Using the new time-machine results in warnings about consistently using
keyword arguments:
```bash
guix environment: warning: 'cross-kernel-headers' must be used with keyword arguments
guix environment: warning: 'cross-libc' must be used with keyword arguments
```
This is required for bumping the time-machine, for compatibility with
OpenSSL:
oscrypto: openssl backend, 1.2.1, /tmp/guix-build-python-oscrypto-1.2.1.drv-0/source/oscrypto
Traceback (most recent call last):
File "/tmp/guix-build-python-oscrypto-1.2.1.drv-0/source/oscrypto/_openssl/_libcrypto_ctypes.py", line 304, in <module>
libcrypto.EVP_PKEY_size.argtypes = [
File "/gnu/store/9dkl9fnidcdpw19ncw5pk0p7dljx7ijb-python-3.10.7/lib/python3.10/ctypes/__init__.py", line 387, in __getattr__
func = self.__getitem__(name)
File "/gnu/store/9dkl9fnidcdpw19ncw5pk0p7dljx7ijb-python-3.10.7/lib/python3.10/ctypes/__init__.py", line 392, in __getitem__
func = self._FuncPtr((name_or_ordinal, self))
AttributeError: /gnu/store/2hr7w64zhr6jjznidyc2xi40d5ynhj9c-openssl-3.0.8/lib/libcrypto.so.3: undefined symbol: EVP_PKEY_size. Did you mean: 'EVP_PKEY_free'?
Refactor our glibc 2.27 to be a single 'package', and avoid the use of
`package-with-extra-configure-variable`. This also lets us drop the
`enable_werror` workaround, and just use --disable-werror directly.
Employ the same workaround as the Guix glibc, to avoid a "permission
denied" failure during build:
```bash
make subdir=sunrpc -C sunrpc ..=../ subdir_install
make[2]: Entering directory '/tmp/guix-build-glibc-cross-x86_64-linux-gnu-2.27.drv-0/source/sunrpc'
.././scripts/mkinstalldirs /gnu/store/ga8jciqrd5lh52m572x3mk4q1smf5agq-glibc-cross-x86_64-linux-gnu-2.27/include/rpc
mkdir -p -- /gnu/store/ga8jciqrd5lh52m572x3mk4q1smf5agq-glibc-cross-x86_64-linux-gnu-2.27/include/rpc
/gnu/store/kvpvk5wh70wdbjnr83hh85rg22ysxm9h-coreutils-8.32/bin/install -c -m 644 rpc/netdb.h /gnu/store/ga8jciqrd5lh52m572x3mk4q1smf5agq-glibc-cross-x86_64-linux-gnu-2.27/include/rpc/netdb.h
.././scripts/mkinstalldirs /gnu/store/ga8jciqrd5lh52m572x3mk4q1smf5agq-glibc-cross-x86_64-linux-gnu-2.27/include/nfs
mkdir -p -- /gnu/store/ga8jciqrd5lh52m572x3mk4q1smf5agq-glibc-cross-x86_64-linux-gnu-2.27/include/nfs
/gnu/store/kvpvk5wh70wdbjnr83hh85rg22ysxm9h-coreutils-8.32/bin/install -c -m 644 ../sysdeps/unix/sysv/linux/nfs/nfs.h /gnu/store/ga8jciqrd5lh52m572x3mk4q1smf5agq-glibc-cross-x86_64-linux-gnu-2.27/include/nfs/nfs.h
/gnu/store/kvpvk5wh70wdbjnr83hh85rg22ysxm9h-coreutils-8.32/bin/install -c -m 644 /tmp/guix-build-glibc-cross-x86_64-linux-gnu-2.27.drv-0/build/gnu/lib-names-64.h /gnu/store/ga8jciqrd5lh52m572x3mk4q1smf5agq-glibc-cross-x86_64-linux-gnu-2.27/include/gnu/lib-names-64.h
/gnu/store/kvpvk5wh70wdbjnr83hh85rg22ysxm9h-coreutils-8.32/bin/install -c -m 644 etc.rpc /etc/rpc
/gnu/store/kvpvk5wh70wdbjnr83hh85rg22ysxm9h-coreutils-8.32/bin/install: cannot create regular file '/etc/rpc': Permission denied
make[2]: *** [Makefile:197: /etc/rpc] Error 1
```
Split out of #27897. This is some refactoring to the Windows Guix build
that facilitates bumping our Guix time-machine. Namely, avoiding
`package-with-extra-configure-variable`, which is non-functional in the
newer time-machine, see https://issues.guix.gnu.org/64436.
At the same time, consolidate our Windows GCC build into mingw-w64-base-gcc.
Rename `gcc-10-remap-guix-store.patch` to avoid changing it whenever GCC changes.
We move the old `building-on` inside `explicit-cross-configure`, so that
non-windows builds continue to work. Note that `explicit-cross-configure`
will be going away entirely (see #27897).
fa60fa3b0c bitcoin-tidy: Apply bitcoin-unterminated-logprintf to spkm as well (MarcoFalke)
faa11434fe refactor: Enable all clang-tidy plugin bitcoin tests (MarcoFalke)
fa6dc57760 refactor: Enforce C-str fmt strings in WalletLogPrintf() (MarcoFalke)
fa244f3321 doc: Fix bitcoin-unterminated-logprintf tidy comments (MarcoFalke)
Pull request description:
All fmt functions only accept a raw C-string as argument.
There should never be a need to pass a format string that is not a compile-time string literal, so disallow it in `WalletLogPrintf()` to avoid accidentally introducing it.
Apart from consistency, this also fixes the clang-tidy plugin bug https://github.com/bitcoin/bitcoin/pull/26296#discussion_r1286821141.
ACKs for top commit:
theuni:
ACK fa60fa3b0c
Tree-SHA512: fa6f4984c50f9b34e850bdfee7236706af586e512d866cc869cf0cdfaf9aa707029c210ca72d91f85e75fcbd8efe0d77084701de8c3d2004abfd7e46b6fa9072
bb3263d3e3 bitcoin-tidy: fix macOS build (Cory Fields)
Pull request description:
[LLVM uses these options](https://github.com/llvm/llvm-project/blob/main/llvm/cmake/modules/HandleLLVMOptions.cmake#L178) for building as well, so there's precedent.
Also fix the shared library extension which was incorrectly being set to dylib.
Thanks to jonatack for reporting and debugging.
ACKs for top commit:
jonatack:
ACK bb3263d3e3 tested with arm64 macos 13.5, llvm 16.0.6 and cmake 3.27.2
Tree-SHA512: de7bfd497f38f1565a14d217d0b057cbfa788bdda702b5942b7f0b55947ae5e1c05af13e7d6a073ed036bc4db57035868f180034508b6e084ab9b901a5baaf2f
An LLVM installation will have `llvm-config` available to query for
info. Ask it for the `--cmakedir`, and use that in our bitcoin-tidy
example, rather than listing multiple different (potential) paths per
distro/OS etc.
7f96638723 contrib: add macOS fixup_chains check to security-check (fanquake)
3dca683cb7 build: support -no_fixup_chains in ld64 (fanquake)
Pull request description:
Followup to #27676, adding the check for chained fixups.
Somewhat annoyingly, we have to patch support for `-no_fixup_chains` into ld64. As it doesn't seem to have been added [until a later version](59a99ab603/src/ld/Options.cpp (L4172)).
Guix Build:
```bash
0e17d462808f86aa7157e27a957da88fd1adeb491ad6c01138aca93e5ad1d018 guix-build-7f96638723a0/output/arm64-apple-darwin/SHA256SUMS.part
ceb208e6374f5d7367b73128e90ca6eaeea15d50c69e49c8cf75b47212525ad7 guix-build-7f96638723a0/output/arm64-apple-darwin/bitcoin-7f96638723a0-arm64-apple-darwin-unsigned.dmg
e31663554cfde8a37a9f3438c9c895dde94b90ff87e28f12f78be71ef6421d93 guix-build-7f96638723a0/output/arm64-apple-darwin/bitcoin-7f96638723a0-arm64-apple-darwin-unsigned.tar.gz
68a7bbc42418641eab391a85725b5c2f3c46d38a7acc07e7a8cef98909be07ec guix-build-7f96638723a0/output/arm64-apple-darwin/bitcoin-7f96638723a0-arm64-apple-darwin.tar.gz
38d966ad93e7384f4f1ce16faded003a675ecce7be1987e6c4eee8e4b82c0432 guix-build-7f96638723a0/output/dist-archive/bitcoin-7f96638723a0.tar.gz
9d314f595d897a715a321a9fba0d552220fbd4bf69aff84eb8c0001cdb48234f guix-build-7f96638723a0/output/x86_64-apple-darwin/SHA256SUMS.part
c218ebfd0e96348c4912e6d522492b621bb043ef45b75105ff1fde979d1004d0 guix-build-7f96638723a0/output/x86_64-apple-darwin/bitcoin-7f96638723a0-x86_64-apple-darwin-unsigned.dmg
1c5ff7fa82f5c76d7d8b9582ad5202f4a82a917102ecafdc3c1fb7b783f6bc3e guix-build-7f96638723a0/output/x86_64-apple-darwin/bitcoin-7f96638723a0-x86_64-apple-darwin-unsigned.tar.gz
15fb01e5afcc842db6a3e793b42c70c05ce07bec79e0d2d605e241901ff9f639 guix-build-7f96638723a0/output/x86_64-apple-darwin/bitcoin-7f96638723a0-x86_64-apple-darwin.tar.gz
```
ACKs for top commit:
theuni:
utACK 7f96638723.
hebasto:
ACK 7f96638723, I have reviewed the code and the patch, and they look OK.
TheCharlatan:
ACK 7f96638723
Tree-SHA512: 7f94710460f54b2afe3c9f5d57107b71436c59b799b15f78e5e3011c3c4f6b23a3acc1008eccea9c22226a200774c82900bad6c6236ab6c5c48a17dec3f2d5a2
6c97757a48 script: appease spelling linter (Jon Atack)
1316119ce7 script: update ignored-words.txt (Jon Atack)
146c861da2 script: update linter dependencies (Jon Atack)
92408224a4 test: fix PEP484 no implicit optional argument types errors (Jon Atack)
f86a301433 script, test: add missing python type annotations (Jon Atack)
Pull request description:
With these updates, `./test/lint/lint-python.py` and `./test/lint/lint-spelling.py` should be green again for developers using relatively recent Python dependencies, in particular mypy 0.991 (released 11/2022) and later. Please see the commit messages for details.
ACKs for top commit:
fanquake:
ACK 6c97757a48
Tree-SHA512: 8a46a4d36d5978affdcecf4f2ace20ca1b52d483e098304911a2169afe60ccb9b042fa90c04b762d94f3ce53d2cafe6f24476ae839867a770c7f31e7e7242d99
Fix warnings for these files when ./test/lint/lint-python.py is run using
mypy 0.991 (released 11/2022) and later:
"By default the bodies of untyped functions are not checked, consider using
--check-untyped-defs [annotation-unchecked]"
For details, see:
https://mypy-lang.blogspot.com/2022/11/mypy-0990-released.html
This change improves the maintainability of the manifest:
(1) It allows to remove the module when the specified symbols are no
longer used.
(2) It prevents accidental use of other symbols, such as `bash`
instead of `bash-minimal`.
529c92e837 guix: Update `python-lief` package to 0.13.2 (Hennadii Stepanov)
Pull request description:
The Guix's `python-lief` package is going to move to using external deps, rather than the bundled ones (https://lists.gnu.org/archive/html/guix-patches/2023-05/msg01302.html). We want to continue using our own package indefinitely, to keep the build simpler, and allow for easier updating.
Changes in `contrib/devtools/security-check.py` are caused by 6357c6370b.
Also see: https://github.com/bitcoin/bitcoin/pull/27507.
ACKs for top commit:
fanquake:
ACK 529c92e837
Tree-SHA512: ad81111b090a39b380fe25bb27b54a339e78a158f462c7adda25d5ee55f0d654107b1486b29b9687ad0808e27b01e04f53a0e8ffc6600b79103d6bd0dfec64ef
Unfortunately clang 10 does not understand "-mmacosx-version-min=11.0",
as it expects to see only 10.x.
Bump minimally to 11.1 to fix that problem. This will likely be our last
binary toolchain bump, as it will soon be replaced with usage of upstream
vanilla llvm.
015cc5e588 lint: stop ignoring LIEF imports (fanquake)
Pull request description:
Type stubs are now available as of 0.13.0.
See https://github.com/lief-project/LIEF/issues/650.
