ab649ce459450533ffdf068b00472259b72cf07a guix: documented shasum gathering command (janb84)
Pull request description:
When a PR requires proof of Guix builds (sha256sums), the PR author or reviewer uses a not well documented command to collect the sha256sums of build outputs or manually gathers them from files.
This pull request introduces a new section in the documentation, providing some documentation on the command's functionality and usage.
ACKs for top commit:
willcl-ark:
ACK ab649ce459450533ffdf068b00472259b72cf07a
sedited:
ACK ab649ce459450533ffdf068b00472259b72cf07a
Tree-SHA512: 0188663ad117b636c7d32a1b655db97610f558cfcffe4abd6f0fb097b3990db0dc6d23ab972926fefd2531b21f429742dcbea6b0fa579d22d5da7a7d6a4c753e
fa37928536e0048a262260baf998ead026b14bb9 build: Temporarily remove confusing and brittle -fdebug-prefix-map (MarcoFalke)
Pull request description:
The compiler option `-fdebug-prefix-map` is unconditionally set by the build system. This is problematic for many reasons:
* Users and devs have no easy way to disable it without modifying the build system source code
* The mapping is broken since the cmake migration, and requires manual fixups such as https://github.com/bitcoin/bitcoin/issues/31204 or https://github.com/bitcoin/bitcoin/issues/31957
Fix all issues by temporarily removing it.
Though, the option is kept for the guix build, so that no change in behavior is observed for the release binaries.
Fixes https://github.com/bitcoin/bitcoin/issues/31957
Fixes https://github.com/bitcoin/bitcoin/issues/31204
The option can be added back in the future, if there is any need to. Though, adding it back should ideally work out of the box, or at least provide easy workarounds for all commonly used tooling.
ACKs for top commit:
pinheadmz:
ACK fa37928536e0048a262260baf998ead026b14bb9
l0rinc:
ACK fa37928536e0048a262260baf998ead026b14bb9
hebasto:
ACK fa37928536e0048a262260baf998ead026b14bb9.
Tree-SHA512: 5c76faab36ec516b286c2b5b2404e1488c0c4fbc678904593b0acb9c8da9b1db1b41436a22e6aa2f2671650288ccf635554773ef3144dc1df6ea838afce07ecb
2a746500fa769f83405349bcffa3f0971b92a2de ci: migrate some jobs to Debian Trixie, use GCC 14 (fanquake)
fb0e6edfe88145fea6d96feb24ab45d3f43438ed guix: Apply SSA generation patch to maintain determinism (Mara van der Laan)
34909799fe60055a34f524f7d89bd1a0c02567c1 guix: use GCC 14.3.0 over 13.3.0 (fanquake)
47be9122a7f5e37bcd955fe82c2bebcec73703e9 guix: disable gprofng in GCC (fanquake)
ea29329eb706fe4ed57226df59c5d6fe43aa3167 guix: build GCC with --enable-host-bind-now (fanquake)
6f54e267d01d548e5e7aa05e48a5dc859675e6a9 guix: disable libquadmath in GCC (fanquake)
7735901ed266b08912829c701c78893933c48524 guix: disable building libgomp in GCC (fanquake)
Pull request description:
Switching to using GCC 14.x for release builds has come up multiple times recently. It will eventually be needed for #25573, and could also be useful for #30210.
ACKs for top commit:
hebasto:
ACK 2a746500fa769f83405349bcffa3f0971b92a2de. I have reviewed the code and it looks OK. The new GCC patch looks reasonable.
theuni:
utACK 2a746500fa769f83405349bcffa3f0971b92a2de
sedited:
ACK 2a746500fa769f83405349bcffa3f0971b92a2de
Tree-SHA512: 56912bed19386f06d52fb94e0ef6d96f5415ab2de8b5e94890806d7cc0b937a3c4b11cc161aa2e06ca2fd3c392ef7501c91688e0897e1c1c51aafa963f3e50d9
41e657aacfa605ac2de08ef26f2b536810f3e55a guix: add bitcoin-qt runtime libs doc in symbol-check (fanquake)
ef4ce19a1545d81dcf95b07e04628557a57451e2 depends: freetype 2.11.1 (fanquake)
Pull request description:
Update freetype to `2.11.1`.
Updating fontconfig (currently `2.12.6`) to `2.13.1` requires what looks like a hard dep on gperf; leaving that as-is for now.
Document expectations in `symbol-check.py`.
