKs for top commit:
  laanwj:
    Code review ACK a6a1b106dcc4350e420c461171c47e4934087175

Tree-SHA512: 34c916ae6f69fed0d5845690b39111a8bee37208fd727176f375cf5eb4860f512abe12bde2680d697c859b4d50a3bc5688ddca7c2f28f9968fcf358753cf3f6d
2023-03-26 16:50:26 -05:00
fanquake
9c8f5f71dc partial Merge #21089: guix: Add support for powerpc64{,le}
95990b9f3278360b63e79d6975af4ab5009c66ba guix: Update conservative space requirements (Carl Dong)
5e6df1132656995ce5b9ce279d5a9808ea52ab32 guix: Add support for powerpc64{,le} (Carl Dong)

Pull request description:

  ```
  The new time-machine commit contains a few small changes that make the
  powerpc cross-toolchain work.
  ```

  See this compare to review my custom patches to Guix: 7d6bd44da5...6c9d16db96

ACKs for top commit:
  fanquake:
    ACK 95990b9f3278360b63e79d6975af4ab5009c66ba

Tree-SHA512: 464b0fb93d65962d8c27499293edb618d13d18f40d44e3eed96935e86d430666dfb1c5b8a30f99ffdfd17b44514ad88e358977390b689a2e3831d521f6f7b86a
2023-03-26 16:50:26 -05:00
Wladimir J. van der Laan
cd0d7d2991 Merge #21088: guix: Jump forwards in time-machine and adapt
d02076b8852d8faae95cee6e3de434460c07412a guix: Jump forwards in time-machine and adapt (Carl Dong)
f8ca8c5c28d3050b780e67d47a50ac65fc2dc3ad guix: Supply --keep-failed for debugging (Carl Dong)

Pull request description:

  ```
  The new time-machine commit is Guix v1.2.0 with a yet-unupstreamed patch
  for NSIS.

  A few important changes:

  1. Guix switched back from using CPATH to C{,PLUS}_INCLUDE_PATH as the
     way to indicate #include search paths.
  2. GCC's library is now split into a separate output, whereas before it
     was included in the default output. This means that our gcc toolchain
     packages need to propagate that output.
  3. A few package versions were bumped
  ```

  See this compare to review my custom patches to Guix: https://github.com/dongcarl/guix/compare/version-1.2.0...7d6bd44da57926e0d4af25eba723a61c82beef98

ACKs for top commit:
  laanwj:
    ACK d02076b8852d8faae95cee6e3de434460c07412a

Tree-SHA512: 896d5bf1b6e5fda2f0106013c568c119bbbb86cb31a8c0a22432bada9b7da51678b96374bf8fd7c15353698ba47ac9dd39874d40c39001281471db7c78bf1705
2023-03-26 16:50:26 -05:00
fanquake
2f3b44289c Merge #21087: guix: Passthrough BASE_CACHE into container
901f54321b386258a1682423160bfdfa35ea4c39 guix: Passthrough BASE_CACHE into container (Carl Dong)

Pull request description:

  This allows depends-built packages to be cached.

ACKs for top commit:
  MarcoFalke:
    Approach ACK 901f54321b386258a1682423160bfdfa35ea4c39
  fanquake:
    ACK 901f54321b386258a1682423160bfdfa35ea4c39

Tree-SHA512: 464815f41fc081d7956bec84380668834b6ee6751c7a3d56daad6e1fc91e582de4bbdd1a89f399b1136f2adc4d9941517cfe4db694f0ee5bf59bf2f44fc6fda0
2023-03-26 16:50:26 -05:00
Wladimir J. van der Laan
0cce5d13b6 Merge #21163: doc: Guix is shipped in Debian and Ubuntu
fa051c23860bcdcc871db5ad6b51b8d9ca88da35 doc: Guix is shipped in Debian and Ubuntu (MarcoFalke)

Pull request description:

ACKs for top commit:
  practicalswift:
    ACK fa051c23860bcdcc871db5ad6b51b8d9ca88da35 🚀

Tree-SHA512: f72f546cfc20cf1cc0c26c2306ac06416ada87661596fe811b497cce646aa286dc4aee832145bf838b13fbd3c5f064519eb8c0b4525eb562f2f04f20e2876ffc
2023-03-26 16:50:26 -05:00
fanquake
89ff5e3ef8 Merge #21116: build: Disable --disable-fuzz-binary for gitian/guix builds
cb151b797aeabb376d37ef058aee34c06d36d487 build: Disable --disable-fuzz-binary for guix builds (Hennadii Stepanov)
fd7caae35fd3f83175247a79f7573e374779a851 build: Disable --disable-fuzz-binary for gitian builds (Hennadii Stepanov)

Pull request description:

  Fuzz binary is not shipped to users.
  This PR saves hundreds MB of the disk space for containers.