ACKs for top commit:
TheCharlatan:
ACK 015cc5e588
Tree-SHA512: ebb754f293c2a61a0ef64c3552f7c700ceb3054b50fd3f1573e4a9e87773ddeba47bd9875f6ab055043012dbc20aeb71e4d76cd3da535c76651dfb1fbfc66e89
689a65d878 contrib/init: Better systemd integration (Carl Dong)
Pull request description:
```
1. Make logs available to journalctl (systemd's logging system) by not
specifying -daemonwait, which rightfully has its own set of stdout
and stderr descriptors (a user invoking with -daemonwait on the
command line should not see any logs). It makes more sense not to
daemonize in the systemd context anyway.
2. Make systemd aware of when bitcoind is started and in steady state by
specifying -startupnotify='systemd-notify --ready' and Type=notify.
NotifyAccess=all is necessary so that the spawned thread for
startupnotify is allowed to inform systemd of bitcoind's readiness.
Note that NotifyAccess=exec won't work because it only allows
sd_notify readiness signalling from Exec*= declarations in the
.service file.
Note that we currently don't allow multiple startupnotify commands, but
users can override it in systemd via:
# systemctl edit bitcoind
By specifying something like:
[Service]
ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \
-conf=/etc/bitcoin/bitcoin.conf \
-datadir=/var/lib/bitcoind \
-startupnotify='systemd-notify --ready; mycommandhere'
```
ACKs for top commit:
real-or-random:
ACK 689a65d878 tested this service file with 25.0
Tree-SHA512: 9a52ad5cf25886c0d8dabc986d8920602a056db25875b5edd910b387043b78bb78c76d6df82e6e322e3be3bfd5c35c80721cbc8308cec946060bd7586820e9c6
1. Make logs available to journalctl (systemd's logging system) by not
specifying -daemonwait, which rightfully has its own set of stdout
and stderr descriptors (a user invoking with -daemonwait on the
command line should not see any logs). It makes more sense not to
daemonize in the systemd context anyway.
2. Make systemd aware of when bitcoind is started and in steady state by
specifying -startupnotify='systemd-notify --ready' and Type=notify.
NotifyAccess=all is necessary so that the spawned thread for
startupnotify is allowed to inform systemd of bitcoind's readiness.
Note that NotifyAccess=exec won't work because it only allows
sd_notify readiness signalling from Exec*= declarations in the
.service file.
3. Also make systemd aware of when bitcoind is stopping by specifying
-shutdownnotify='systemd-notify --stopping'
Note that we currently don't allow multiple *notify commands, but users
can override it in systemd via:
# systemctl edit bitcoind
By specifying something like:
[Service]
ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \
-conf=/etc/bitcoin/bitcoin.conf \
-datadir=/var/lib/bitcoind \
-startupnotify='systemd-notify --ready; mystartupcommandhere' \
-shutdownnotify='systemd-notify --stopping; myshutdowncommandhere'
These should only be relevant for a glibc that is built as part of a
Guix system, and should not be required for a glibc that is just being
built to compile our binaries against. A x86_64 linux bitcoind produced
with Guix using master vs this change has no difference. i.e:
```diff
@@ -20311,15 +20311,15 @@
This is experimental software.
The source code is available from %s.
Please contribute if you find %s useful. Visit %s for further information about the software.
The %s developers
The Bitcoin Core developers
<https://bitcoincore.org/>
Copyright (C) %i-%i
-v25.99.0-gda0bf1d07639b0490791bbd6aec71bbea8aa2aThe %s developer<https://github.com/bitcoin/bitcDistributed under the MIT software license, see the accompanyingThis is experimeThe source code is available froPlease contribute if you find %s useful. Visit %s for further information about Copyright (C) %ibool BCLog::Logger::StartLogging()
+v25.99.0-gd7700d3a26478d9b1648463c188648c7047b1cThe %s developer<https://github.com/bitcoin/bitcDistributed under the MIT software license, see the accompanyingThis is experimeThe source code is available froPlease contribute if you find %s useful. Visit %s for further information about Copyright (C) %ibool BCLog::Logger::StartLogging()
std::string BCLog::Logger::LogLevelToStr(BCLog::Level) const
std::string LogCategoryToStr(BCLog::LogFlags)
void BCLog::Logger::LogPrintStr(const string&, const string&, const string&, int, BCLog::LogFlags, BCLog::Level)
void BCLog::Logger::ShrinkDebugFile()
Failed to shrink debug log file: fseek(...) failed
logging.cpp
m_buffering
```
```diff
@@ -1505889,15 +1505889,15 @@
call aa3380 <malloc@plt+0xa4edb0>
mov (%rsp),%rdx
movdqa 0x465540(%rip),%xmm0
mov %rax,0x7a0559(%rip)
lea 0x7a0552(%rip),%rsi
lea 0x3957bb(%rip),%rdi
mov %rdx,0x7a0554(%rip)
- mov $0x3038,%edx
+ mov $0x3036,%edx
movups %xmm0,(%rax)
movdqa 0x465524(%rip),%xmm0
mov %dx,0x30(%rax)
mov 0x7a0529(%rip),%rdx
movups %xmm0,0x10(%rax)
movdqa 0x46551d(%rip),%xmm0
movups %xmm0,0x20(%rax)
```
```diff
@@ -37238,17 +37238,17 @@
0x00b73730 65202573 20646576 656c6f70 65727300 e %s developers.
0x00b73740 54686520 42697463 6f696e20 436f7265 The Bitcoin Core
0x00b73750 20646576 656c6f70 65727300 434f5059 developers.COPY
0x00b73760 494e4700 3c687474 70733a2f 2f626974 ING.<https://bit
0x00b73770 636f696e 636f7265 2e6f7267 2f3e0043 coincore.org/>.C
0x00b73780 6f707972 69676874 20284329 2025692d opyright (C) %i-
0x00b73790 25690053 61746f73 68690000 00000000 %i.Satoshi......
- 0x00b737a0 7632352e 39392e30 2d676461 30626631 v25.99.0-gda0bf1
- 0x00b737b0 64303736 33396230 34393037 39316262 d07639b0490791bb
- 0x00b737c0 64366165 63373162 62656138 61613261 d6aec71bbea8aa2a
+ 0x00b737a0 7632352e 39392e30 2d676437 37303064 v25.99.0-gd7700d
+ 0x00b737b0 33613236 34373864 39623136 34383436 3a26478d9b164846
+ 0x00b737c0 33633138 38363438 63373034 37623163 3c188648c7047b1c
0x00b737d0 54686520 25732064 6576656c 6f706572 The %s developer
0x00b737e0 3c687474 70733a2f 2f676974 6875622e <https://github.
0x00b737f0 636f6d2f 62697463 6f696e2f 62697463 com/bitcoin/bitc
0x00b73800 44697374 72696275 74656420 756e6465 Distributed unde
0x00b73810 72207468 65204d49 5420736f 66747761 r the MIT softwa
0x00b73820 7265206c 6963656e 73652c20 73656520 re license, see
0x00b73830 74686520 6163636f 6d70616e 79696e67 the accompanying
```
```diff
@@ -1,5 +1,5 @@
Hex dump of section '.gnu_debuglink':
0x00000000 62697463 6f696e64 2e646267 00000000 bitcoind.dbg....
- 0x00000010 6b6e8eda kn..
+ 0x00000010 345cb865 4\.e
```
a2bef805c1 kernel: update m_assumed_* chain params for 25.x (fanquake)
4128e01dba kernel: update chainTxData for 25.x (fanquake)
00b2b114b4 kernel: update nMinimumChainWork & defaultAssumeValid for 25.x (fanquake)
07fcc0a82c doc: update references to kernel/chainparams.cpp (fanquake)
Pull request description:
Update chainparams pre `25.x` branch off.
Co-Author in the commits as a PR (#27223) had previously been opened too-early to do the same.
Note: Remember that some variance is expected in the `m_assumed_*` sizes.
ACKs for top commit:
achow101:
ACK a2bef805c1
josibake:
ACK a2bef805c1
gruve-p:
ACK a2bef805c1
dergoegge:
ACK a2bef805c1 on the new mainnet params
Tree-SHA512: 0b19c2ef15c6b15863d6a560a1053ee223057c7bfb617ffd3400b1734cee8f75bc6fd7f04d8f8e3f5af6220659a1987951a1b36945d6fe17d06972004fd62610
3cc989da5c Fix checking bad dns seeds without casting (Yusuf Sahin HAMZA)
Pull request description:
- Since seed lines comes with `str` type, comparing `good` column directly with **0** (`int` type) in the if statement was not working at all. This is fixed by casting `int` type to the values in the `good` column of seeds text file.
- Lines that starts with comment in the seeds text file are now ignored.
- If statement for checking bad seeds are moved to the top of the `parseline` function as if a seed is bad; there is no point of going forward from there.
Since this bug-fix eliminates bad seeds over **550k** in the first place, in my case; particular job for parsing all seeds speed is up by **600%** and whole script's speed is up by **%30**.
Note that **stats** in the terminal are not going to include bad seeds after this fix, which would be the same if this bug were never there before.
ACKs for top commit:
achow101:
ACK 3cc989da5c
jonatack:
ACK 3cc989da5c
Tree-SHA512: 13c82681de4d72de07293f0b7f09721ad8514a2ad99b0584d1c94fa5f2818821df2000944f9514d6a222a5dccc82856d16c8c05aa36d905cfa7d4610c629fd38
754fb6bb81 verifybinaries: fix argument type error pointed out by mypy (Cory Fields)
8a65e5145c verifybinaries: catch the correct exception (Cory Fields)
4b23b488d2 verifybinaries: fix OS download filter (Cory Fields)
8cdadd1729 verifybinaries: use recommended keyserver by default (Cory Fields)
4e0396835d verifybinaries: remove unreachable code (Cory Fields)
5668c6473a verifybinaries: Don't delete shasums file (Cory Fields)
46c73b57c6 verifybinaries: README cleanups (Cory Fields)
6d11830265 verifybinaries: remove awkward bitcoin-core prefix handling (Cory Fields)
c44323a717 verifybinaries: move all current examples to the pub subcommand (Cory Fields)
7a6e7ffd06 contrib: Use machine parseable GPG output in verifybinaries (Andrew Chow)
6b2cebfa2f contrib: Add verifybinaries command for specifying files to verify (Andrew Chow)
e4d5778228 contrib: Specify to GPG the SHA256SUMS file that is detached signed (Andrew Chow)
17575c0efa contrib: Refactor verifbinaries to support subcommands (Andrew Chow)
37c9fb7a59 contrib: verifybinaries: allow multisig verification (James O'Beirne)
Pull request description:
Following up on #23020 from jamesob with achow101's additional features on top.
Both mentioned that they will be away for the next few weeks, so this is intended to keep review going.
All credit to the jamesob and achow101. See #23020 for the original description and [here](https://github.com/bitcoin/bitcoin/pull/23020#issuecomment-1480603300) for the added features.
I squashed the last commit from https://github.com/achow101/bitcoin/tree/pr23020-direct-bins-gpg-parse into the first commit here.
Fetching and local verification seem to work as intended for me.
ACKs for top commit:
josibake:
ACK 754fb6bb81
Tree-SHA512: b310c57518daa690a00126308a3e7e94b978ded56d13da15d5189e9e90b71c93888d854f64179150586b0a915db8dadd43c92b716613913c198128db8867257b
In addition to verifying the published releases with the `pub` command,
the verifybinaries script is updated to take a `bin` command where the
user specifies the local files, sums, and sigs to verify.
This commit adds the functionality necessary to transition from
doing binary verification on the basis of a single signature to
requiring a minimum threshold of trusted signatures.
A signature can appear as "good" from GPG output, but it may not come
from an identity the user trusts. We call these "good, untrusted"
signatures.
We report bad signatures but do not necessarily fail in their presence,
since a bad signature might coexist with enough good, trusted signatures
to fulfill our criteria.
If "--import-keys" is enabled, we will prompt the user to
optionally try to retrieve unknown keys. Marking them as trusted locally
is a WIP, but keys which are retrieved successfully and appear on the
builder-keys list will immediately count as being useful towards
fulfilling the threshold.
Logging is improved and an option to output JSON that summarizes the
whole sum signature and binary verification processes has been added.
Co-authored-by: Russ Yanofsky <russ@yanofsky.org>
Co-authored-by: willcl-ark <will8clark@gmail.com>
4becee396f guix: combine and document enable_werror (fanquake)
Pull request description:
Combine into `hardened-glibc`.
Document why we don't use `--disable-werror` directly.
https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
> By default, the GNU C Library is built with -Werror. If you wish
> to build without this option (for example, if building with a
> newer version of GCC than this version of the GNU C Library was
> tested with, so new warnings cause the build with -Werror to fail),
> you can configure with --disable-werror.
ACKs for top commit:
hebasto:
ACK 4becee396f, the diff is correct.
TheCharlatan:
ACK 4becee396f
Tree-SHA512: 8724415f51b4d72d40c4e797faf52c93a81147fb629332b9388ffd7f113f2b16db3b7496bf3063dd978ac629fd5bde3ec7df4f1ff1ed714cb56f316a9334d119
Combine into hardened-glibc.
