highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2026-06-04 02:02:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge bitcoin/bitcoin#34550: guix: update time-machine to c5eee3336cc1d10a3cc1c97fde2809c3451624d3

Browse Source 
3293e9a61f guix: document when GCC SSA gen patch can be removed (fanquake)
978023fd9e guix: use latest glibc 2.31 (fanquake)
ab9a98b1e4 guix: combine gcc-libgcc-patches with base-gcc (fanquake)
2276426bb1 guix: switch to upstream python-oscrypto package (fanquake)
feea2a850e ci: use LIEF 0.17.5 in lint job (fanquake)
a7524f57ba guix: switch to upstream python-lief package (fanquake)
2bf97e813d guix: switch to upstream osslsigncode package (fanquake)
dc0ddab389 guix: drop CMake workaround (fanquake)
31eb46f054 guix: update to c5eee3336cc1d10a3cc1c97fde2809c3451624d3 (fanquake)
0f323e1075 guix: add --no-same-owner to TAR_OPTIONS (fanquake)

Pull request description:

  Update the Guix time-machine to [c5eee3336cc1d10a3cc1c97fde2809c3451624d3](c5eee3336c).

  Package updates:
  binutils 2.41 -> 2.44
  cmake-minimal 3.24.2 -> 3.31.10
  diffutils 3.10 -> 3.12
  file 5.45 -> 5.46
  git-minimal 2.46.0 -> 2.52.0
  (base) glibc 2.39 -> 2.41
  gzip 1.13 -> 1.14
  linux-headers 6.1.119 -> 6.1.166
  LLVM/Clang 19.1.4 -> 19.1.7
  mingw-w64 12.0.0 -> 13.0.0
  nsis 3.10 -> 3.11
  python-minimal 3.10 -> 3.11

  CMake 4.x becomes available.
  Clang/LLVM 20 & 21 become available.

  Switch to upstream `osslsigncode` (2.13, `python-lief` (0.17.5) and `python-oscrypto` (1.3.0) packages.

  Update glibc to the latest commit on the `2.31` branch.

  Could be used for #32764.

ACKs for top commit:
  pinheadmz:
    ACK 3293e9a61f
  achow101:
    ACK 3293e9a61f
  sedited:
    ACK 3293e9a61f
  willcl-ark:
    ACK 3293e9a61f

Tree-SHA512: 46fe11281911be44ef34d9f19b4c2678f2e4628b4badc12ea4cc17cf3e1d693060cc70f0030b0ac53efae1172ceb61af447368dc4d69f5b2707c06e99206d6cf
This commit is contained in:
Ava Chow
2026-03-19 16:22:27 -07:00
parent bc1c540920 3293e9a61f
commit 14053d8520
11 changed files with 33 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ci/lint/01_install.sh
View File

@@ -41,7 +41,7 @@ command -v python3
python3 --version
${CI_RETRY_EXE} pip3 install \
lief==0.16.6 \
lief==0.17.5 \
mypy==1.19.1 \
pyzmq==27.1.0 \
ruff==0.15.5

3
contrib/guix/guix-build
View File

@@ -383,6 +383,8 @@ EOF
# Running in an isolated container minimizes build-time differences
# between machines and improves reproducibility
#
# --writable-root make the root filesystem writable
#
# --pure unset existing environment variables
#
# Same rationale as --container
@@ -441,6 +443,7 @@ EOF
# shellcheck disable=SC2086,SC2031
time-machine shell --manifest="${PWD}/contrib/guix/manifest.scm" \
--container \
--writable-root \
--pure \
--no-cwd \
--share="$PWD"=/bitcoin \

3
contrib/guix/guix-codesign
View File

@@ -299,6 +299,8 @@ EOF
# Running in an isolated container minimizes build-time differences
# between machines and improves reproducibility
#
# --writable-root make the root filesystem writable
#
# --pure unset existing environment variables
#
# Same rationale as --container
@@ -341,6 +343,7 @@ EOF
# shellcheck disable=SC2086,SC2031
time-machine shell --manifest="${PWD}/contrib/guix/manifest.scm" \
--container \
--writable-root \
--pure \
--no-cwd \
--share="$PWD"=/bitcoin \