ACKs for top commit:
  MarcoFalke:
    review ACK cb151b797aeabb376d37ef058aee34c06d36d487
  fanquake:
    ACK cb151b797aeabb376d37ef058aee34c06d36d487

Tree-SHA512: 858e3816576c307b47915bb05de79a28029beaef8835c01f1bd6a764a0cf7f7f63ef8c2dc2c5944cb36cc9f4788d9b0590b8a5dda96940167252ba371cdbd078
2023-03-26 16:50:26 -05:00
fanquake
a6e7dda55b Merge #17920: guix: Build support for macOS
f1694757ddbcb3635213b085e864851e285c8c12 guix: Fix typo (Carl Dong)
771c4b98a8693eee642f2b118b3193fe6e022291 guix: README: Add darwin HOSTS entry (Carl Dong)
8dbf18cb1d3260d34ba822ceb12e67b1f124ea13 guix: Check for macOS SDK before building anything (Carl Dong)
34b23f597ec52efb795d72e9e5620712d0010edd guix: Set ZERO_AR_DATE for darwin build determinism (Carl Dong)
f3835dc6a3732dcd4afbb5987f84dc27f2bf55af build: Make xorrisofs reproducible with -volume_date (Carl Dong)
c9eb4cf3a0f81bfd72f06fd43b5610f0a4f5e804 guix: Add support for darwin builds (Carl Dong)
37fe73a092b08fe9d7ce636a1021429de6cda757 build: Add var printing target to src/Makefile.am (Carl Dong)

Pull request description:

  This PR brings our Guix builds on par with Gitian in terms of supported architectures.

  Reviewers: if you run a build, please submit:

  ```
  find output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
  ```

  So that we can compare hashes and ensure reproducibility!

ACKs for top commit:
  fanquake:
    ACK f1694757ddbcb3635213b085e864851e285c8c12 - I think we can make some small usability improvements, but this is ok to merge now.

Tree-SHA512: 4af2b71654a9736467dcc681d10601c6eee37800d7847011a50585455b67b55d61742ca5604585f310a2fd75335b674e5e27dfb5169cb2f26e112aa4c411d8be
2023-03-26 16:50:26 -05:00
fanquake
1c79710e65 Merge #20937: guix: Make nsis reproducible by respecting SOURCE-DATE-EPOCH
1fca9811e1331ac5dae8188f6178cc37da4929a7 lint: Skip whitespace lint for guix patches (Carl Dong)
a91c46c57d88fc399432afab7bb0fb14c3e490a7 guix: Make nsis reproducible by respecting SOURCE-DATE-EPOCH (Carl Dong)

Pull request description:

  ```
  When building nsis, if VERSION is not specified, it defaults to
  cvs_version which is non-deterministic as it includes the current date.

  This patches nsis to default to SOURCE_DATE_EPOCH if it exists so that
  nsis is reproducible.

  Upstream change: https://github.com/kichik/nsis/pull/13
  ```

  Sidenote: also a good demonstration of how Guix allows us to flexibly patch our tools!

  Note to reviewers: if you want to compare hashes, please build after Jan 16th 2021 without my substitute server enabled!

ACKs for top commit:
  fanquake:
    ACK 1fca9811e1331ac5dae8188f6178cc37da4929a7

Tree-SHA512: b800e0ce5f73827ad353739effb9167ec3a6bdb362c725ae20dd3f025ce78660f85c70ce1d75cd0896facf1e8fe38a9e058459ed13dec71ab3a2fe41e20eaa5d
2023-03-26 16:50:26 -05:00
fanquake
d4d19b539b Merge #20619: guix: Quality of life improvements
570e43fe72e13e0a82e25f7145704f62b2c2cc52 guix: Print build params inside/outside of container (Carl Dong)
2f9d1fdde66f4713351905ec73487e5288d20f8f guix: Move DISTSRC determination to guix-build.sh (Carl Dong)
0b7cd07bb56baa112ffa596fb23a905871031a36 guix: Move OUTDIR determination+creation to guix-build.sh (Carl Dong)
d27ff8b86aa66acec63b5713912bd4ad9470e66f guix: Add more sanity checks to guix-build.sh (Carl Dong)
57f95331464f097261c63fd1b6040536c58a03fa guix: Add section headings to guix-build.sh (Carl Dong)
38b7b2ed72b1f0f57bd9800c7fbb7b7c98a20ed0 genbuild: Specify rev-parse length (Carl Dong)
036dc740da3239cdcc13e0f299ab95b456f7118b docs: Point to contrib/guix/README.md in doc/guix.md (Carl Dong)
34f0fda2d31d2ada632ca1165b82aebdfd342efe guix: Small updates to README wording (Carl Dong)
402e3a5b1ed9de7057ce9955ea792ad1c2b9f2b5 guix: Update HOSTS README entry for new architectures (Carl Dong)
cfa7ceb21b14d1fa24c2541bf242a0ed539b9e1b guix: Remove README development environment section (Carl Dong)
93b6a8544a03d13733ca2ef769f76df587ad86c8 guix: Add ADDITIONAL_GUIX_{COMMON,TIMEMACHINE}_FLAGS options (Carl Dong)
0f31e24703e25698d2d41fb54e30ec75a4a80943 guix: Add SUBSTITUTE_URLS option (Carl Dong)
444fcfca907d46cfeb52001599966cce25bdf54e guix: Make guix honor MAX_JOBS setting (Carl Dong)

Pull request description:

  After live-demo-ing a Guix build (which completed successfully!) on achow101's stream, I realized there were a few quality of life improvements which can be made to improve the user experience of our Guix build process. Here are a few of them.