Document why we don't use --disable-werror directly.
https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
> By default, the GNU C Library is built with -Werror. If you wish
> to build without this option (for example, if building with a
> newer version of GCC than this version of the GNU C Library was
> tested with, so new warnings cause the build with -Werror to fail),
> you can configure with --disable-werror.
This also fixes atleast one --no-substitues build failure I've seen,
where cmake dependencies wouldn't build:
```bash
The following derivations will be built:
/gnu/store/7qqvqq2g7l5ylrjv0gn6zha565a12kar-python-lief-0.12.1.drv
/gnu/store/f9zwh1ldy63ga0i5w6cbbqlj6sfq226j-cmake-3.21.4.drv
/gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv
building /gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv...
/ 'check' phasenote: keeping build directory `/tmp/guix-build-python-sphinx-4.2.0.drv-5'
builder for `/gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv' failed with exit code 1
build of /gnu/store/3wg6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv failed
View build log at '/var/log/guix/drvs/3w/g6ya847id503m5izhzhn1qqs464lfk-python-sphinx-4.2.0.drv.gz'.
cannot build derivation `/gnu/store/f9zwh1ldy63ga0i5w6cbbqlj6sfq226j-cmake-3.21.4.drv': 1 dependencies couldn't be built
cannot build derivation `/gnu/store/7qqvqq2g7l5ylrjv0gn6zha565a12kar-python-lief-0.12.1.drv': 1 dependencies couldn't be built
guix environment: error: build of `/gnu/store/7qqvqq2g7l5ylrjv0gn6zha565a12kar-python-lief-0.12.1.drv' failed
```
285edfadca guix: use osslsigncode 2.5 (fanquake)
Pull request description:
Switches to using a newer version of [osslsigncode](https://github.com/mtrojnar/osslsigncode) in our Guix environment.
achow101 can you test this with some sort of WIndows code-signing dry-run (no-rush).
ACKs for top commit:
achow101:
ACK 285edfadca
Tree-SHA512: 2ab8f65e506bd97e74e76f24e791ae20694e567a751cc57d3a27f31f0733e3530d058ef19825a35dc21d1342e3fffc52d8d643258198c669cc68b6db41bda629
4b7aec2951 Add mempool tracepoints (virtu)
Pull request description:
This PR adds multiple mempool tracepoints.
| tracepoint | description |
| ------------- | ------------- |
| `mempool:added` | Is called when a transaction enters the mempool |
| `mempool:removed` | ... when a transaction is removed from the mempool |
| `mempool:replaced` | ... when a transaction is replaced in the mempool |
| `mempool:rejected` | ... when a transaction is rejected from entering the mempool |
The tracepoints are further documented in `docs/tracing.md`. Usage is demonstrated in the example script `contrib/tracing/mempool_monitor.py`. Interface tests are provided in `test/functional/interface_usdt_mempool.py`.
The rationale for passing the removal reason as a string instead of numerically is that the benefits of not having to maintain a redundant enum-string mapping seem to outweigh the small cost of string generation. The reject reason is passed as string as well, although in this instance the string does not have to be generated but is readily available.
ACKs for top commit:
0xB10C:
ACK 4b7aec2951
achow101:
ACK 4b7aec2951
Tree-SHA512: 6deb3ba2d1a061292fb9b0f885f7a5c4d11b109b838102d8a8f4828cd68f5cd03fa3fc64adc6fdf54a08a1eaccce261b0aa90c2b8c33cd5fd3828c8f74978958
Tracepoints for added, removed, replaced, and rejected transactions.
The removal reason is passed as string instead of a numeric value, since
the benefits of not having to maintain a redundant enum-string mapping
seem to outweigh the small cost of string generation. The reject reason
is passed as string as well, although here the string does not have to
be generated but is readily available.
So far, tracepoint PRs typically included two demo scripts: a naive
bpftrace script to show raw tracepoint data and a bcc script for a more
refined view. However, as some of the ongoing changes to bpftrace
introduce a certain degree of unreliability (running some of the
existing bpftrace scripts was not possible with standard kernels and
bpftrace packages on latest stable Ubuntu, Debian, and NixOS), this PR
includes only a single bcc script that fuses the functionality of former
bpftrace and bcc scripts.
2c9eb4afe1 guix: use cmake-minimal over cmake (fanquake)
1475515312 guix: use coreutils-minimal over coreutils (fanquake)
4445621415 guix: use bash-minimal over bash (fanquake)
Pull request description:
Minimal versions of the same packages, that should still be sufficient for our use:
> (define-public bash-minimal
;; A stripped-down Bash for non-interactive use.
> (define-public coreutils-minimal
;; Coreutils without its optional dependencies.
> ;;; This minimal variant of CMake does not include the documentation. It is
;;; used by the cmake-build-system.
(define-public cmake-minimal
ACKs for top commit:
TheCharlatan:
ACK 2c9eb4afe1
Sjors:
tACK 2c9eb4afe1
achow101:
ACK 2c9eb4afe1
hebasto:
ACK 2c9eb4afe1,
Tree-SHA512: f91ca9e088b8346b20c2affc80870c31640de3aedcfcc0fb98a5e82c77ef64537870b88552f26759d31d8d0956b1fd685e6c25d5acbc92f5feaececd1a7dd37e
14fac808bd verify-commits: Mention git v2.38.0 requirement (Andrew Chow)
bb86887527 verify-commits: Skip checks for commits older than trusted roots (Andrew Chow)
5497c14830 verify-commits: Use merge-tree in clean merge check (Andrew Chow)
76923bfa09 verify-commits: Remove all allowed commit exceptions (Andrew Chow)
53b07b2b47 verify-commits: Move trusted-keys valid sig check into verify-commits itself (Andrew Chow)
Pull request description:
Currently the `verify-commits.py` script does not work well with maintainers giving up their commit access. If a key is removed from `trusted-keys`, any commits it signed previously will fail to verify, however keys cannot be kept in the list as it would allow that person to continue to push new commits. Furthermore, the `trusted-keys` used depends on the working tree which `verify-commits.py` itself may be modifying. When the script is run, the `trusted-keys` may be the one that is intended to be used, but the script may change the tree to a different commit with a different `trusted-keys` and use that instead!
To resolve these issues, I've updated `verify-commits.py` to load the `trusted-keys` file and check the keys itself rather than delegating that to `gpg.sh` (which previously read in `trusted-keys`). This avoids the issue with the tree changing.
I've also updated the script so that it stops modifying the tree. It would do this for the clean merge check where it would checkout each individual commit and attempt to reapply the merges, and then checking out the commit given as a cli arg. `git merge-tree` lets us do basically that but without modifying the tree. It will give us the object id for the resulting tree which we can compare against the object id of the tree in the merge commit in question. This also appears to be quite a bit faster.
Lastly I've removed all of the exception commits in `allow-revsig-commits`, `allow-incorrect-sha512-commits`, and `allow-unclean-merge-commits` since all of these predate the commits in `trusted-git-root` and `trusted-sha512-root`. I've also updated the script to skip verification of commits that predate `trusted-git-root`, and skip sha512 verification for those that predate `trusted-sha512-root`.
ACKs for top commit:
Sjors:
ACK 14fac808bd
glozow:
Concept ACK 14fac808bd
Tree-SHA512: f9b0c6e1f1aecb169cdd6c833b8871b15e31c2374dc589858df0523659b294220d327481cc36dd0f92e9040d868eee6a8a68502f3163e05fa751f9fc2fa8832a
fab17f08e2 Revert "[contrib] verify-commits: Add MarcoFalke fingerprint" (MarcoFalke)
Pull request description:
This reverts commit fa24329334.
The commit may be signed by my key, but I haven't checked it. Also, I haven't checked the new `contrib/verify-commits/trusted-git-root`.
ACKs for top commit:
achow101:
ACK fab17f08e2
glozow:
ACK fab17f08e2
Tree-SHA512: 485fb302f7e42704412afffd6c09a031f63df18f259b27282b8373d5bf95b0ec72426cec476d88bf23e793a6e1dae4c1df2059645961806e34b50448ebf1862a
61bb4e783b lint: enable E722 do not use bare except (Leonardo Lazzaro)
Pull request description:
Improve test code and enable E722 lint check.
If you want to catch all exceptions that signal program errors, use except Exception: (bare except is equivalent to except BaseException:).
Reference: https://peps.python.org/pep-0008/#programming-recommendations
ACKs for top commit:
MarcoFalke:
lgtm ACK 61bb4e783b
Tree-SHA512: c7497769d5745fa02c78a20f4a0e555d8d3996d64af6faf1ce28e22ac1d8be415b98e967294679007b7bda2a9fd04031a9d140b24201e00257ceadeb5c5d7665
d5d4b75840 guix: combine glibc hardening options into hardened-glibc (fanquake)
c49f2b8eb5 guix: remove no-longer needed powerpc workaround (fanquake)
74c9893989 guix: use glibc 2.27 for all Linux builds (fanquake)
Pull request description:
Build against glibc 2.27 for all Linux builds (previously only used for RISC-V), and at the same time, increase our minimum required glibc to 2.27 (2018). This would drop support for Ubuntu Xenial (16.04) & Debian Stretch (9), from the produced release binaries. Compiling from source on those systems may be possible, assuming you can install a recent enough compiler/toolchain etc.
ACKs for top commit:
hebasto:
ACK d5d4b75840, I have reviewed the code and it looks OK, I agree it can be merged.
Tree-SHA512: 910f0ef45b4558f2a45d35a5c1c39aaac97e8aff086dc4fc1eddbb80c0b6e4bd23667d64e21d0fd42e4db37b6f26f447ca5d1150bb861128af7e71fb42835cf8
Instead of having gpg.sh check against the trusted keys for a valid
signature, do it inside of verify-commits itself.
This also allows us to use the same trusted-keys throughout the
verify-commits.py check rather than it possibly being modified during
the clean merge check.
To prepare for the removal of laanwj's key from trusted key, the trusted
git root needs to be newer than the most recent merge commit signed by
his key.
1c07500dbb contrib: make DNS seeds file an argument in CLI (brunoerg)
Pull request description:
Instead of using `makeseeds.py` this way:
```sh
python3 makeseeds.py -a asmap-filled.dat < seeds_main.txt > nodes_main.txt
```
We could use the DNS seeds file as an argument since it is a required one. It improves the way the script handles it when that file is missing as well as makes this script more friendly.
E.g:
```sh
python3 makeseeds.py -a asmap-filled.dat -s seeds_main.txt > nodes_main.txt
```
ACKs for top commit:
vincenzopalazzo:
ACK 1c07500dbb
Tree-SHA512: bddf728d5d376659155f5bbeb1fa0d42aa273ec4a0cf5687f4d3f3be85625f541d392f30008e3c9d2c65967cb882deb36af34330994727771be73c9adeb521e0
Now that we can build a bdb-only depends prefix, there is no need to
maintain a bdb-building bash script, that does the same things as
depends, except worse, as it's missing patches and workarounds. i.e #26623.
fa8fe5b696 scripted-diff: Use new python 3.7 keywords (MarcoFalke)
fa2a23548a Revert "contrib: Fix capture_output in getcoins.py" (MarcoFalke)
dddd462137 Bump minimum python version to 3.7 (MarcoFalke)
Pull request description:
While there is nothing that requires a bump, it may require less maintenance to drop python3.6 support. Python3.7 is available through the package manager on all currently supported operating systems.
ACKs for top commit:
jamesob:
ACK fa8fe5b696
hebasto:
ACK fa8fe5b696
Tree-SHA512: f6e080d8751948bb0e01c87be601363158f345e8037b70ce7e1bc507c611eb61600e4f24f1d2f8a6e7e44877ab09319302869e33ce8118c4c4f71fc89c0a1198
4bb91be124 debian: remove nonexistent files from copyright (fanquake)
Pull request description:
The removed files were dropped during a secp256k1 subtree update.
Top commit has no ACKs.
Tree-SHA512: 19ef1cf76908b5468265cc25b76abf8cf3a1dd0d5f7390f9cf4c5cd4c421c8cb04b5991ded7102add896d06555696a8059df37fd1d8f7374487a12dfa594c9cd
e6864fa157 contrib: remove builder keys (fanquake)
Pull request description:
This has been superseded by adding a builder-keys/ directory in
guix.sigs, where the presence of keys, and validity of signatures
is checked. Preventing issues like missing keys or invalid signatures.
New (or exisiting) Guix builders can add their key in the next PR
they open adding attestations.
Related to issues like #26566, #26563.
Also follows up with the comment here: https://github.com/bitcoin/bitcoin/pull/26565#issuecomment-1326053939.