6
contrib/guix/libexec/build.sh
View File

@@ -6,7 +6,7 @@ export LC_ALL=C
set -e -o pipefail
# Environment variables for determinism
export TAR_OPTIONS="--owner=0 --group=0 --numeric-owner --mtime='@${SOURCE_DATE_EPOCH}' --sort=name"
export TAR_OPTIONS="--no-same-owner --owner=0 --group=0 --numeric-owner --mtime='@${SOURCE_DATE_EPOCH}' --sort=name"
export TZ=UTC
# Although Guix _does_ set umask when building its own packages (in our case,
@@ -272,10 +272,6 @@ mkdir -p "$DISTSRC"
# Install built Bitcoin Core to $INSTALLPATH
case "$HOST" in
*darwin*)
# This workaround can be dropped for CMake >= 3.27.
# See the upstream commit 689616785f76acd844fd448c51c5b2a0711aafa2.
find build -name 'cmake_install.cmake' -exec sed -i 's| -u -r | |g' {} +
cmake --install build --strip --prefix "${INSTALLPATH}" ${V:+--verbose}
;;
*)

2
contrib/guix/libexec/prelude.bash
View File

@@ -71,7 +71,7 @@ fi
time-machine() {
# shellcheck disable=SC2086
guix time-machine --url=https://codeberg.org/guix/guix.git \
--commit=5cb84f2013c5b1e48a7d0e617032266f1e6059e2 \
--commit=c5eee3336cc1d10a3cc1c97fde2809c3451624d3 \
--cores="$JOBS" \
--keep-failed \
--fallback \