Closes#29977 (changes are based on discussion there).
ACKs for top commit:
sedited:
ACK 41e657aacfa6
Tree-SHA512: 71c4ccc442df0b90bebc475003eb325564111b8312c42bc7d7a9c81a2fc166fdc0814c9ddde3cfe562c3c835556e7f97107458b02a07b981b1a199bf65d5ac1d
7b90b4f5bb10e2156709b07e3996f867e2421232 guix: reduce allowed exported symbols (fanquake)
Pull request description:
Need to double-check, but pretty sure this is atleast partly from #33181.
ACKs for top commit:
sedited:
Nice, ACK 7b90b4f5bb10e2156709b07e3996f867e2421232
Tree-SHA512: 538c03dc32aab9b3e18100e8ffa0d664aea5ceba6aafee9e8e0894c2d02eea3b3fb09733cf7b5bd0aefb6b56d0ac3b92f28da932e135b23f55404efd8f43664a
libfreetype and libfontconfig are our two remaining runtime libs for
bitcoin-qt. According to #29977 Ubuntu 22.04 should be considered the
baseline for what is supported. Document that.
Closes#29977.
Starting with Python 3.11, Pythons gzip might delegate to zlib.
Depending on the OS, i.e Ubuntu vs Fedora, the underlying zlib
implementation might differ, resulting in different output.
For now, or until a better solution exists, disable compression. This
results in the SDK increasing in size to ~157mb. Which is not
unreasonable, to regain determinism (and would be significantly worse
without the previous commit).
See: https://docs.python.org/3/library/gzip.html#gzip.compress
Co-authored-by: stickies-v <stickies-v@protonmail.com>
2594d5a189e52052c2019faccaa47f2affdc48e1 build: Remove CMAKE_SKIP_BUILD_RPATH and SKIP_BUILD_RPATH settings (Henry Romp)
Pull request description:
Remove CMAKE_SKIP_BUILD_RPATH and SKIP_BUILD_RPATH settings that are no longer needed after reordering the Guix build script to perform binary checks after installation.
This PR also removes the unused CMake maintenance targets (`check-security` and `check-symbols`) and updates the Guix security checks to include binaries in the `libexec/` directory (added in PR #31679).
ACKs for top commit:
purpleKarrot:
ACK 2594d5a189e52052c2019faccaa47f2affdc48e1
hebasto:
ACK 2594d5a189e52052c2019faccaa47f2affdc48e1.
Tree-SHA512: ed451a298f5aae05c177b0033b092faaa7536caeaa3d84da9b8b611e2aa905e1dd337e57aef0efd69ce6ce6ac0cf77dc57adf175079b95bf53dd96d5d0c8118b
Remove CMake settings that are no longer needed after reordering Guix build script to perform binary checks after installation.
Also removes unused CMake maintenance targets (check-security and check-symbols) and updates security checks to include libexec/ directory binaries (see PR #31679).
This causes issues when building against newer glibcs (i.e 2.42), and isn't needed
in any case.
```bash
../../../../gcc-14.3.0/libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cpp:483:31: error: invalid application of ‘sizeof’ to incomplete type ‘__sanitizer::termio’
483 | unsigned struct_termio_sz = sizeof(struct termio);
| ^~~~~~~~~~~~~~~~~~~~~
```
Extracted from #25573.
59c4898994bde3d86168075f0031c9d5a9ac5c8f guix: remove python-pydantic-core input from LIEF (fanquake)
9f2a6927d3a9fc1ac536f8fb24a89582e39f24d6 guix: use Clang & LLVM 19 for macOS build (fanquake)
9570ddbec9cb20c268f78ff5e581a65e00864773 guix: update time-machine to 5cb84f2013c5b1e48a7d0e617032266f1e6059e2 (fanquake)
7b5cc276aa0a7aeea7e535b0fd30a0b6811000d9 guix: patch around riscv issue with newer (2.40+) binutils (fanquake)
91b5cbaabbca49a8bd9df6da2506070b31482892 ci: use Debian Trixie for macOS cross job (fanquake)
Pull request description:
5cb84f2013 isn't super recent, but it's enough to get access to some newer packages, such as LLVM 19, and avoids having to add any further work arounds for things that we know are fixed later (i.e nsis). Once things upstream have stabilized a bit more (the `core-updates` branch was fairly recently merged), we could look at bumping to something newer.