  Notable changes:
  1. When `MAX_JOBS` is specified, both `guix time-machine` and `guix environment` will now build up to `MAX_JOBS` packages at a time when creating the build environment
  2. The instructions for using substitutes were incorrect, and has now been replaced with a `SUBSTITUTE_URLS` environment variable, which works well with shell's IFS splitting rules
  3. New `ADDITIONAL_GUIX_{COMMON,TIMEMACHINE}_FLAGS` options, for more granular customization of the build process.
  4. README cleanup

ACKs for top commit:
  fanquake:
    ACK 570e43fe72e13e0a82e25f7145704f62b2c2cc52 - lets move this forward.

Tree-SHA512: 4e8ab560522ade5efb5e8736aec0fb1a3f19ae9deb586c1ab87020816876f3f466a950b3f8c04d9fa1d072ae5ee780038c5c9063577049bdd9db17978e11c328
2023-03-26 16:50:26 -05:00
Wladimir J. van der Laan
de430e69aa Merge #20318: build: Ensure source tarball has leading directory name
faa2f06f5eaf8578873495f44603ee74d7a1abf4 scripted-diff: [build] Ensure source tarball has leading directory name (MarcoFalke)

Pull request description:

  This has been fixed in 0.20, so it needs to be fixed on master as well to avoid a regression

  #18945

ACKs for top commit:
  laanwj:
    ACK faa2f06f5eaf8578873495f44603ee74d7a1abf4
  hebasto:
    ACK faa2f06f5eaf8578873495f44603ee74d7a1abf4, tested gitian builds only.
  promag:
    ACK faa2f06f5eaf8578873495f44603ee74d7a1abf4.

Tree-SHA512: e3b025c29c45b025002abc35262bb5d771f6cbd807f1c256c477c243685e93cd43ad9f642b38e3cf218590912abe6ea0ddfec3bfbef36f99080aad74ed6cc0af
2023-03-26 16:50:26 -05:00
fanquake
a3ceaea97e Merge #18958: guix: Make V=1 more powerful for debugging
f852761aec81ed23c7b9e4546c08d1ef303f2507 guix: Add clarifying documentation for V env var (Carl Dong)
85f4a4b0822e3aa10310c4623eff719f301e9263 guix: Make V=1 more powerful for debugging (Carl Dong)

Pull request description:

  ```
  - Print commands in both unexpanded and expanded forms
  - Set VERBOSE=1 for CMake
  ```

  Ping MarcoFalke hopefully you use `V=1` already for the Guix builds on DrahtBot?

ACKs for top commit:
  fanquake:
    ACK f852761aec81ed23c7b9e4546c08d1ef303f2507. Ran a Windows Guix build and compared the output from master and this PR when using `V=1`. i.e `HOSTS=x86_64-w64-mingw32 PATH="/root/.config/guix/current/bin${PATH:+:}$PATH" V=1 ./contrib/guix/guix-build.sh`.

Tree-SHA512: 8bc466fa7b869618bbd5a0a91c6b23d4785009289f8dfb93b0349317463a9ab9ece128c72436e02a0819722a63e703100aed15807867a716fda891292fcb9d9d
2023-03-26 16:50:26 -05:00
PastaPastaPasta
bc20ef6bf5
ci: resolve gitian automation failures on dashevo repo (#5267)
## Issue being fixed or feature implemented
Automation in private dashevo GitHub was failing due to the branch
trying to be built not having the automation be the newer tagged based
system. as such, if you simply tag a commit from the dashpay repo and
try to build it using automation, the build would fail. This should
resolve the issue. Recommended to BP so that we don't have this issue
when building v19.x branch builds

## What was done?


## How Has This Been Tested?
Creating a docker image should now be as simple pushing a branch and tag
to dashevo/dash; start the automation on branch develop with tag
previously specified

## Breaking Changes


## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- [ ] I have made corresponding changes to the documentation

**For repository code-owners and collaborators only**
- [x] I have assigned this pull request to a milestone
2023-03-23 09:51:05 -05:00
Konstantin Akimov
e3a211a8a4
chrore: bump version in gitian to 19 (#5220)
Name of some files in gitian's build contains "18" instead 19.