174
contrib/guix/manifest.scm
View File

@@ -1,12 +1,11 @@
(use-modules (gnu packages)
((gnu packages bash) #:select (bash-minimal))
(gnu packages bison)
((gnu packages certs) #:select (nss-certs))
((gnu packages check) #:select (libfaketime))
((gnu packages cmake) #:select (cmake-minimal))
(gnu packages commencement)
(gnu packages compression)
(gnu packages cross-base)
((gnu packages crypto) #:select (osslsigncode))
(gnu packages gawk)
(gnu packages gcc)
((gnu packages installers) #:select (nsis-x86_64))
@@ -17,9 +16,8 @@
(gnu packages pkg-config)
((gnu packages python) #:select (python-minimal))
((gnu packages python-build) #:select (python-poetry-core))
((gnu packages python-crypto) #:select (python-asn1crypto))
((gnu packages python-science) #:select (python-scikit-build-core))
((gnu packages python-xyz) #:select (python-pydantic-2))
((gnu packages python-crypto) #:select (python-asn1crypto python-oscrypto))
((gnu packages python-xyz) #:select (python-lief))
((gnu packages tls) #:select (openssl))
((gnu packages version-control) #:select (git-minimal))
(guix build-system cmake)
@@ -95,25 +93,17 @@ chain for " target " development."))
(license (package-license xgcc)))))
(define base-gcc
(package
(inherit gcc-14) ;; 14.2.0
(version "14.3.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gcc/gcc-"
version "/gcc-" version ".tar.xz"))
(sha256
(base32
"0fna78ly417g69fdm4i5f3ms96g8xzzjza8gwp41lqr5fqlpgp70"))))))
(package-with-extra-patches gcc-14
(search-our-patches "gcc-remap-guix-store.patch" "gcc-ssa-generation.patch")))
(define base-linux-kernel-headers linux-libre-headers-6.1)
(define* (make-bitcoin-cross-toolchain target
#:key
(base-gcc-for-libc (gcc-libgcc-patches linux-base-gcc))
(base-gcc-for-libc linux-base-gcc)
(base-kernel-headers base-linux-kernel-headers)
(base-libc glibc-2.31)
(base-gcc (gcc-libgcc-patches linux-base-gcc)))
(base-gcc linux-base-gcc))
"Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values
desirable for building Bitcoin Core release binaries."
(make-cross-toolchain target
@@ -122,10 +112,6 @@ desirable for building Bitcoin Core release binaries."
base-libc
base-gcc))
(define (gcc-libgcc-patches gcc)
(package-with-extra-patches gcc
(search-our-patches "gcc-remap-guix-store.patch" "gcc-ssa-generation.patch")))
(define (binutils-mingw-patches binutils)
(package-with-extra-patches binutils
(search-our-patches "binutils-unaligned-default.patch")))
@@ -139,10 +125,10 @@ desirable for building Bitcoin Core release binaries."
(let* ((xbinutils (binutils-mingw-patches (cross-binutils target)))
(machine (substring target 0 (string-index target #\-)))
(pthreads-xlibc (winpthreads-patches (make-mingw-w64 machine
#:xgcc (cross-gcc target #:xgcc (gcc-libgcc-patches base-gcc))
#:xgcc (cross-gcc target #:xgcc base-gcc)
#:with-winpthreads? #t)))
(pthreads-xgcc (cross-gcc target
#:xgcc (gcc-libgcc-patches mingw-w64-base-gcc)
#:xgcc mingw-w64-base-gcc
#:xbinutils xbinutils
#:libc pthreads-xlibc)))
;; Define a meta-package that propagates the resulting XBINUTILS, XLIBC, and
@@ -164,80 +150,6 @@ chain for " target " development."))
(home-page (package-home-page pthreads-xgcc))
(license (package-license pthreads-xgcc)))))
;; While LIEF is packaged in Guix, we maintain our own package,
;; to simplify building, and more easily apply updates.
;; Moreover, the Guix's package uses cmake, which caused build
;; failure; see https://github.com/bitcoin/bitcoin/pull/27296.
(define-public python-lief
(package
(name "python-lief")
(version "0.16.6")
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/lief-project/LIEF")
(commit version)))
(file-name (git-file-name name version))
(sha256
(base32
"1pq9nagrnkl1x943bqnpiyxmkd9vk99znfxiwqp6vf012b50bz2a"))
(patches (search-our-patches "lief-scikit-0-9.patch"))))
(build-system pyproject-build-system)
(native-inputs (list cmake-minimal
ninja
python-scikit-build-core
python-pydantic-2))
(arguments
(list
#:tests? #f ;needs network
#:phases #~(modify-phases %standard-phases
(add-before 'build 'set-pythonpath
(lambda _
(setenv "PYTHONPATH"
(string-append (string-append (getcwd) "/api/python/backend")
":" (or (getenv "PYTHONPATH") "")))))
(add-after 'set-pythonpath 'change-directory
(lambda _
(chdir "api/python"))))))
(home-page "https://github.com/lief-project/LIEF")
(synopsis "Library to instrument executable formats")
(description
"@code{python-lief} is a cross platform library which can parse, modify
and abstract ELF, PE and MachO formats.")