ACKs for top commit:
hebasto:
ACK e6864fa157, modulo s/update/remove/ in the PR tittle.
Tree-SHA512: 095b4cf12ed0baeaf0ee7b8edcb3e2647e9c0f812e8fd63915ddb454f81dacc9c2d2b409de2773b7adb5ff643893d614d8aad1bc44c26da648e1bbbe19e11e05
22e9afe40d use sha256 command instead of sha256sum on FreeBSD (Murray Nesbitt)
Pull request description:
The FreeBSD version of `sha256sum` takes different arguments than the GNU version.
The `sha256_check` function in `contrib/install_db4.sh` has code specific to FreeBSD, however it doesn't get reached because while the `sha256sum` command does exist on FreeBSD, it is incompatible and results in an error:
```
sha256sum: option requires an argument -- c
usage: sha256sum [-pqrtx] [-c file] [-s string] [files ...]
```
This change moves the FreeBSD-specific code before the check for the `sha256sum` command.
Fixes: #26774
Top commit has no ACKs.
Tree-SHA512: 2485e2e7d8fdca3b072b29fb22bbdfd69e520740537b331b33c64cc645b63da712cfa63a23bdf039bbc92a6558fc7bf03323a51784bf601ff360ff0ef59506c8
3ae76ea6dd scripted-diff: Insert missed copyright header (Hennadii Stepanov)
306ccd4927 scripted-diff: Bump copyright headers (Hennadii Stepanov)
Pull request description:
This PR bumps the existing copyright headers, as we did every year, and adds a missed one.
Top commit has no ACKs.
Tree-SHA512: 5f6b02e2baad21750e3dd8f0612bb6e7e2cfa6a743c669f26baf5a39c168b2d3a92afae1ce2dad59b70492175186c38f172c4ee68fc7ac87a4d85330429ca054
This has been superseded by adding a builder-keys/ directory in
guix.sigs, where the presence of keys, and validity of signatures
is checked. Preventing issues like missing keys or invalid signatures.
New (or exisiting) Guix builders can add their key in the next PR
they open adding attestations.
Since seed lines comes with 'str' type, comparing it directly with 0
('int' type) in the if statement was not working at all. This is fixed
by casting 'int' type to the values in the 'good' column of seeds text file.
Lines that starts with comment in the seeds text file are now ignored.
If statement for checking bad seeds are moved to the top of the 'parseline'
function as if seed is bad, there is no point of going forward from there.
ccba4fe7e3 doc: Add completion subdir to contrib/README.md (willcl-ark)
7075848f96 script: Add fish completions (willcl-ark)
a27a445b71 refactor: Sub-folder bash completions (willcl-ark)
Pull request description:
The completions are dynamically generated from the respective binary
help pages.
Completions should be sourced into the shell or added to
`$XDG_CONFIG/fish/completions`. See [where to put completions](https://fishshell.com/docs/current/completions.html#where-to-put-completions) for more information.
As the completions are auto-generated they should only require as much maintenance as the bash equivalents, which is to say very little!
ACKs for top commit:
achow101:
ACK ccba4fe7e3
josibake:
ACK ccba4fe7e3
Tree-SHA512: fe6ed899ea1fe90f82970bde7739db11dd0c845ccd70b65f28ad5212f75b57d9105a3a7f70ccdff552d5b21fa3fe9c697d128fb10740bae31fe1854e716b4b8b
Completions are dynamically generated from the respective binary help
pages.
Completions should be sourced into the shell or added to
$XDG_CONFIG/fish/completions.
29ef26ae25 build: Drop unneeded linking of `contrib/devtools/` scripts (Hennadii Stepanov)
77779c3717 script: Improve `test-{security,symbol}-check.py` robustness (Hennadii Stepanov)
Pull request description:
The build system targets `make test-security-check`, `make -C src check-security` and `make -C src check-symbols` run `contrib/devtools/{test-,}{security,symbol}-check.py` scripts from the top source directory, i.e. `$(top_srcdir)` in the current Autotools-based build system.
This renders needless of linking of those scripts into the build directory.
Both build systems, the current Autotools-based and the future CMake-based, benefit from this simplification.
ACKs for top commit:
fanquake:
ACK 29ef26ae25
Tree-SHA512: 442b6aa116615d01eabc58b6ded67d9c6993033a071bb7008afdb956c468b65bb2b51705aeaed60fd68211dd2b9c8b8e2234babd45abd022daff391c00091165
This change allows to use the `test-{security,symbol}-check.py` scripts
when building out of source tree with no need to link scripts into the
build directory.
51a08f41ff signet/miner: reduce default interblock interval limit to 30min (Anthony Towns)
Pull request description:
Reduces the cap on the time between blocks from 60 minutes to 30 minutes, and makes it configurable.
Top commit has no ACKs.
Tree-SHA512: 7b880c50e47d055a2737c057fab190017748849d264c6c39dde465959a544d502221d12c6307d4de693f51badb4779b9c147e48775ede6ec6613e808067ab279
Our required Python version 3.6.12 does not support `capture_output` as
a subprocess.run argument; this was added in python 3.7.
We can emulate it by setting stdout and stderr to subprocess.PIPE
fa2b8ae0a2 util: improve bitcoin-wallet exit codes (MacroFake)
Pull request description:
Refactors `bitcoin-wallet` so that it doesn't return a non-zero exit code by default, and makes the option handling more inline with the other binaries. i.e outputting `Error: too few parameters` if you don't pass any options.
Fixing this means we can check the process output in `gen-manpages.py`; which addresses the remaining [review comment](https://github.com/bitcoin/bitcoin/pull/24263#discussion_r806126705) from #24263.
Top commit has no ACKs.
Tree-SHA512: 80bd8098faefb4401ca1e4d49937ef6c960cf60ce0e7fb9dc38904fbc2fd92e319ec04570381da84943b7477845bf6be00e977f4c0451b247a6698662ce8f1bf
d0433a3153 guix: Drop perl package (Hennadii Stepanov)
55e468f149 build: Add `-no-mimetype-database` option to qt package in depends (Hennadii Stepanov)
Pull request description:
Perl is required only in Qt to create its own MIME database, which we never use.
Guix build on `x86_64`:
```
b63983137239de664edba06834d48fbfc1957d4c56aaf1b2c4cd253bad2856f9 guix-build-d0433a31534d/output/aarch64-linux-gnu/SHA256SUMS.part
f4ea6d24a0248f573a0e6e207f872a964ad061459837e3c44ddc2257871349f9 guix-build-d0433a31534d/output/aarch64-linux-gnu/bitcoin-d0433a31534d-aarch64-linux-gnu-debug.tar.gz
00efef73311e2a231255f7e2010d5a77ec986b60be26be10f27dc24aa84382c7 guix-build-d0433a31534d/output/aarch64-linux-gnu/bitcoin-d0433a31534d-aarch64-linux-gnu.tar.gz
8eaf54f1d867b8279e5bf7db9d57a86b9d63dbb7f17bc8df131336781325ca25 guix-build-d0433a31534d/output/arm-linux-gnueabihf/SHA256SUMS.part
1fc60e3086e09cefef8f3848787c4bf601a017a5e75a1dd322c81916ad737d30 guix-build-d0433a31534d/output/arm-linux-gnueabihf/bitcoin-d0433a31534d-arm-linux-gnueabihf-debug.tar.gz
92b51c48dd7aeb1853345bc17f433c56c3704755008fbe2d5b203145af87b667 guix-build-d0433a31534d/output/arm-linux-gnueabihf/bitcoin-d0433a31534d-arm-linux-gnueabihf.tar.gz
7daadc27af84bfeab98802481c3dbce852613b712db1711f5bf67c36ad54414a guix-build-d0433a31534d/output/arm64-apple-darwin/SHA256SUMS.part
2d1de48b0acfdd6aa3a5dd7c97557463d11ef8a2a12b2227bf555a8d387c3db9 guix-build-d0433a31534d/output/arm64-apple-darwin/bitcoin-d0433a31534d-arm64-apple-darwin-unsigned.dmg
a1fd2d0103295b4a3bda8f8be39df2bb3cef1be18235c20f7a4f13e4f839b9b0 guix-build-d0433a31534d/output/arm64-apple-darwin/bitcoin-d0433a31534d-arm64-apple-darwin-unsigned.tar.gz
abb9c9f2a2506205a236240de3fc602d9bc884a19a8d64ede2d9abf03c29141c guix-build-d0433a31534d/output/arm64-apple-darwin/bitcoin-d0433a31534d-arm64-apple-darwin.tar.gz
13f21eb33c2d0719da0bd5227ea58e5bb625a7fd0bd2af8d1a13efe7a00ab46c guix-build-d0433a31534d/output/dist-archive/bitcoin-d0433a31534d.tar.gz
0a83e8b591fd79d0493f381f1fc849ed89428e43794c9f791e5ee36fa6b945b8 guix-build-d0433a31534d/output/powerpc64-linux-gnu/SHA256SUMS.part
56b592cf691ef22557a03d6083a0603b45caa6ebfd17c0dda6fc870c8612a19f guix-build-d0433a31534d/output/powerpc64-linux-gnu/bitcoin-d0433a31534d-powerpc64-linux-gnu-debug.tar.gz
9d72a57f5bd509aaf48c18bf7d8b27861722242aa85036e7c6512983e6f102ee guix-build-d0433a31534d/output/powerpc64-linux-gnu/bitcoin-d0433a31534d-powerpc64-linux-gnu.tar.gz
0512992f6ee3ca2693121cd4bcb45a23de7759ccd87db67e4f091ada75fca3e1 guix-build-d0433a31534d/output/powerpc64le-linux-gnu/SHA256SUMS.part
b3ccdeac6bc7c36ce5792018dbad81b18a6fb62c4fc67df820796e70f4630100 guix-build-d0433a31534d/output/powerpc64le-linux-gnu/bitcoin-d0433a31534d-powerpc64le-linux-gnu-debug.tar.gz
f4c11cbd56431f5d257dff881a46d7ddf83b3d3a2e05c5e88e5575c4bb552960 guix-build-d0433a31534d/output/powerpc64le-linux-gnu/bitcoin-d0433a31534d-powerpc64le-linux-gnu.tar.gz
ad71196a5af12eedb906fb009b8f635933fa2bf83586b4b2360f6b84f52998ca guix-build-d0433a31534d/output/riscv64-linux-gnu/SHA256SUMS.part
6fe7dbb772e91dccec781b4d7a47cc8179ba0fb4614a3da6423679a4539ae96e guix-build-d0433a31534d/output/riscv64-linux-gnu/bitcoin-d0433a31534d-riscv64-linux-gnu-debug.tar.gz
f8fb450f627791b20e56d00bc9544984120fe22d9644318bc01cf027914b7338 guix-build-d0433a31534d/output/riscv64-linux-gnu/bitcoin-d0433a31534d-riscv64-linux-gnu.tar.gz
fb741950e3699fe2ffa44754e493a28b06c00ce12f9a4c073e38dd960bfe805d guix-build-d0433a31534d/output/x86_64-apple-darwin/SHA256SUMS.part
47dfb3eb3526c319ed528c24f19dda4ee3e6e03ca36d62f31207bad65083be76 guix-build-d0433a31534d/output/x86_64-apple-darwin/bitcoin-d0433a31534d-x86_64-apple-darwin-unsigned.dmg
4e306e35e7c885791694762d10fbc4e563466a2240036c3e1fc877c2806ac583 guix-build-d0433a31534d/output/x86_64-apple-darwin/bitcoin-d0433a31534d-x86_64-apple-darwin-unsigned.tar.gz
ac71e5164142225fc018f47d278d5450a28de05259f41437a7c4183708d8681d guix-build-d0433a31534d/output/x86_64-apple-darwin/bitcoin-d0433a31534d-x86_64-apple-darwin.tar.gz
f670fbe6652211d57dca9c79a6e37023b40d32117cf5e0d28dd9ba6247af1d61 guix-build-d0433a31534d/output/x86_64-linux-gnu/SHA256SUMS.part
94b23c572cac60f7ce1f7851e1aa0c8d41cc5fa5863089027aa8d524b6940d91 guix-build-d0433a31534d/output/x86_64-linux-gnu/bitcoin-d0433a31534d-x86_64-linux-gnu-debug.tar.gz
6d48a676f126eea585ab352c6bc923341903d891da6e8c4d4e2e168b8d6c4820 guix-build-d0433a31534d/output/x86_64-linux-gnu/bitcoin-d0433a31534d-x86_64-linux-gnu.tar.gz
23bb6919646725bfe35f4e3eb1beedb3ee4f49dc0b410d47185a2e06fb0184e3 guix-build-d0433a31534d/output/x86_64-w64-mingw32/SHA256SUMS.part
a92202b0c397aede252c433dbf83d5094141d5263f32d1078a052da7cf23059b guix-build-d0433a31534d/output/x86_64-w64-mingw32/bitcoin-d0433a31534d-win64-debug.zip
11d84ad174e12f3342764b47f42e32a55bd6d277416dcf6b05556173ace48430 guix-build-d0433a31534d/output/x86_64-w64-mingw32/bitcoin-d0433a31534d-win64-setup-unsigned.exe
436364e555e57090472600b5486af8bdefe0baaab7441b919e23f90d01a3347f guix-build-d0433a31534d/output/x86_64-w64-mingw32/bitcoin-d0433a31534d-win64-unsigned.tar.gz
e193bf3179194d68d88e295d0ef830ef77ddb504bc0f9aa17f84b537b275ddde guix-build-d0433a31534d/output/x86_64-w64-mingw32/bitcoin-d0433a31534d-win64.zip
```
ACKs for top commit:
fanquake:
ACK d0433a3153 - with the cavaet that I haven't looked at the qt changes, or the effects of using the `-no-mimetype-database` flag, at all. Also performed a Guix build from scratch with this branch rebased on master.
jarolrod:
ACK d0433a3153
Tree-SHA512: d6dc9bb19e793027d818aee0e248e59fdbf4f4ff46d55538f30e1731254c4739de342a3e917ae7d3f3bc1b6451667b9e8984a6522a1fcece7891c51502a420e8
0cd7928133 guix: use git-minimal over git (fanquake)
Pull request description:
From the [git-minimal package definition](https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/version-control.scm?id=998eda3067c7d21e0d9bb3310d2f5a14b8f1c681#n597):
> The size of the closure of 'git-minimal' is two thirds that of 'git'.