## Issue being fixed or feature implemented


## What was done?
Version bumped in gitian's related configs

## How Has This Been Tested?
Will be tested with next RC of v19

## Breaking Changes
No breaking changes


## Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have made corresponding changes to the documentation
@PastaPastaPasta may you update release TODO checklist, please?
- [x] I have assigned this pull request to a milestone
2023-02-27 23:11:07 -06:00
fanquake
700d46b26d Merge #18741: guix: Make source tarball using git-archive
bfe1ba2f5b36056e0c41edf8206b93d3d83098df rel-builds: Specify core.abbrev for git-rev-parse (Carl Dong)
27e63e01cce368d67092de8f0c736927d6f6aa69 build: Accomodate makensis v2.x (Carl Dong)
1f2c39a30e0f82046c7aecddfda3eb99cb536816 guix: Remove logical cores requirement (Carl Dong)
a4f6ffa71e335d4b2a6bf525b7f416968f9cd9f7 lint: Also enable source statements for non-gitian (Carl Dong)
d256f91cb1b0d6ff5170106b99b0266cbe51f5a2 rel-builds: Directly deploy win installer to OUTDIR (Carl Dong)
fa791da02f9684e3fd554b687fb692ae6a23d65a nsis: Specify OutFile path only once (Carl Dong)
14701604d0904bc5bbf1c67de08f8ee6d3215523 guix: Expose GIT_COMMON_DIR in container as readonly (Carl Dong)
f5a6ac4f48b18f93050d77bcb23f9cf45ec34647 guix: Make source tarball using git-archive (Carl Dong)
395c1137f630dc495ffb2752a23bc1dfd470ee53 gitian: Limit sourced script to just assignments (Carl Dong)

Pull request description:

  Based on: #18556
  Related: https://github.com/bitcoin/bitcoin/pull/17595#discussion_r399728721

ACKs for top commit:
  fanquake:
    ACK bfe1ba2f5b36056e0c41edf8206b93d3d83098df - I agree with Carl, and am going to merge this. I'd like for Linux Guix builds to be working again, and we can rebase #18818.

Tree-SHA512: c87ada7e3de17ca0b692a91029b86573442ded5780fc081c214773f6b374a0cdbeaf6f6898c36669c2e247ee32aa7f82defb1180f8decac52c65f0c140f18674
2023-02-20 09:09:23 -06:00
fanquake
87de9c8f5c Merge #17929: build: add linker optimisation flags to gitian & guix (Linux)
f2b5b0a3b48f9241971c14238040048f8b630811 build: add linker optimization flags to guix (fanquake)
b8b050a8d642e38c81d1e451750c2c8db92fee5e build: add linker optimization flags to gitian descriptors (fanquake)

Pull request description:

  This PR adds `-Wl,O2` to our gitian and guix LDFLAGS. This makes the linker perform certain optimisations (and is different from LTO).

  Any -O argument will enable optimizations in GNU ld. We can use -O2 here, as this matches our compile flags. Note that this would also enable additional optimizations if using the lld or gold linkers, when compared to -O0.

  A nice writeup + diagrams of some of these optimizations is  available here: http://lwn.net/Articles/192624/.

  #### master
  ```bash
  # bitcoind
  Histogram for `.gnu.hash' bucket list length (total of 3 buckets)
   Length  Number     % of total  Coverage
        0  1          ( 33.3%)       0.0%
        1  0          (  0.0%)       0.0%
        2  1          ( 33.3%)      40.0%
        3  1          ( 33.3%)     100.0%
  ```
  ```bash
  # bitcoin-qt
  Histogram for `.gnu.hash' bucket list length (total of 3 buckets)
   Length  Number     % of total  Coverage
        0  0          (  0.0%)       0.0%
        1  1          ( 33.3%)      10.0%
        2  0          (  0.0%)      10.0%
        3  0          (  0.0%)      10.0%
        4  1          ( 33.3%)      50.0%
        5  1          ( 33.3%)     100.0%
  ```

  #### this PR:
  ```bash
  # bitcoind
  Histogram for `.gnu.hash' bucket list length (total of 8 buckets)
   Length  Number     % of total  Coverage
        0  3          ( 37.5%)       0.0%
        1  5          ( 62.5%)     100.0%
  ```
  ```bash
  # bitcoin-qt
  Histogram for `.gnu.hash' bucket list length (total of 19 buckets)
   Length  Number     % of total  Coverage
        0  9          ( 47.4%)       0.0%
        1  10         ( 52.6%)     100.0%
  ```

  #### GNU ld -O

  > If level is a numeric values greater than zero ld optimizes the output. This might take significantly longer and therefore probably should only be enabled for the final binary. At the moment this option only affects ELF shared library generation. Future releases of the linker may make more use of this option. Also currently there is no difference in the linker’s behaviour for different non-zero values of this option. Again this may change with future releases.

  #### lld -O

  > Optimize output file size

ACKs for top commit:
  dongcarl:
    ACK f2b5b0a3b48f9241971c14238040048f8b630811
  laanwj:
    ACK f2b5b0a3b48f9241971c14238040048f8b630811