(license license:asl2.0)))
(define osslsigncode
(package
(name "osslsigncode")
(version "2.5")
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mtrojnar/osslsigncode")
(commit version)))
(sha256
(base32
"1j47vwq4caxfv0xw68kw5yh00qcpbd56d7rq6c483ma3y7s96yyz"))))
(build-system cmake-build-system)
(arguments
(list
#:phases
#~(modify-phases %standard-phases
(replace 'check
(lambda* (#:key tests? #:allow-other-keys)
(if tests?
(invoke "faketime" "-f" "@2025-01-01 00:00:00" ;; Tests fail after 2025.
"ctest" "--output-on-failure" "--no-tests=error")
(format #t "test suite not run~%")))))))
(inputs (list libfaketime openssl))
(home-page "https://github.com/mtrojnar/osslsigncode")
(synopsis "Authenticode signing and timestamping tool")
(description "osslsigncode is a small tool that implements part of the
functionality of the Microsoft tool signtool.exe - more exactly the Authenticode
signing and timestamping. But osslsigncode is based on OpenSSL and cURL, and
thus should be able to compile on most platforms where these exist.")
(license license:gpl3+))) ; license is with openssl exception
(define-public python-elfesteem
(let ((commit "2eb1e5384ff7a220fd1afacd4a0170acff54fe56"))
(package
@@ -262,64 +174,6 @@ thus should be able to compile on most platforms where these exist.")
(description "elfesteem parses ELF, PE and Mach-O files.")
(license license:lgpl2.1))))
(define-public python-oscrypto
(package
(name "python-oscrypto")
(version "1.3.0")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/wbond/oscrypto")
(commit version)))
(file-name (git-file-name name version))
(sha256
(base32
"1v5wkmzcyiqy39db8j2dvkdrv2nlsc48556h73x4dzjwd6kg4q0a"))
(patches (search-our-patches "oscrypto-hard-code-openssl.patch"))))
(build-system python-build-system)
(native-search-paths
(list (search-path-specification
(variable "SSL_CERT_FILE")
(file-type 'regular)
(separator #f) ;single entry
(files '("etc/ssl/certs/ca-certificates.crt")))))
(propagated-inputs
(list python-asn1crypto openssl))
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'hard-code-path-to-libscrypt
(lambda* (#:key inputs #:allow-other-keys)
(let ((openssl (assoc-ref inputs "openssl")))
(substitute* "oscrypto/__init__.py"
(("@GUIX_OSCRYPTO_USE_OPENSSL@")
(string-append openssl "/lib/libcrypto.so" "," openssl "/lib/libssl.so")))
#t)))
(add-after 'unpack 'disable-broken-tests
(lambda _
;; This test is broken as there is no keyboard interrupt.
(substitute* "tests/test_trust_list.py"
(("^(.*)class TrustListTests" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line)))
(substitute* "tests/test_tls.py"
(("^(.*)class TLSTests" line indent)
(string-append indent
"@unittest.skip(\"Disabled by Guix\")\n"
line)))
#t))
(replace 'check
(lambda _
(invoke "python" "run.py" "tests")
#t)))))
(home-page "https://github.com/wbond/oscrypto")
(synopsis "Compiler-free Python crypto library backed by the OS")
(description "oscrypto is a compilation-free, always up-to-date encryption library for Python.")
(license license:expat)))
(define-public python-oscryptotests
(package (inherit python-oscrypto)
(name "python-oscryptotests")
@@ -351,7 +205,8 @@ thus should be able to compile on most platforms where these exist.")
"1qw2k7xis53179lpqdqyylbcmp76lj7sagp883wmxg5i7chhc96k"))))
(build-system python-build-system)
(propagated-inputs
(list python-asn1crypto
(list openssl
python-asn1crypto
python-oscrypto
python-oscryptotests)) ;; certvalidator tests import oscryptotests
(arguments
@@ -480,7 +335,7 @@ inspecting signatures in Mach-O binaries.")
#t))))))))
(define-public glibc-2.31
(let ((commit "7b27c450c34563a28e634cccb399cd415e71ebfe"))
(let ((commit "28eb5caf895ced5d895cb02757e109004a2d33e5"))
(package
(inherit glibc) ;; 2.39
(version "2.31")
@@ -492,7 +347,7 @@ inspecting signatures in Mach-O binaries.")
(file-name (git-file-name "glibc" commit))
(sha256
(base32
"017qdpr5id7ddb4lpkzj2li1abvw916m3fc6n7nw28z4h5qbv2n0"))
"07arjrc1smqy8wrhg38apr1s9ji7xv1rpzdapk4k2ps2n07irp58"))
(patches (search-our-patches "glibc-guix-prefix.patch"
"glibc-riscv-jumptarget.patch"))))
(arguments
@@ -545,7 +400,7 @@ inspecting signatures in Mach-O binaries.")
gnu-make
ninja
;; Scripting
python-minimal ;; (3.10)
python-minimal ;; (3.11)
;; Git
git-minimal
;; Tests
@@ -555,7 +410,6 @@ inspecting signatures in Mach-O binaries.")
(list zip
(make-mingw-pthreads-cross-toolchain "x86_64-w64-mingw32")
nsis-x86_64
nss-certs
osslsigncode))
((string-contains target "-linux-")
(list bison