> Its test suite runs slightly faster and most importantly it doesn't
> depend on packages that are expensive to build such as Subversion.
We don't need any git functionality above the basics, so switch to `git-minimal` and save CPU when building the package, while also pruning the greater dependency graph (see `dependencies:` below). Note that git-minimal also lists `riscv64-linux` as a supported system, where `git` does not.
```diff
-name: git
+name: git-minimal
version: 2.37.3
outputs:
-+ send-email: see Appendix H
-+ svn: see Appendix H
-+ credential-netrc: see Appendix H
-+ credential-libsecret: see Appendix H
-+ subtree: see Appendix H
-+ gui: see Appendix H
+ out: everything else
-systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux i686-linux armhf-linux powerpc-linux
-dependencies: asciidoc@9.1.0 bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 docbook-xsl@1.79.2 expat@2.4.1 gettext-minimal@0.21 glib@2.70.2 libsecret@0.20.4 openssl@1.1.1l pcre2@10.37perl-authen-sasl@2.16perl-cgi@4.52
-+ perl-io-socket-ssl@2.068perl-net-smtp-ssl@1.04perl-term-readkey@2.38 perl@5.34.0 pkg-config@0.29.2 python@3.9.9 subversion@1.14.1 tcl@8.6.11 tk@8.6.11.1 xmlto@0.0.28 zlib@1.2.11
-location: gnu/packages/version-control.scm:222:2
+systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux riscv64-linux i686-linux armhf-linux powerpc-linux
+dependencies: bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 expat@2.4.1 gettext-minimal@0.21 openssl@1.1.1l perl@5.34.0 zlib@1.2.11
+location: gnu/packages/version-control.scm:608:2
homepage: https://git-scm.com/
license: GPL 2
synopsis: Distributed version control system
```
Guix Build (x86_64):
```bash
da4adca0304f19833893867418c8827e0213c58a1b605753355340a5f270754a guix-build-0cd7928133eb/output/aarch64-linux-gnu/SHA256SUMS.part
38c2b5f8e560018911ed776660fcd2aa8b6061a59af26118f06e23c9a335e80c guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu-debug.tar.gz
de117782318d6e0ed55efaae7b2f11d033fe05e7a72fbda3ef7bbcbc758add69 guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu.tar.gz
6ae8ebfac28c43488b9aa386b9a87937789a57e54dc1d77a9c7b95323a417abc guix-build-0cd7928133eb/output/arm-linux-gnueabihf/SHA256SUMS.part
97f5d9d14eeb4b2926304c142fa6c46b7126524b8f836655704f5643b58b9436 guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf-debug.tar.gz
37815ea73941cf0a870e5ac4aafe9249a63ed1eeaa37440de23c2d9bf2b77be8 guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf.tar.gz
64cd484fa48968dc7063c4f501e1ff62d1ba46ae9975bfa060a3c88e2a98d232 guix-build-0cd7928133eb/output/arm64-apple-darwin/SHA256SUMS.part
4e7e0daaf0ac1b5ed5a7e5ee8085e5e6446c48e70161f78938acd0e916c55729 guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.dmg
0f2b534d16482e536552c7b3de605bd71997b898755fe5a9ac39b36aea2698b6 guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.tar.gz
03cd1f509c60919c2ad1503d2f98be444c9770b62c4d303cb4cbdc1100ce131d guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin.tar.gz
1e28183c1c314921a8404b72283bb861dff28061310c18535618683b097e7e61 guix-build-0cd7928133eb/output/dist-archive/bitcoin-0cd7928133eb.tar.gz
0f6459568d0369528ad35622d5378feccdac319eed618418841c22cc137cbd05 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/SHA256SUMS.part
1cf0c8a48add60082c381935630b59a0bd483a7eda97f04b72dcb05143135109 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu-debug.tar.gz
5332f148efa1579b077747c8c7d6c763d31804d4ac454abaf34a3e2374c9b6b2 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu.tar.gz
5fc03945c2ab86ba43395ccf32cf4b338dcceb446e106c0f6e660dac47224183 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/SHA256SUMS.part
5cfabdb27dc8fb7de402c558e5f962ac4fdaf2c344d201f27f7ed1370a550407 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu-debug.tar.gz
ba265df6803d472434ecb3ad44983965a5eca1ccd42fea64760309ff70d17ee5 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu.tar.gz
ff40a374f215eb3010291569b8ed1958054e408469fc8b2fe97a30cca0ad5451 guix-build-0cd7928133eb/output/riscv64-linux-gnu/SHA256SUMS.part
7b7b89ac1905d58f1e96a7840c018a556c472015a44442d0742bf758cb5f67ca guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu-debug.tar.gz
10431bd8ffca82dd9c59f568272a1e7473cf474996f750d9bed4b576591fcff1 guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu.tar.gz
4ef532d8dbe42900146a5b3e02de2a6a59d66b3c66a4b9d919d3aeb0e9637ab1 guix-build-0cd7928133eb/output/x86_64-apple-darwin/SHA256SUMS.part
77a1abe4139c19d227309216e29cf55dae06c4469412b457c9f0e8cf1eccc25c guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.dmg
33028b640efab25648d0ec1abe9e91abc983706623ca9e2e7ac5fbfca0970909 guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.tar.gz
e10d2d5617b8b1a33a622d5904d2bd8eaf57a5b3605e22ef916a57105db2311e guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin.tar.gz
bf65d3574afed2e017c9625d38cc31e0f2cbb7f1e8a9ce346644ea3dbb938d13 guix-build-0cd7928133eb/output/x86_64-linux-gnu/SHA256SUMS.part
ce3810e70c97b2698822e4f46fa64dfa12353f7b54400e671b64868e3e4d3472 guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu-debug.tar.gz
4055370c15b199d1efef47cc262d9c43a3652dcd237a9434197ca3be4931b1d2 guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu.tar.gz
e59ed970d1db5d4839fa67957945628f6919ef5491f4a595f89ed3d8c81f1a76 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/SHA256SUMS.part
19c443fab5cb2fe75c9a5ad51fc022c97e31d7d69e049a889bd06f740f8daf78 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-debug.zip
88f6ca5d299080114532ec550c59eca4a3cdb759d9ea35cb14eba0b135e72436 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-setup-unsigned.exe
bcdb0b7467d3e47a694e51e9bfbaab9d5dc7162efe6c6bf4c303d368272c0cc6 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-unsigned.tar.gz
db1d4bbfab53405080d3abd09d1f05b2642ed513f6d8fcb5d92b9d0b32745293 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64.zip
```
Guix Build (arm64):
```bash
da4adca0304f19833893867418c8827e0213c58a1b605753355340a5f270754a guix-build-0cd7928133eb/output/aarch64-linux-gnu/SHA256SUMS.part
38c2b5f8e560018911ed776660fcd2aa8b6061a59af26118f06e23c9a335e80c guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu-debug.tar.gz
de117782318d6e0ed55efaae7b2f11d033fe05e7a72fbda3ef7bbcbc758add69 guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu.tar.gz
6ae8ebfac28c43488b9aa386b9a87937789a57e54dc1d77a9c7b95323a417abc guix-build-0cd7928133eb/output/arm-linux-gnueabihf/SHA256SUMS.part
97f5d9d14eeb4b2926304c142fa6c46b7126524b8f836655704f5643b58b9436 guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf-debug.tar.gz
37815ea73941cf0a870e5ac4aafe9249a63ed1eeaa37440de23c2d9bf2b77be8 guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf.tar.gz
64cd484fa48968dc7063c4f501e1ff62d1ba46ae9975bfa060a3c88e2a98d232 guix-build-0cd7928133eb/output/arm64-apple-darwin/SHA256SUMS.part
4e7e0daaf0ac1b5ed5a7e5ee8085e5e6446c48e70161f78938acd0e916c55729 guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.dmg
0f2b534d16482e536552c7b3de605bd71997b898755fe5a9ac39b36aea2698b6 guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.tar.gz
03cd1f509c60919c2ad1503d2f98be444c9770b62c4d303cb4cbdc1100ce131d guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin.tar.gz
1e28183c1c314921a8404b72283bb861dff28061310c18535618683b097e7e61 guix-build-0cd7928133eb/output/dist-archive/bitcoin-0cd7928133eb.tar.gz
0f6459568d0369528ad35622d5378feccdac319eed618418841c22cc137cbd05 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/SHA256SUMS.part
1cf0c8a48add60082c381935630b59a0bd483a7eda97f04b72dcb05143135109 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu-debug.tar.gz
5332f148efa1579b077747c8c7d6c763d31804d4ac454abaf34a3e2374c9b6b2 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu.tar.gz
5fc03945c2ab86ba43395ccf32cf4b338dcceb446e106c0f6e660dac47224183 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/SHA256SUMS.part
5cfabdb27dc8fb7de402c558e5f962ac4fdaf2c344d201f27f7ed1370a550407 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu-debug.tar.gz
ba265df6803d472434ecb3ad44983965a5eca1ccd42fea64760309ff70d17ee5 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu.tar.gz
ff40a374f215eb3010291569b8ed1958054e408469fc8b2fe97a30cca0ad5451 guix-build-0cd7928133eb/output/riscv64-linux-gnu/SHA256SUMS.part
7b7b89ac1905d58f1e96a7840c018a556c472015a44442d0742bf758cb5f67ca guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu-debug.tar.gz
10431bd8ffca82dd9c59f568272a1e7473cf474996f750d9bed4b576591fcff1 guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu.tar.gz
4ef532d8dbe42900146a5b3e02de2a6a59d66b3c66a4b9d919d3aeb0e9637ab1 guix-build-0cd7928133eb/output/x86_64-apple-darwin/SHA256SUMS.part
77a1abe4139c19d227309216e29cf55dae06c4469412b457c9f0e8cf1eccc25c guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.dmg
33028b640efab25648d0ec1abe9e91abc983706623ca9e2e7ac5fbfca0970909 guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.tar.gz
e10d2d5617b8b1a33a622d5904d2bd8eaf57a5b3605e22ef916a57105db2311e guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin.tar.gz
bf65d3574afed2e017c9625d38cc31e0f2cbb7f1e8a9ce346644ea3dbb938d13 guix-build-0cd7928133eb/output/x86_64-linux-gnu/SHA256SUMS.part
ce3810e70c97b2698822e4f46fa64dfa12353f7b54400e671b64868e3e4d3472 guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu-debug.tar.gz
4055370c15b199d1efef47cc262d9c43a3652dcd237a9434197ca3be4931b1d2 guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu.tar.gz
e59ed970d1db5d4839fa67957945628f6919ef5491f4a595f89ed3d8c81f1a76 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/SHA256SUMS.part
19c443fab5cb2fe75c9a5ad51fc022c97e31d7d69e049a889bd06f740f8daf78 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-debug.zip
88f6ca5d299080114532ec550c59eca4a3cdb759d9ea35cb14eba0b135e72436 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-setup-unsigned.exe
bcdb0b7467d3e47a694e51e9bfbaab9d5dc7162efe6c6bf4c303d368272c0cc6 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-unsigned.tar.gz
db1d4bbfab53405080d3abd09d1f05b2642ed513f6d8fcb5d92b9d0b32745293 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64.zip
```
ACKs for top commit:
hebasto:
ACK 0cd7928133, I have reviewed the code and it looks OK. I have also checked out the usage of the `git-minimal` in the `git-download` Guix module which is being used. Did not compare actual build dependences while building from scratch.
jarolrod:
ACK 0cd7928133
Tree-SHA512: f949c4d2f9560f98b8a418a981da38bbb9cfee5d0814bea6bb676b7193f3cbddafd23a92f852ee59c6a68c9c282095e6368cb65c5f2352b2ab54f9692575349c
644772b9ef message-capture-parser: fix AssertionError on parsing `headers` message (Sebastian Falbesoner)
Pull request description:
If a test framework message's field name is in the list of `HASH_INT_VECTORS`, we currently assume that it _always_ has to contain a vector of integers and throw otherwise:
0ebd4db32b/contrib/message-capture/message-capture-parser.py (L82-L83)
(introduced in PR #25367, commit 42bbbba7c8).