Tree-SHA512: e53f3a4338317dbec65d3a93b57b5a6204aabdf9ac82d99447847a3c8627facc53c58c2cf947376f13edd979fc8129a80f18d9ebeccd191a576c83f1dad5c513
2023-02-20 09:09:23 -06:00
fanquake
dff599acff Merge #17595: guix: Enable building for x86_64-w64-mingw32 target
a35e3235891d35daa167116cc70340140e883f06 guix: Appease travis. (Carl Dong)
0b66d22da5f53640e22f05adf880782c613e6d0f guix: Use gcc-9 for mingw-w64 instead of 8 (Carl Dong)
ba0b99bdd613ba7f17c6247ece3001e1b44759a3 guix: Don't set MINGW_HAS_SECURE_API CFLAG in depends (Carl Dong)
93439a71eda49fb69f1e82966a23a946733aa6fa guix: Bump to upstream commit with mingw-w64 changes (Carl Dong)
35a96792dda9e78165b1598aeac7b2ab759e7be5 guix: Check mingw symbols, improve SSP fix docs (Carl Dong)
449d8fe25bbe25daacfc67aa89ca32b0a3254c5a guix: Expand on INT trap message (Carl Dong)
3f1f03c67a8e9edf487f08d272adb18b0a3942c8 guix: Spelling fixes (Carl Dong)
ff821dd2a1c600488d11e7d9a20e9179ecc9144b guix: Reinstate make-ssp-fixed-gcc (Carl Dong)
360a9e0ad50a36ec79a1a160dbed3966689fd41c guix: Bump time-machine for mingw-w64 patches (Carl Dong)
93e41b7e3b54c17fd1b4c61ee95fc0dc2827e954 guix: Use gcc-8 for mingw-w64 instead of 7 (Carl Dong)
ef4f7e4c45c60a69406134122f091c77c6ef740f guix: Set the well-known timezone env var (Carl Dong)
acf4b3b3b5accf60a19441a0298ef27001b78e72 guix: Make x86_64-w64-mingw32 builds reproducible (Carl Dong)
c4cce00eac691625b78b92f7dba0b7f57def19e5 guix: Remove dead links from README. (Carl Dong)
df953a4c9a6143f45864757b706c88b6fa70545a guix: Appease shellcheck. (Carl Dong)
91897c95e191d293eb27d8af15cbeafc5b8f3895 guix: Improve guix-build.sh documentation (Carl Dong)
570d769c6c59b9f6d1a2b95b2ed60432cb33b3ba guix: Build support for Windows (Carl Dong)

Pull request description:

  ~~Based on: https://github.com/bitcoin/bitcoin/pull/16519~~
  Based on: #17933 (Time Machines are... shall we say... superior 😁)

  This PR allows us to perform Guix builds for the `x86_64-w64-mingw32` target. We do this _without_ splitting up the build script like we do in Gitian by using this newfangled alien technology called `case` statements. (This is WIP and might be changed to `if` statements soon)

ACKs for top commit:
  fanquake:
    ACK a35e3235891d35daa167116cc70340140e883f06 2/3

Tree-SHA512: c471951c23eb2cda919a71285d8b8f2580cb20f09d5db17b53e13dbd8813e01b3e7a83ea848e4913fd0f2bc12c6c133c5f76b54e65c0d89fed4dfd2e0be19875
2023-02-20 09:09:23 -06:00
fanquake
355a735e78 Merge #18320: guix: Remove now-unnecessary gcc make flag
0ae42a16c766a7ecb8711bfad6f22b8581ea0258 guix: Remove now-unnecessary gcc make flag (Carl Dong)

Pull request description:

  ```
  Previously, Guix would produce a gcc which did not know to use the SSP
  function from glibc, and required a gcc make flag for it to do so, in my
  attempt to fix it upstream I realized that this is no longer the case.

  This can be verified by performing a Guix build and doing

    readelf -s ... | grep __stack_chk

  to check that symbols are coming from glibc, and doing

    readelf -d ... | grep NEEDED | grep ssp

  to see that libssp.so is not being depended on
  ```

ACKs for top commit:
  fanquake:
    ACK 0ae42a16c766a7ecb8711bfad6f22b8581ea0258 - ran a Guix build (hashes below) and checked all the linux binaries:

Tree-SHA512: 701b91e7c323b12a29af9539cb2656d10ce0a93af573a02e57f0b7fea05a6e1819798536eadb24d0a17e7f35b503f5e863fee5e7409db1b8a3973c4375e49d4e
2023-02-20 09:09:23 -06:00
fanquake
1f9f160d24 Merge #18104: build: Skip i686 build by default in guix and gitian
fae9084ac5b10f94bdee54853d307838c4254e9c build: Skip i686 build by default in guix and gitian (MarcoFalke)
fa55a2554c2661b8f2a759044d5ac85c9979d9ca depends: Remove reference to win32 (MarcoFalke)

Pull request description:

  Closes #17504

  Now that we no longer provide downloads for i686 on our website (https://bitcoincore.org/en/download/), there is no need to build them by default.

  i686 can still be built in depends (tested by ci/travis) and in guix/gitian by setting the appropriate `HOSTS`.

ACKs for top commit:
  practicalswift:
    ACK fae9084ac5b10f94bdee54853d307838c4254e9c -- patch looks correct
  dongcarl:
    ACK fae9084ac5b10f94bdee54853d307838c4254e9c patch looks correct
  laanwj:
    Code review ACK fae9084ac5b10f94bdee54853d307838c4254e9c
  hebasto:
    ACK fae9084ac5b10f94bdee54853d307838c4254e9c, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: b000c19a2cd2a596a52028fa298c4022c24cfdfc1bdb3795a90916d0a00a32e4dd22278db93790b6a11724e08ea8451f4f05c77bc40d1664518e11a8c82d6e29
2023-02-20 09:09:23 -06:00
fanquake
359c0fd62b Merge #17933: guix: Pin Guix using guix time-machine
88c83636d5a56bd9551577139786bdd3e74852c2 guix: Update documentation for time-machine (Carl Dong)
e6050884fdabfa6e51e6afce2041d91e60a5adec guix: Pin Guix using `guix time-machine` (Carl Dong)

Pull request description:

  An alternative to #16519, pinning our version of Guix and eliminating a `guix pull` and changing the default Guix profile of builders.