5
contrib/guix/patches/gcc-ssa-generation.patch
View File

@@ -1,3 +1,8 @@
This patch can be removed when using GCC 14.4, 15.3 or 16.x.
14.x: https://github.com/gcc-mirror/gcc/commit/2d7099faa5c59b871e3027268d70a8a46d892824
15.x: https://github.com/gcc-mirror/gcc/commit/7debee2cb6503b2af0f1d43b0e56b759474396d5
16.x: https://github.com/gcc-mirror/gcc/commit/c6085ca0ed4cef3bcf4eb382cb71e44219c10f6e
commit b46614ebfc57ccca8a050668ad0e8ba5968c5943
Author: Jakub Jelinek <jakub@redhat.com>
Date: Tue Jan 6 08:36:20 2026 +0100

21
contrib/guix/patches/lief-scikit-0-9.patch
View File

@@ -1,21 +0,0 @@
Partially revert f23ced2f4ffc170d0a6f40ff4a1bee575e3447cf
Restore compat with python-scikit-build-core 0.9.x
Can be dropped when using python-scikit-build-core >= 0.10.x
--- a/api/python/backend/setup.py
+++ b/api/python/backend/setup.py
@@ -101,12 +101,12 @@ def _get_hooked_config(is_editable: bool) -> Optional[dict[str, Union[str, List[
config_settings = {
"logging.level": "DEBUG",
"build-dir": config.build_dir,
- "build.targets": config.build.targets,
"install.strip": config.strip,
"backport.find-python": "0",
"wheel.py-api": config.build.py_api,
"cmake.source-dir": SRC_DIR.as_posix(),
"cmake.build-type": config.build.build_type,
+ "cmake.targets": config.build.targets,
"cmake.args": [
*config.cmake_generator,
*config.get_cmake_args(is_editable),

13
contrib/guix/patches/oscrypto-hard-code-openssl.patch
View File

@@ -1,13 +0,0 @@
diff --git a/oscrypto/__init__.py b/oscrypto/__init__.py
index eb27313..371ab24 100644
--- a/oscrypto/__init__.py
+++ b/oscrypto/__init__.py
@@ -302,3 +302,8 @@ def load_order():
'oscrypto._win.tls',
'oscrypto.tls',
]
+
+
+paths = '@GUIX_OSCRYPTO_USE_OPENSSL@'.split(',')
+assert len(paths) == 2, 'Value for OSCRYPTO_USE_OPENSSL env var must be two paths separated by a comma'
+use_openssl(*paths)

8
contrib/guix/patches/winpthreads-remap-guix-store.patch
View File

@@ -6,12 +6,12 @@ the package, map all guix store prefixes to something fixed, e.g. /usr.
--- a/mingw-w64-libraries/winpthreads/Makefile.in
+++ b/mingw-w64-libraries/winpthreads/Makefile.in
@@ -478,7 +478,7 @@ top_build_prefix = @top_build_prefix@
@@ -465,7 +465,7 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
SUBDIRS = . tests
-AM_CFLAGS = -Wall -DWIN32_LEAN_AND_MEAN $(am__append_1)
+AM_CFLAGS = -Wall -DWIN32_LEAN_AND_MEAN $(am__append_1) $(shell find /gnu/store -maxdepth 1 -mindepth 1 -type d -exec echo -n " -ffile-prefix-map={}=/usr" \;)
-AM_CFLAGS = $(am__append_1) $(am__append_3)
+AM_CFLAGS = $(am__append_1) $(am__append_3) $(shell find /gnu/store -maxdepth 1 -mindepth 1 -type d -exec echo -n " -ffile-prefix-map={}=/usr" \;)
ACLOCAL_AMFLAGS = -I m4
lib_LTLIBRARIES = libwinpthread.la
include_HEADERS = include/pthread.h include/sched.h include/semaphore.h include/pthread_unistd.h include/pthread_time.h include/pthread_compat.h include/pthread_signal.h
include_HEADERS = \

2
contrib/guix/symbol-check.py
View File

@@ -241,7 +241,7 @@ def check_MACHO_sdk(binary) -> bool:
return False
def check_MACHO_lld(binary) -> bool:
if binary.build_version.tools[0].version == [19, 1, 4]:
if binary.build_version.tools[0].version == [19, 1, 7]:
return True
return False