However, that assumption is too strict. The (de)serialization field name "headers" is used in two different message types, one for `cfcheckpt` (where it is serialized as an integer vector), and another time for `headers` (where it is serialized as a vector of `CBlockHeader`s). Parsing the latter fails as it is not an integer vector and thus triggers the assert.
Fix this by adding the integer type check as additional condition to the `HASH_INT_VECTORS` check rather than asserting.
Fixes#25954.
ACKs for top commit:
glozow:
ACK 644772b9ef
Tree-SHA512: c98a107f6703c6c1a81771907c25bcc171c631b57fd605fbebaedd93d651e2ef02fb5601853a9bc7d659ab531c5f47770181173a36ea2b37f584aa7a37b66505
2ef33e936e contrib: update testnet torv3 hardcoded seeds (Jon Atack)
Pull request description:
As a follow-up to https://github.com/bitcoin/bitcoin/issues/13550 and #22060, replace the mostly unreachable testnet torv3 hardcoded seeds from v0.22 with new ones that are consistently reachable recently and that have service bit 1 set.
This needs to be done before v24.0 to make sure onion-only testnet nodes can still connect to the network.
Ways to test:
- Re-generate `src/chainparamsseeds.h` with `cd contrib/seeds && python3 generate-seeds.py . > ../../src/chainparamsseeds.h`, check if git tree stays the same
- Re-compile and create a new testnet node with `bitcoind -testnet -dnsseed=0 -onlynet=onion -proxy=127.0.0.1:9050` (or delete `~/.bitcoin/testnet3/peers.dat` and launch bitcoind with `-testnet -dnsseed=0`). Make sure there are no `addnode=` in your `bitcoin.conf`. The debug log should print "Adding fixed seeds". Check if the node is able to connect to the network and get blocks with for ex. `watch -t ./src/bitcoin-cli -testnet -rpcwait -netinfo 4`
- Check the addrman contains the seeds by running for ex. `bitcoin-cli -rpcwait -testnet getnodeaddresses 0 onion | jq -r '.[] | (.address + ":" + (.port|tostring) + " " + (.services|tostring))' | sort`
- Check if the addresses are connectable, for ex. with this python script by laanwj:
```python3
#!/usr/bin/env python3
import pprint
import subprocess
with open('contrib/seeds/nodes_test.txt') as f:
for line in (line for line in (line.rstrip().split('#', 1)[0] for line in f) if line):
pprint.pprint(line)
subprocess.call(["nc", "-v", "-x", "127.0.0.1:9050", "-z"] + line.split(':'))
```
Thanks to satsie (Stacie Waleyko) for help with the list.
ACKs for top commit:
satsie:
ACK 2ef33e936e
laanwj:
ACK 2ef33e936e
Tree-SHA512: 72d27ecba243089bd49c11e921855fba626a1e09ae9b17508254a3bbec4bec341ed6c3d5a4eabc2d37f20bafb8a47ecc7d125e0dda956512a9525ad83273ffd6
From the git-minimal package definition:
> The size of the closure of 'git-minimal' is two thirds that of 'git'.
> Its test suite runs slightly faster and most importantly it doesn't
> depend on packages that are expensive to build such as Subversion.
We don't need any fancy / additional git functionality above the basics,
so switch to git-minimal and save some CPU, while also pruning the
greater dependency graph.
```diff
-name: git
+name: git-minimal
version: 2.37.3
outputs:
-+ send-email: see Appendix H
-+ svn: see Appendix H
-+ credential-netrc: see Appendix H
-+ credential-libsecret: see Appendix H
-+ subtree: see Appendix H
-+ gui: see Appendix H
+ out: everything else
-systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux i686-linux armhf-linux powerpc-linux
-dependencies: asciidoc@9.1.0 bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 docbook-xsl@1.79.2 expat@2.4.1 gettext-minimal@0.21 glib@2.70.2 libsecret@0.20.4 openssl@1.1.1l pcre2@10.37perl-authen-sasl@2.16perl-cgi@4.52
-+ perl-io-socket-ssl@2.068perl-net-smtp-ssl@1.04perl-term-readkey@2.38 perl@5.34.0 pkg-config@0.29.2 python@3.9.9 subversion@1.14.1 tcl@8.6.11 tk@8.6.11.1 xmlto@0.0.28 zlib@1.2.11
-location: gnu/packages/version-control.scm:222:2
+systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux riscv64-linux i686-linux armhf-linux powerpc-linux
+dependencies: bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 expat@2.4.1 gettext-minimal@0.21 openssl@1.1.1l perl@5.34.0 zlib@1.2.11
+location: gnu/packages/version-control.scm:608:2
homepage: https://git-scm.com/
license: GPL 2
synopsis: Distributed version control system
```
If a test framework message's field name is in the list of
`HASH_INT_VECTORS`, we currently assume that it _always_ has to contain
a vector of integers and throw otherwise (introduced in PR #25367,
commit 42bbbba7c8). However, that
assumption is too strict. In this concrete case, the (de)serialization
field name "headers" is used in two different message types, one for
`cfcheckpt` (where it is serialized as an integer vector), and another
time for `headers` (where it is serialized as a vector of
`CBlockHeader`s). Fix by adding the integer type check as additional
condition to the `HASH_INT_VECTORS` check rather than asserting.
Fixes#25954.
With the release of binutils/ld 2.36, ld swapped to much improved
default settings when producing windows binaries with mingw-w64. One of
these changes was to stop stripping the .reloc section from binaries,
which is required for working ASLR.
.reloc section stripping is something we've accounted for previously,
see #18702. The related upstream discussion is in this thread:
https://sourceware.org/bugzilla/show_bug.cgi?id=19011.
When we switched to using a newer Guix time-machine in #23778, we begun
using binutils 2.37 to produce releases. Since then, our windows
installer (produced with makensis) has not functioned correctly when run on
a Windows system with the "Force randomization for images (Mandatory ASLR)"
option enabled. Note that all of our other release binaries, which all
contain .reloc sections, function fine under the same option, so it
cannot be just the presence of a .reloc section that is the issue.
For now, restore makensis to it's pre-binutils-2.36 behaviour, which
fixes the produced installer. The underlying issue can be further
investigated in future.
Similar to 8588591965.
```bash
ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft
validate_path(context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path
return _validate_path(validation_context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.a145bf2.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path
raise PathValidationError(pretty_message(
certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-07-27 12:00:00Z
```
Pass `--enable-default-pie` and `--enable-default-ssp` when configuring
our GCCs. This achieves the following:
--enable-default-pie
Turn on -fPIE and -pie by default.
--enable-default-ssp
Turn on -fstack-protector-strong by default.
Note that this isn't a replacement for passing hardneing flags
ourselves, but introduces some redundency, and there isn't really a
reason to not build a more "hardenings enabled" toolchain by default.
See also:
https://gcc.gnu.org/install/configure.html
Both glibcs we build support `--enable-bind-now`:
Disable lazy binding for installed shared objects and programs.
This provides additional security hardening because it enables full RELRO
and a read-only global offset table (GOT), at the cost of slightly
increased program load times.
See:
https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
Pass `--enable-stack-protector=all` when building the glibc used for the
RISC-V toolchain, to enable stack smashing protection on all functions,
in the glibc code.
71a751f6c3 test: add test for decoding PSBT with per-input preimage types (Sebastian Falbesoner)
faf43378e2 refactor: move helper `random_bytes` to util library (Sebastian Falbesoner)
fdc1ca3896 test: add constants for PSBT key types (BIP 174) (Sebastian Falbesoner)
1b035c03f9 refactor: move PSBT(Map) helpers from signet miner to test framework (Sebastian Falbesoner)
7c0dfec2dd refactor: move `from_binary` helper from signet miner to test framework (Sebastian Falbesoner)
597a4b35f6 scripted-diff: rename `FromBinary` helper to `from_binary` (signet miner) (Sebastian Falbesoner)
Pull request description:
This PR adds missing test coverage for the `decodepsbt` RPC in the case that a PSBT with on of the per-input preimage types (`PSBT_IN_RIPEMD160`, `PSBT_IN_SHA256`, `PSBT_IN_HASH160`, `PSBT_IN_HASH256`; see [BIP 174](https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki#Specification)) is passed. As preparation, the first four commits move the already existing helpers for (de)serialization of PSBTs and PSBTMaps from the signet miner to the test framework (in a new module `psbt.py`), which should be quite useful for further tests to easily create PSBTs.
ACKs for top commit:
achow101:
ACK 71a751f6c3
Tree-SHA512: 04f2671612d94029da2ac8dc15ff93c4c8fcb73fe0b8cf5970509208564df1f5e32319b53ae998dd6e544d37637a9b75609f27a3685da51f603f6ed0555635fb
ebe106a754 add glozow to trusted-keys (glozow)
Pull request description:
For maintaining mempool and policy areas of the codebase, as discussed yesterday's meeting: https://gnusha.org/bitcoin-core-dev/2022-06-30.log
ACKs for top commit:
Sjors:
ACK ebe106a754 and congrats!
achow101:
ACK ebe106a754
theuni:
ACK ebe106a754
dergoegge:
ACK ebe106a754
sipa:
ACK ebe106a754, though relying on others to verify the PGP key.
laanwj:
ACK ebe106a754
josibake:
ACK ebe106a754 (i have not personally signed this key, but verified it matches other places glozow has posted her key)
Xekyo:
ACK ebe106a754.
brunoerg:
ACK ebe106a754
fanquake:
ACK ebe106a754
hebasto:
ACK ebe106a754, confirming my approval given at the IRC meeting.
Tree-SHA512: 215ff8872ea3fa9ca35b25e74a668e50c2e7be3ff653f8d6fd213ac878c33b90bba9defc59a000c644a9df1b06a826eb5d97a89b3c6cca24b5a87c6ab739b01b
5bff18bce5 guix: patch gcc 10 with pthreads to remap guix store paths (Andrew Chow)
Pull request description:
The only thing preventing windows from being cross architecture reproducible is a single guix store winpthreads path in the debug symbols. This can be removed by patching libgcc to use `-ffile-prefix-map` so that the debug symbol will be mapped to a fixed `/usr` instead of the guix store path which depends on the building architecture.
x86_64
```
2e585c4a66e930b5e273e89b8aeddc9c3bd1c8375b19d988a6fff64f0d49edfd guix-build-5bff18bce5d9/output/dist-archive/bitcoin-5bff18bce5d9.tar.gz
b9235dc1a8541e840231cfafd0d971bd5e8a3ea7d5331c4d7af9dbfdabc6905b guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/SHA256SUMS.part
f82d861de60e22fc7dd731bef60a3e4399b5317eb16e41e92ded171490d1a578 guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-debug.zip
bfd59561c3cfce91b09d05b17cfc67cd70cb78eea39ea863119870260a8dbdec guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-setup-unsigned.exe
3d049d98c6add13b0eb4c7adcf0d3ae59d1eab09799292a2c900de0ad067912a guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-unsigned.tar.gz
7af4c34c47f349028ec1f4c2edea547bd9fa30d1c67977d482607a9c6bf2ddee guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64.zip
```
arm64
```
2e585c4a66e930b5e273e89b8aeddc9c3bd1c8375b19d988a6fff64f0d49edfd guix-build-5bff18bce5d9/output/dist-archive/bitcoin-5bff18bce5d9.tar.gz
b9235dc1a8541e840231cfafd0d971bd5e8a3ea7d5331c4d7af9dbfdabc6905b guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/SHA256SUMS.part
f82d861de60e22fc7dd731bef60a3e4399b5317eb16e41e92ded171490d1a578 guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-debug.zip
bfd59561c3cfce91b09d05b17cfc67cd70cb78eea39ea863119870260a8dbdec guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-setup-unsigned.exe
3d049d98c6add13b0eb4c7adcf0d3ae59d1eab09799292a2c900de0ad067912a guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64-unsigned.tar.gz
7af4c34c47f349028ec1f4c2edea547bd9fa30d1c67977d482607a9c6bf2ddee guix-build-5bff18bce5d9/output/x86_64-w64-mingw32/bitcoin-5bff18bce5d9-win64.zip
```
ACKs for top commit:
fanquake:
ACK 5bff18bce5
hebasto:
ACK 5bff18bce5, I have reviewed the code and it looks OK. Confirming reproducibility for `x86_64` and `arm64` platforms.