  I think this method might be superior, as it:
  - Eliminates the possibility of future changes to the `guix environment` command line interface breaking our builds
  - Eliminates the need to set up a separate channel repo

  It is a more general pinning solution than #16519.

  -----

  The reason why I didn't originally propose this is because `guix time-machine` is a recent addition to Guix, only available since `f675f8dec73d02e319e607559ed2316c299ae8c7`

ACKs for top commit:
  fanquake:
    ACK 88c83636d5a56bd9551577139786bdd3e74852c2

Tree-SHA512: 85e03b0987ffa86da73e02801e1cd8b7622698d70c4ba4e60561611be1e9717d661c2811a59b3e137b1b8eef2d0ba37c313867d035ebc89c3bd06a23a078064a
2023-02-20 09:09:23 -06:00
MarcoFalke
8a293adb88 partial Merge #17351: doc: Fix some misspellings
ac831339cbfa65b1f7576c53b5d9a94841db9868 doc: Fix some misspellings (randymcmillan)

Pull request description:

  Here is a more thorough lint-spelling update.
  This PR takes care of easy to fix spelling errors to clean up the linting stages.
  There are misspellings coded into the functional tests.
  That is a whole separate job within itself.

ACKs for top commit:
  practicalswift:
    ACK ac831339cbfa65b1f7576c53b5d9a94841db9868 -- diff looks correct

Tree-SHA512: d8fad83fed083715655f148263ddeffc6752c8007d568fcf3dc2c418ccd5db70089ce3ccfd3994fcbd78043171402eb9cca5bdd5125287e22c42ea305aaa6e9d
2023-02-20 09:09:23 -06:00
fanquake
9eb0995a88 Merge #16810: guix: Remove ssp spec file hack
0065ead5ebdad9f743d89ee2558c93253a597967 contrib: guix: Remove ssp spec file hack (Carl Dong)
0093a5869a30797ccb139d0cb5a0427d3f3c2d94 contrib: guix: More robust search paths, add checks (Carl Dong)

Pull request description:

  See commit messages for more details

ACKs for top commit:
  fanquake:
    ACK 0065ead5ebdad9f743d89ee2558c93253a597967

Tree-SHA512: fde04005fb31cd4b75b80da4936a7c394f63f0b3bdcc33c20c99e05604a63efd9c850a8d097030ff0bf4b4e83f1a9997fc4621ce291ebcecd8397893447600a7
2023-02-20 09:09:23 -06:00
Wladimir J. van der Laan
aec7441ac2 Merge #15277: contrib: Enable building in Guix containers
751549b52a9a4cd27389d807ae67f02bbb39cd7f contrib: guix: Additional clarifications re: substitutes (Carl Dong)
cd3e947f50db7cfe05c05b368c25742193729a62 contrib: guix: Various improvements. (Carl Dong)
8dff3e48a9e03299468ed3b342642f01f70da9db contrib: guix: Clarify SOURCE_DATE_EPOCH. (Carl Dong)
3e80ec3ea9691c7c89173de922a113e643fe976b contrib: Add deterministic Guix builds. (Carl Dong)

Pull request description:

  ~~**This post is kept updated as this project progresses. Use this [latest update link](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-497303718) to see what's new.**~~

  Please read the `README.md`.

  -----

  ### Guix Introduction

  This PR enables building bitcoin in Guix containers. [Guix](https://www.gnu.org/software/guix/manual/en/html_node/Features.html) is a transactional package manager much like Nix, but unlike Nix, it has more of a focus on [bootstrappability](https://www.gnu.org/software/guix/manual/en/html_node/Bootstrapping.html) and [reproducibility](https://www.gnu.org/software/guix/blog/tags/reproducible-builds/) which are attractive for security-sensitive projects like bitcoin.

  ### Guix Build Walkthrough

  Please read the `README.md`.

  [Old instructions no. 4](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-497303718)

  [Old instructions no. 3](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-493827011)

  [Old instructions no. 2](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-471658439)

  <details>
  <summary>Old instructions no. 1</summary>
  In this PR, we define a Guix [manifest](https://www.gnu.org/software/guix/manual/en/html_node/Invoking-guix-package.html#profile_002dmanifest) in `contrib/guix/manifest.scm`, which declares what packages we want in our environment.