Package updates:
(base) glibc 2.35 -> 2.39
binutils 2.38 -> 2.41
diffutils 3.8 -> 3.10
gawk 5.2.1 -> 5.3.0
git-minimal 2.45.2 -> 2.46.0
grep 3.8 -> 3.11
gzip 1.12 -> 1.13
linux-headers 6.1.106 -> 6.1.119
make 4.3 -> 4.4.1
xz 5.2.8 -> 5.4.5
CMake 3.30 becomes available.
Clang/LLVM 19 becomes available.
Could be used for #32764.
ACKs for top commit:
hebasto:
re-ACK 59c4898994bde3d86168075f0031c9d5a9ac5c8f.
willcl-ark:
ACK 59c4898994bde3d86168075f0031c9d5a9ac5c8f
Tree-SHA512: c44965d5a315e4c862f5e40d8e98c645713405fec72a61055f95b6c68b7d2dcc69a61a084e397a4556d4c1df18f1cfa7a905234643fe4a7df9c58d486e26c097
4b41f99d57d822dfc258865d1dad03204fe0380f build: Move CMAKE_SKIP_INSTALL_RPATH from CMake to Guix script (Henry Romp)
Pull request description:
Remove `CMAKE_SKIP_INSTALL_RPATH` from CMakeLists.txt and add `CMAKE_SKIP_RPATH` to the Guix build script. This keeps build-environment-specific settings in the build scripts rather than hardcoded in the CMake configuration.
ACKs for top commit:
purpleKarrot:
ACK 4b41f99d57d822dfc258865d1dad03204fe0380f
janb84:
re ACK 4b41f99d57d822dfc258865d1dad03204fe0380f
Tree-SHA512: 74d6af382476d731f10f9833978d670e9981c160ba306d0e9d4b1ad1e9b9960b8d03a3b9b608e234edb1c0c2c7a2b4f9f606a2a7887b7a153792159e71ae9b21
Remove CMAKE_SKIP_INSTALL_RPATH from CMakeLists.txt and add CMAKE_SKIP_RPATH to the Guix build script. This keeps build-environment-specific settings in the build scripts rather than hardcoded in the CMake configuration.
1aaaaa078bb2efed126e3f41ecf7c81ccf005818 fuzz: Drop unused workaround after Apple-Clang bump (MarcoFalke)
fadad7a49477cd61fbbfe20a0a61023c2d4d70a1 Drop support for EOL macOS 13 (MarcoFalke)
Pull request description:
Now that macOS 13 is EOL (https://en.wikipedia.org/wiki/MacOS_Ventura), it seems odd to still support it.
(macOS Ventura 13.7.8 received its final security update on 20 Aug 2025: https://support.apple.com/en-us/100100)
This patch will only be released in version 31.x, another 6 months out from now.
So:
* Update the depends build and release note template to drop EOL macOS 13.
* As a result, update the earliest Xcode to version 16 in CI.
* Also, bump the macOS CI runner to version 15, to avoid issues when version 14 will be at its EOL in about 1 year.
This also allows to drop a small workaround in the fuzz tests and unlocks libcpp hardening (https://github.com/bitcoin/bitcoin/pull/33462)
ACKs for top commit:
stickies-v:
re-ACK 1aaaaa078bb2efed126e3f41ecf7c81ccf005818
l0rinc:
code review ACK 1aaaaa078bb2efed126e3f41ecf7c81ccf005818
hodlinator:
re-ACK 1aaaaa078bb2efed126e3f41ecf7c81ccf005818
hebasto:
ACK 1aaaaa078bb2efed126e3f41ecf7c81ccf005818.
Tree-SHA512: 6d247a8432ef8ea8c6ff2a221472b278f8344346b172980299507f9898bb9e8e16480c128b1f4ca692bcbcc393da2b2fd6895ac5f118bc09e0f30f910529d20c
eca50854e1cb04e20478bd3df4762e18520a3611 depends: static libxcb_cursor (fanquake)
Pull request description:
Remove the runtime requirement of `libxcb-cursor`. This library is no-longer present on modern Ubuntu.
Fixes#33432.
Also related to #32097.
ACKs for top commit:
davidgumberg:
Addendum ACK eca50854e1
willcl-ark:
Code review ACK eca50854e1cb04e20478bd3df4762e18520a3611
Tree-SHA512: d545a03baf5030de64874b79add87b6ef5f95eb5ca31aa66007ee03554103d2eda5e56dfd4395d0a12e24b2e489457e4f19ed9e6d390351c72a0da630f03cc42