Tree-SHA512: 7cc34e6348e4cab847a7b8745179fceced0f37d639cf2ae81748dd73820809ea8f5e049b5b3ce2b912528491967e33fafd56e75aa47714e09b41859091433c5d
54faac9689 guix: Remove guix store paths from glibc (Andrew Chow)
1d4d711de2 guix: Map all guix store prefixes to /usr (Andrew Chow)
Pull request description:
This cherry-picks two commits from #24615, with minor edits. When building master, only the `x86_64-apple-darwin` build is reproducible across x86_64 and arm64. With these two changes we get x86_64 -> arm64 reproducibility for:
* `powerpc64-linux-gnu`
* `powerpc64le-linux-gnu`
* `x86_64-apple-darwin`
* `x86_64-linux-gnu`
We can't compare `aarch64-linux-gnu`, because we can't currently build for `aarch64-linux-gnu` on `aarch64-linux-gnu`/`arm64`. See (#22458).
For all the other hosts, the reproducibility issues are known / being worked on (see discussion in #24615). However there's no real reason to wait for those to be fixed before merging these changes, as it'd be great to have cross arch reproducibility just for `x86_64-linux-gnu`. I'm also unsure about the approach taken in that PR in regards to the libtool changes (and think there might even be a Guix bug involved).
As I've added to the patch file, we may be able to drop these patches and use `--with-nonshared-cflags` when we are building newer versions of glibc.
Guix Build (x86_64):
```bash
1eadc59775a209e707539a6bdfe4c96e13a17f5373bfaf6477a65c1a44b2459d guix-build-54faac968971/output/arm-linux-gnueabihf/SHA256SUMS.part
1f424e448223a1e1ee1658efeb3bcc0d8b08a2a2bdc9d2dc779c931b956b527f guix-build-54faac968971/output/arm-linux-gnueabihf/bitcoin-54faac968971-arm-linux-gnueabihf-debug.tar.gz
212f55cf55dac34a3a6471bf0585f5ba1ed0a4801e9c0003961617881edb7ee7 guix-build-54faac968971/output/arm-linux-gnueabihf/bitcoin-54faac968971-arm-linux-gnueabihf.tar.gz
f920fdc9407371be8fc5638a0f5ce2f1202889d820bda4451096d162b5d28d94 guix-build-54faac968971/output/arm64-apple-darwin/SHA256SUMS.part
066098fe095a3dd46fa3c84e459aca1e8e4b3d564ab3f20a2542c8c46dd37b5a guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin-unsigned.dmg
d2dc320975f8ec67595c274fcb7eda56c18ba72b905160537be97408cfdf1baf guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin-unsigned.tar.gz
68013ac011ebac25e8ee2d2421266c66d1e20d309133eb6121ba89807e17fda5 guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin.tar.gz
d992dd9f50fec89e0bdf63e8e9352ebcd2b503424cb441f01c06074aa0b63b0e guix-build-54faac968971/output/dist-archive/bitcoin-54faac968971.tar.gz
e26ea298d15a87ce484afa59ca0c36ecfd173314b440e091cd93de11fe2dd91c guix-build-54faac968971/output/powerpc64-linux-gnu/SHA256SUMS.part
1a17091e7e515cc89a2e0a91a08ea0deb48847d5650be936f3365449002a59a5 guix-build-54faac968971/output/powerpc64-linux-gnu/bitcoin-54faac968971-powerpc64-linux-gnu-debug.tar.gz
63ce21f6ee3a971a7a4533934ec559c727d2e3fc123fb65b2dec622168af76d5 guix-build-54faac968971/output/powerpc64-linux-gnu/bitcoin-54faac968971-powerpc64-linux-gnu.tar.gz
267ff9d9ed3d8108033d676218399c4e56ba83eb30a3b4a6417cac8d1ce5e2f4 guix-build-54faac968971/output/powerpc64le-linux-gnu/SHA256SUMS.part
a0db19b9829bd65067e2075c2d3e55065d03a4456a31ccb3ed8a70f7f3dcf1a0 guix-build-54faac968971/output/powerpc64le-linux-gnu/bitcoin-54faac968971-powerpc64le-linux-gnu-debug.tar.gz
9971ba819854a77306358b31ddc2d21074b8cca57cfd8ce7f2ca83a1cc8f0a46 guix-build-54faac968971/output/powerpc64le-linux-gnu/bitcoin-54faac968971-powerpc64le-linux-gnu.tar.gz
e18fe6d4db3048368db25846555a30ec97f71dcfdfcc3e86d7fe46c33c762a26 guix-build-54faac968971/output/riscv64-linux-gnu/SHA256SUMS.part
4879fd332bee8570e6edfe5d0cbd3eea7df18f058ed25286aedb377858e27793 guix-build-54faac968971/output/riscv64-linux-gnu/bitcoin-54faac968971-riscv64-linux-gnu-debug.tar.gz
470fafbab9d7328e172c658f58fd6f62f7890ce5d3dfe3bbfacd717b6d2c00f3 guix-build-54faac968971/output/riscv64-linux-gnu/bitcoin-54faac968971-riscv64-linux-gnu.tar.gz
6b119a38b8ac1dd50e3cee69e8464ab21d624217cb3f50a1aef216e9ece27946 guix-build-54faac968971/output/x86_64-apple-darwin/SHA256SUMS.part
afff2a8184007d6a3eaf7b6735417e7b9b404a801306c71f7d653907055d442c guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin-unsigned.dmg
775298169fa45197f5b560e5581d6e3c021ed009487065f7e3a042914396b3cd guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin-unsigned.tar.gz
51b0d2adae63aeca021621ec25278c202e82d8bc3ef5e7a9d2bfd93bd7a3fcab guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin.tar.gz
ca9cd0083083ec1632a37396076fef638c00fed99efbb9e39521195867746301 guix-build-54faac968971/output/x86_64-linux-gnu/SHA256SUMS.part
0e5a017bca3c0a2a466d230a470ec9c44b5d0bfd60d98f62a3a54f4cccb8cd23 guix-build-54faac968971/output/x86_64-linux-gnu/bitcoin-54faac968971-x86_64-linux-gnu-debug.tar.gz
3b26566a553f17ccbcbf548675d0e8ce47a58a1e23c6b7c9792565117a223855 guix-build-54faac968971/output/x86_64-linux-gnu/bitcoin-54faac968971-x86_64-linux-gnu.tar.gz
fa2f240f7bd7cfadfeb08188c044c8e34fd9c24785f4e2035c1256c3173c5589 guix-build-54faac968971/output/x86_64-w64-mingw32/SHA256SUMS.part
0212ae95d100c9a4dbe062a14b49952279c91cbf352c786369320c3ed006c23a guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-debug.zip
750aa7c31cfa1bd5e0ae3f2ea52e526a73f1d3879b9f1a365967bbc317d4cca4 guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-setup-unsigned.exe
f7bdda020d299df778fd68ad556d8124d87f7f9f0c4a77b62e05db20f5bbec2b guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-unsigned.tar.gz
d7f8b16634ceb95db3d28a024827a51f689dc0ab34ed40f205861bbc254f6206 guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64.zip
```
Guix Build (arm64):
```bash
e4492294c284054e8378f8ac0c08b5d2efe5eeeec57ca12c3192da87a4dd4266 guix-build-54faac968971/output/arm-linux-gnueabihf/SHA256SUMS.part
1f424e448223a1e1ee1658efeb3bcc0d8b08a2a2bdc9d2dc779c931b956b527f guix-build-54faac968971/output/arm-linux-gnueabihf/bitcoin-54faac968971-arm-linux-gnueabihf-debug.tar.gz
b2c454f589afea22d5126be14d1b9eb3aed7d99d59e50591db18c2cc3f190b23 guix-build-54faac968971/output/arm-linux-gnueabihf/bitcoin-54faac968971-arm-linux-gnueabihf.tar.gz
575bbf78dd6002a7a5653277c24cd8d98471b6454e0801b558ac2a754788f2fa guix-build-54faac968971/output/arm64-apple-darwin/SHA256SUMS.part
03d8175e0db26b56fee757b307b8b519e4df0c639caa6afdfdea5ce7de63ecc4 guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin-unsigned.dmg
8ab4e3a65f09168b42c40ec736e507eb3e9b787d27a56db21a3c601e81d81262 guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin-unsigned.tar.gz
43024487cf0120a0a42aeba228f01f2a5303d2940d838f59106fa246a484662d guix-build-54faac968971/output/arm64-apple-darwin/bitcoin-54faac968971-arm64-apple-darwin.tar.gz
d992dd9f50fec89e0bdf63e8e9352ebcd2b503424cb441f01c06074aa0b63b0e guix-build-54faac968971/output/dist-archive/bitcoin-54faac968971.tar.gz
e26ea298d15a87ce484afa59ca0c36ecfd173314b440e091cd93de11fe2dd91c guix-build-54faac968971/output/powerpc64-linux-gnu/SHA256SUMS.part
1a17091e7e515cc89a2e0a91a08ea0deb48847d5650be936f3365449002a59a5 guix-build-54faac968971/output/powerpc64-linux-gnu/bitcoin-54faac968971-powerpc64-linux-gnu-debug.tar.gz
63ce21f6ee3a971a7a4533934ec559c727d2e3fc123fb65b2dec622168af76d5 guix-build-54faac968971/output/powerpc64-linux-gnu/bitcoin-54faac968971-powerpc64-linux-gnu.tar.gz
267ff9d9ed3d8108033d676218399c4e56ba83eb30a3b4a6417cac8d1ce5e2f4 guix-build-54faac968971/output/powerpc64le-linux-gnu/SHA256SUMS.part
a0db19b9829bd65067e2075c2d3e55065d03a4456a31ccb3ed8a70f7f3dcf1a0 guix-build-54faac968971/output/powerpc64le-linux-gnu/bitcoin-54faac968971-powerpc64le-linux-gnu-debug.tar.gz
9971ba819854a77306358b31ddc2d21074b8cca57cfd8ce7f2ca83a1cc8f0a46 guix-build-54faac968971/output/powerpc64le-linux-gnu/bitcoin-54faac968971-powerpc64le-linux-gnu.tar.gz
603e09db23e20ee834cfdeaa58517fa6795779131f76c8e67c79ee4118043ba6 guix-build-54faac968971/output/riscv64-linux-gnu/SHA256SUMS.part
4879fd332bee8570e6edfe5d0cbd3eea7df18f058ed25286aedb377858e27793 guix-build-54faac968971/output/riscv64-linux-gnu/bitcoin-54faac968971-riscv64-linux-gnu-debug.tar.gz
aad8eb83730dbf079ee2c894e33ebf6df78e302500493b10e72a2aab9fa51b49 guix-build-54faac968971/output/riscv64-linux-gnu/bitcoin-54faac968971-riscv64-linux-gnu.tar.gz
6b119a38b8ac1dd50e3cee69e8464ab21d624217cb3f50a1aef216e9ece27946 guix-build-54faac968971/output/x86_64-apple-darwin/SHA256SUMS.part
afff2a8184007d6a3eaf7b6735417e7b9b404a801306c71f7d653907055d442c guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin-unsigned.dmg
775298169fa45197f5b560e5581d6e3c021ed009487065f7e3a042914396b3cd guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin-unsigned.tar.gz
51b0d2adae63aeca021621ec25278c202e82d8bc3ef5e7a9d2bfd93bd7a3fcab guix-build-54faac968971/output/x86_64-apple-darwin/bitcoin-54faac968971-x86_64-apple-darwin.tar.gz
ca9cd0083083ec1632a37396076fef638c00fed99efbb9e39521195867746301 guix-build-54faac968971/output/x86_64-linux-gnu/SHA256SUMS.part
0e5a017bca3c0a2a466d230a470ec9c44b5d0bfd60d98f62a3a54f4cccb8cd23 guix-build-54faac968971/output/x86_64-linux-gnu/bitcoin-54faac968971-x86_64-linux-gnu-debug.tar.gz
3b26566a553f17ccbcbf548675d0e8ce47a58a1e23c6b7c9792565117a223855 guix-build-54faac968971/output/x86_64-linux-gnu/bitcoin-54faac968971-x86_64-linux-gnu.tar.gz
da10e58c2616b7d96fb00d24f34834b737b190c91bd533fc11130c5faf77d697 guix-build-54faac968971/output/x86_64-w64-mingw32/SHA256SUMS.part
7b69ac09edb7795b61242d8b929808b7615e4011f1d312d495cc9410ded6c574 guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-debug.zip
750aa7c31cfa1bd5e0ae3f2ea52e526a73f1d3879b9f1a365967bbc317d4cca4 guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-setup-unsigned.exe
f7bdda020d299df778fd68ad556d8124d87f7f9f0c4a77b62e05db20f5bbec2b guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64-unsigned.tar.gz
e90e9a7e86839cbbde7b17610b7fb6eb9a960703232d3b92040dce8df55861bd guix-build-54faac968971/output/x86_64-w64-mingw32/bitcoin-54faac968971-win64.zip
```
ACKs for top commit:
laanwj:
ACK 54faac9689
Tree-SHA512: 258e7de8e8df00995b6e952ef10d054ad127237265811eaafa537501be84459ae8f8f638618365d81e4eee8b7013db768b61c343d68e46d1d90a194bdc26b852
4e569c8bd8 guix: remove explicit glibc stack protector disabling (fanquake)
Pull request description:
While glibc 2.25 and newer *can* be built with stack-smashing-protection
enabled, it isn't used by default, and still isn't, as of glibc 2.35,
so I can't see a reason to explicitly disable it.