  We can then invoke
  ```
  guix environment --manifest=contrib/guix/manifest.scm --container --pure --no-grafts --no-substitutes
  ```
  To have Guix:
  1. Build an environment containing the packages we defined in our `contrib/guix/manifest.scm` manifest from the Guix bootstrap binaries (see [bootstrappability](https://www.gnu.org/software/guix/manual/en/html_node/Bootstrapping.html) for more details).
  2. Start a container with that environment that has no network access, and no access to the host's filesystem except to the `pwd` that it was started in.
  3. Drop you into a shell in that container.

  > Note: if you don't want to wait hours for Guix to build the entire world from scratch, you can eliminate the `--no-substitutes` option to have Guix download from available binary sources. Note that this convenience doesn't necessarily compromise your security, as you can check that a package was built correctly after the fact using `guix build --check <packagename>`

  Therefore, we can perform a build of bitcoin much like in Gitian by invoking the following:

  ```
  make -C depends -j"$(nproc)" download && \
      cat contrib/guix/build.sh | guix environment --manifest=contrib/guix/manifest.scm --container --pure --no-grafts --no-substitutes
  ```

  We don't include `make -C depends -j"$(nproc)" download` inside `contrib/guix/build.sh` because `contrib/guix/build.sh` is run inside the container, which has no network access (which is a good thing).
  </details>

  ### Rationale

  I believe that this represents a substantial improvement for the "supply chain security" of bitcoin because:

  1. We no longer have to rely on Ubuntu for our build environment for our releases ([oh the horror](72bd4ab867/contrib/gitian-descriptors/gitian-linux.yml (L10))), because Guix builds everything about the container, we can perform this on almost any Linux distro/system.
  2. It is now much easier to determine what trusted binaries are in our supply chain, and even make a nice visualization! (see [bootstrappability](https://www.gnu.org/software/guix/manual/en/html_node/Bootstrapping.html)).
  3. There is active effort among Guix folks to minimize the number of trusted binaries even further. OriansJ's [stage0](https://github.com/oriansj/stage0), and janneke's [Mes](https://www.gnu.org/software/mes/) all aim to achieve [reduced binary boostrap](http://joyofsource.com/reduced-binary-seed-bootstrap.html) for Guix. In fact, I believe if OriansJ gets his way, we will end up some day with only a single trusted binary: hex0 (a ~500 byte self-hosting hex assembler).

  ### Steps to Completion

  - [x] Successfully build bitcoin inside the Guix environment
  - [x] Make `check-symbols` pass
  - [x] Do the above but without nasty hacks
  - [x] Solve some of the more innocuous hacks
  - [ ] Make it cross-compile (HELP WANTED HERE)
    - [x] Linux
      - [x] x86_64-linux-gnu
      - [x] i686-linux-gnu
      - [x] aarch64-linux-gnu
      - [x] arm-linux-gnueabihf
      - [x] riscv64-linux-gnu
    - [ ] OS X
      - [ ] x86_64-apple-darwin14
    - [ ] Windows
      - [ ] x86_64-w64-mingw32
  - [ ] Maybe make importer for depends syntax
  - [ ] Document build process for future releases
  - [ ] Extra: Pin the revision of Guix that we build with with Guix [inferiors](https://www.gnu.org/software/guix/manual/en/html_node/Inferiors.html)

  ### Help Wanted

  [Old content no. 3](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-483318210)

  [Old content no. 2](https://github.com/bitcoin/bitcoin/pull/15277#issuecomment-471658439)

  <details>
  <summary>Old content no. 1</summary>
  As of now, the command described above to perform a build of bitcoin a lot like Gitian works, but fails at the `check-symbols` stage. This is because a few dynamic libraries are linked in that shouldn't be.

  Here's what `ldd src/bitcoind` looks like when built in a Guix container:
  ```
  	linux-vdso.so.1 (0x00007ffcc2d90000)
  	libdl.so.2 => /gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/libdl.so.2 (0x00007fb7eda09000)
  	librt.so.1 => /gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/librt.so.1 (0x00007fb7ed9ff000)
  	libstdc++.so.6 => /gnu/store/4sqps8dczv3g7rwbdibfz6rf5jlk7w90-gcc-5.5.0-lib/lib/libstdc++.so.6 (0x00007fb7ed87c000)
  	libpthread.so.0 => /gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/libpthread.so.0 (0x00007fb7ed85b000)
  	libm.so.6 => /gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/libm.so.6 (0x00007fb7ed6da000)
  	libgcc_s.so.1 => /gnu/store/4sqps8dczv3g7rwbdibfz6rf5jlk7w90-gcc-5.5.0-lib/lib/libgcc_s.so.1 (0x00007fb7ed6bf000)
  	libc.so.6 => /gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/libc.so.6 (0x00007fb7ed506000)
  	/gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007fb7ee3a0000)
  ```

  And here's what it looks in one of our releases:
  ```
  	linux-vdso.so.1 (0x00007ffff52cd000)
  	libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007f87726b4000)
  	librt.so.1 => /usr/lib/librt.so.1 (0x00007f87726aa000)
  	libm.so.6 => /usr/lib/libm.so.6 (0x00007f8772525000)
  	libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x00007f877250b000)
  	libc.so.6 => /usr/lib/libc.so.6 (0x00007f8772347000)
  	/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007f8773392000)
  ```

  ~~I suspect it is because my script does not apply the gitian-input patches [described in the release process](https://github.com/bitcoin/bitcoin/blob/master/doc/release-process.md#fetch-and-create-inputs-first-time-or-when-dependency-versions-change) but there is no description as to how these patches are applied.~~ It might also be something else entirely.