I'd also like to move in the direction of enabling, by default,
hardening options for the toolchains we build, so removing the explicit
disabling is a step in that direction.
Will be following up with some changes based on this change.
Guix Build (x86_64):
```bash
954b393f5c775919e32b725a45aa93af8a5e75ead348f904304c0367583b41ff guix-build-4e569c8bd85e/output/aarch64-linux-gnu/SHA256SUMS.part
0ff27062ba2ac4c11a966de2d9aea070f54ab5c255068dd992b19fcb33661ffd guix-build-4e569c8bd85e/output/aarch64-linux-gnu/bitcoin-4e569c8bd85e-aarch64-linux-gnu-debug.tar.gz
bf48baf97e21467ce439f6e733cf3a20732adee01bb1d98aa9519c2ec54b5f41 guix-build-4e569c8bd85e/output/aarch64-linux-gnu/bitcoin-4e569c8bd85e-aarch64-linux-gnu.tar.gz
041eac2a2e045e2283cc78361adcc2232c5eecc9ad465624499225a4ad44f5fe guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/SHA256SUMS.part
7a3bbca762f6c3c4fd851fbf74a2f00c21d98c211de5baa06d0ba2fc59505694 guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf-debug.tar.gz
89e0260075472d10d02de7e3bb382d87f9ffb3d548f533aab0ba7e39f4c796df guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf.tar.gz
96f893eefaa9fb5af41f46eece3831a3956a5a9ab1f825e4c17c5675bd020bbe guix-build-4e569c8bd85e/output/arm64-apple-darwin/SHA256SUMS.part
65865e481d33e1023adef769ca9a38ca8cdf03e8476a61f1724bb1ab0bc54750 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.dmg
38da0510c34d9c2bff98da60c873593c6a85bc6f73025990daaa8d5b022819c0 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.tar.gz
a1b5ccda7780df15fda2131d260542e57601fed2c18092edaa3094c23eafd99d guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin.tar.gz
f1e4fb6d96420865ee1cfdc10960d8b0407ae49d367d5df1901510a8a87a69bf guix-build-4e569c8bd85e/output/dist-archive/bitcoin-4e569c8bd85e.tar.gz
5cc5e3193435bdd0aafc1a43e1dfc7582e585a27453e92e3383ceb8ba6c162ad guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/SHA256SUMS.part
56bfeecb15b0c59dcccb31d1d5df978e7bb9c60bc0661638af7b263958cb8d4d guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu-debug.tar.gz
46e61a752ba3ac1e553c82f4615854c27b38b9c2e5abd318840d3d5383e1384d guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu.tar.gz
52ea9adf7b3a88fa88e89b53852d1d7917af959bee0b67c218959b1123f67c57 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/SHA256SUMS.part
2a1a65bd55cc9c83ccbb296e7fe41d5b313466cf8d70ef8aec81aa47e346e422 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu-debug.tar.gz
b8dbcf97a83a1dd53d23eeafa714e3a3cb8d0b087c060978137e47fdab2b261f guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu.tar.gz
87e3823e246e139ad14c4d44c8e2ed5e1bebea1a02d3931e66232505a1b35463 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/SHA256SUMS.part
1307b92c608b1001628fda1792fbcb61183286cff707be930bcb1d887f5a4b02 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu-debug.tar.gz
0f660a9165a26f627be913e6bf1bb81cbabebee742031d0a75131a7e380e6c8a guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu.tar.gz
d530151878bdf70c0913a12ba1aa49dad9ba62ac9edd70cda3982fd0fe327e93 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/SHA256SUMS.part
dc3a9ee571854066ea03d60c1f2b8012fdff12ea1e74ab4ce02b1effc6689436 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.dmg
94c0522390e5650d91d63c6afa5bce895a60c17c1365e0d87a898c2868093dc9 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.tar.gz
364d72282e8824d5dffe184fc10bdcbc9cdf96e8c0ac379b8392e1e1992e3307 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin.tar.gz
0d3ce4cbf3444fc9a3c488f12ef7b73d07b85bcf3d4d9500b689d44506a79818 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/SHA256SUMS.part
f584d494db5594ae2bc06e09f8e68c11e446bc82cb8a1dfa6afee5d3a079b5af guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu-debug.tar.gz
ea0e9316dd25ebee9023f3c65cb99fe846de6fe56152d4926005f9da500a502c guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu.tar.gz
a41966b6d13aa1e702cc357bbedfd51bcb431caa39bb904efd9611e3a945bf1c guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/SHA256SUMS.part
5f150613204341d91a4b755c74120e233567187ba4f9151a12e39e5304efb3a1 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-debug.zip
6a94dc9c5dcb2a4448a37573baab50f405e08af0d5a4de8a8046cba5445153e4 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-setup-unsigned.exe
31fe85ba31ed84ebbbc4cc42f593e1de1811c1ecc9a0a094d05b0914bd151174 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-unsigned.tar.gz
0a6d590c26a47c51192e4003ad97ecd6b7ad91c8f8612ea310fb324bce5dc15a guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64.zip
```
Guix Build (arm64):
```bash
2ce621cb469772c318a29b21bc4dd546353130a688a5ecb66373256c7be2c37a guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/SHA256SUMS.part
13abe55069581ca711529d058a8e5de732c6630a94b7e912e9c31f606241c264 guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf-debug.tar.gz
7a60cd7d9aee30bc8e08cf9d52bd032f82e48214c81130e2f61ca3da71c01477 guix-build-4e569c8bd85e/output/arm-linux-gnueabihf/bitcoin-4e569c8bd85e-arm-linux-gnueabihf.tar.gz
d614a4acfed70f61814a5c26bf51594e0cc666fc3dadc3df805e5cc608835550 guix-build-4e569c8bd85e/output/arm64-apple-darwin/SHA256SUMS.part
c9d5705b947c461ade878d7a0110ae5b34b384991f5bf6e86db0b79f421d4f81 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.dmg
c1897d204e75b9ef8a58fb3f2c85d9c306b05dbd6c8f74a2b4ccfbd85aed5574 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin-unsigned.tar.gz
1c9e188d76c18785d4500c1c7ab0e049cf35c878803266580913e8cc4bd01bf6 guix-build-4e569c8bd85e/output/arm64-apple-darwin/bitcoin-4e569c8bd85e-arm64-apple-darwin.tar.gz
f1e4fb6d96420865ee1cfdc10960d8b0407ae49d367d5df1901510a8a87a69bf guix-build-4e569c8bd85e/output/dist-archive/bitcoin-4e569c8bd85e.tar.gz
f3e7d6b6aca3ca4f150e0e91e9532f4eb21c4f60ab1c21b6ecfaa9c862f9f8a8 guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/SHA256SUMS.part
48e630949976ee298bccf01cfbbb7fea29c9bd0bc658cf0564d4a3e1997556e8 guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu-debug.tar.gz
9e30c4987f3657ba6499a78c5c578e430c55f71991fc9ad6f3ecf4847ed1814e guix-build-4e569c8bd85e/output/powerpc64-linux-gnu/bitcoin-4e569c8bd85e-powerpc64-linux-gnu.tar.gz
128ce9194e377b013baceafc4ddba0f70c239e36057c9dc0a9213caa34c5064f guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/SHA256SUMS.part
8e4a41c07e9427de4054069c3af668157372cc6cd86d758c0b35b7ed906e5365 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu-debug.tar.gz
da6924709b35f7fbaf9b7b772e0f14be5b583e9453b0cae58b6a5b1e159580c7 guix-build-4e569c8bd85e/output/powerpc64le-linux-gnu/bitcoin-4e569c8bd85e-powerpc64le-linux-gnu.tar.gz
2415604bf3651ea18dcbb4ec5bf73372bdc19c80aa316b864de20c8a5df4bf34 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/SHA256SUMS.part
8f6ee4b69fb33b40ad505c091684258ded340ab9936b554f8fa4e499d4da1155 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu-debug.tar.gz
0a941d44532287288a9859c35fdaa940c940c1e8f4a17b7994e3796c9a668d57 guix-build-4e569c8bd85e/output/riscv64-linux-gnu/bitcoin-4e569c8bd85e-riscv64-linux-gnu.tar.gz
d530151878bdf70c0913a12ba1aa49dad9ba62ac9edd70cda3982fd0fe327e93 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/SHA256SUMS.part
dc3a9ee571854066ea03d60c1f2b8012fdff12ea1e74ab4ce02b1effc6689436 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.dmg
94c0522390e5650d91d63c6afa5bce895a60c17c1365e0d87a898c2868093dc9 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin-unsigned.tar.gz
364d72282e8824d5dffe184fc10bdcbc9cdf96e8c0ac379b8392e1e1992e3307 guix-build-4e569c8bd85e/output/x86_64-apple-darwin/bitcoin-4e569c8bd85e-x86_64-apple-darwin.tar.gz
047d3eae54136b7f5fb20487fb2c57455dda6bb88594065b71843400fbc41824 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/SHA256SUMS.part
8bfb97bcab8d5e0a86a2a8d20be5215d8bb615a8b6c3ad69e1db5028caf2dd29 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu-debug.tar.gz
4962550d7d113e8544a33e2ffa5a0e77e172984c17bfa461a631bf08dc7cc545 guix-build-4e569c8bd85e/output/x86_64-linux-gnu/bitcoin-4e569c8bd85e-x86_64-linux-gnu.tar.gz
5ad1661c475308c6df102aee51261e36583fe0f5f73713d7f19384b63755a3c5 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/SHA256SUMS.part
62cf3e15e638f48bd0931a847ba5e5636422fb6bd00da41251c1f636d39c5822 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-debug.zip
6a94dc9c5dcb2a4448a37573baab50f405e08af0d5a4de8a8046cba5445153e4 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-setup-unsigned.exe
31fe85ba31ed84ebbbc4cc42f593e1de1811c1ecc9a0a094d05b0914bd151174 guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64-unsigned.tar.gz
a3c7db0ca4b557810b5e5f1ec14cecaf47b5bf51631798d8675243bb6ecedf8f guix-build-4e569c8bd85e/output/x86_64-w64-mingw32/bitcoin-4e569c8bd85e-win64.zip
```
ACKs for top commit:
laanwj:
Code review ACK 4e569c8bd8
Tree-SHA512: 7f75c304ec67d824ce17be1acb0d67c3946cc346444abcac0a13762365566d101aa784f92dd28ef15b664f1a5f64ae1f60ca91b2538de7ea08a7684bf33cda0d
Without ffile-prefix-map, the debug symbols will contain paths for the
guix store which will include the hashes of each package. However, the
hash for the same package will differ when on different architectures.
In order to be reproducible regardless of the architecture used to build
the package, map all guix store prefixes to something fixed, e.g. /usr.
We might be able to drop this in favour of using --with-nonshared-cflags
when we being using newer versions of glibc.
Without ffile-prefix-map, the debug symbols will contain paths for the
guix store which will include the hashes of each package. However, the
hash for the same package will differ when on different architectures.
In order to be reproducible regardless of the architecture used to build
the package, map all guix store prefixes to something fixed, e.g. /usr.
While glibc 2.25 and newer *can* be built with stack-smashing-protection
enabled, it isn't used by default, and still isn't, as of glibc 2.35,
so I can't see a reason to explicitly disable it.
I'd also like to move in the direction of enabling, by default,
hardening options for the toolchains we build, so removing the explicit
disabling is a step in that direction.
Will be following up with some changes based on this PR.