  Edit: It is something else. It appears that the gitian inputs are only used by [`gitian-win-signer.yml`](d6e700e40f/contrib/gitian-descriptors/gitian-win-signer.yml (L14))
  </details>

  ### How to Help

  1. Install Guix on your distro either [from source](https://www.gnu.org/software/guix/manual/en/html_node/Requirements.html) or perform a [binary installation](https://www.gnu.org/software/guix/manual/en/html_node/Binary-Installation.html#Binary-Installation)
  2. Try out my branch and the command described above!

ACKs for top commit:
  MarcoFalke:
    Thanks for the replies. ACK 751549b52a9a4cd27389d807ae67f02bbb39cd7f
  laanwj:
    ACK 751549b52a9a4cd27389d807ae67f02bbb39cd7f

Tree-SHA512: 50e6ab58c6bda9a67125b6271daf7eff0ca57d0efa8941ed3cd951e5bf78b31552fc5e537b1e1bcf2d3cc918c63adf19d685aa117a0f851024dc67e697890a8d
2023-02-20 09:09:23 -06:00
Kittywhiskers Van Gogh
f42288c984 partial bitcoin#19077: Add sqlite as an alternative wallet database and use it for new descriptor wallets 2023-02-07 10:53:33 -06:00
MarcoFalke
405ab79e29
Merge #18879: valgrind: remove outdated suppressions
d7120f7f78cda5ed1ab91f83e9b546de68dbee47 valgrind : remove duplicate BCLog::Logger suppression (fanquake)
708e3c7e85a666d5b8da8638a819c0f3973fcca4 valgrind: remove rest_blockhash_by_height suppression (fanquake)

Pull request description:

  708e3c7e85: `Suppress rest_blockhash_by_height` should no longer be needed after #18785.

  d7120f7f78 : Removes a duplicate `Suppress BCLog::Logger::StartLogging()` suppression that was added in #17770.

ACKs for top commit:
  MarcoFalke:
    ACK d7120f7f78cda5ed1ab91f83e9b546de68dbee47
  practicalswift:
    ACK d7120f7f78cda5ed1ab91f83e9b546de68dbee47 -- patch looks correct and valgrind Travis job is happy

Tree-SHA512: 45f5b9fa64bf83cada3cd9ad33c245f660376d5b29f51a2531d83133940090df945f5ef26c5847d6ec024ffab9528d55573c5cf9ca5e73795f9abfc971b3d29b
2023-01-23 12:22:30 -06:00
MarcoFalke
a8820d894f Merge #19474: doc: Use precise permission flags where possible
fab558612278909df93bdf88f5727b04f13aef0f doc: Use precise permission flags where possible (MarcoFalke)

Pull request description:

  Instead of mentioning the all-encompassing `-whitelist*` settings, change the docs to mention the exact permission flag that will influence the behaviour.

  This is needed because in the future, the too-broad `-whitelist*` settings (they either include *all* permission flags or apply to *all* peers) might be deprecated to require the permission flags to be enumerated.

  Alternatively, in the future there could be an RPC to set the net permission flags on an existing connection, in which case the `-whitelist*` terminology is of no help.

ACKs for top commit:
  jnewbery:
    reACK fab558612278909df93bdf88f5727b04f13aef0f
  fjahr:
    Code review ACK fab558612278909df93bdf88f5727b04f13aef0f
  jonatack:
    ACK fab558612278909df93bdf88f5727b04f13aef0f

Tree-SHA512: c7dea3e577d90103bb2b0ffab7b7c8640b388932a3a880f69e2b70747fc9213dc1f437085671fd54c902ec2a578458b8a2fae6dbe076642fb88efbf9fa9e679c
2023-01-19 23:37:39 -06:00
Kittywhiskers Van Gogh
07bd5977e5 partial bitcoin#23511: require glibc 2.18+ 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
d37f30ce46 merge bitcoin#20476: Add test for ELF symbol-check 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
f62fd6f51f merge bitcoin#22244: Correctly extract symbol versions in symbol-check 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
29c885c9f7 merge bitcoin#20434: Parse ELF directly for symbol and security checks 2023-01-18 19:02:39 -06:00
Kittywhiskers Van Gogh
ef69317b59 merge bitcoin#19525: add -Wl,-z,separate-code to hardening flags 2023-01-18 19:02:39 -06:00
UdjinM6
828fac4c14 chore: add missing copyrights via copyright_header.py insert 2023-01-13 00:49:04 +03:00
UdjinM6
498e8c5017 chore: run copyright_header.py update 2023-01-13 00:49:04 +03:00
UdjinM6
a86b891d20 chore: update copyright_header.py 2023-01-13 00:49:04 +03:00
Kittywhiskers Van Gogh
816edc4e4f build: add exclusions to linting scripts and filters 2022-12-01 00:51:08 +05:30