d34691ce0c ci: Use dash when building depends in centos build (MarcoFalke)
b5d12edb08 ci: Bump CentOS 8 image (MarcoFalke)
685ac6ad2e build: fix depends zeromq dash compatibility (fanquake)
4b92a6b42c build: libXau 1.0.9 (fanquake)
Pull request description:
Backports #24212 to the 22.x branch. Included a bump to libXau and an additional commit for zeromq to fix dash compatibility.
ACKs for top commit:
hebasto:
ACK d34691ce0c
Tree-SHA512: 862b819df6d74cfb0499d1f1040cfbf70dc4449108521466ff22db48b942949fec5c5e93d5f652109f228eac8e60413830f7c22b3879a0bd2441a60b87470972
Picks upstream commit 9a397666d28ca5f3c0d8233be3d39b2206555f45 to fix
dash compatibility. This fixes building zeromq in our CentOS 8 CI. This
is my preferred fix over backporting a zeromq update (which would
contain this change).
b7ecef1ddf guix: ignore additioanl failing certvalidator test (fanquake)
Pull request description:
Backports 8588591965 from #24057 so that from-scratch Guix builds for the Darwin host aren't broken due to a (very recently) expired certificate causing one of the python-certvalidator tests to fail. Kept separate from #23276 because that hasn't gotten review attention, and I don't think we should leave `22.x` Darwin Guix builds broken for any longer than we have to.
Fixes#24110.
```bash
======================================================================
ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft
validate_path(context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path
return _validate_path(validation_context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path
raise PathValidationError(pretty_message(
certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-01-14 12:00:00Z
```
Guix Build:
```bash
bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
359755bffecc64b4c005c5cdee3824190f6b1759dbc6c20034476dcc06413959 guix-build-b7ecef1ddf0c/output/dist-archive/bitcoin-b7ecef1ddf0c.tar.gz
0c6700270ec75991d70a97cad77e22cc00553f812edb56c1bac5ef6421f963e1 guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/SHA256SUMS.part
87d4637a87959a304422550edf87feda3953d7305894154a6a2d413cc0dd2034 guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-osx-unsigned.dmg
9cabae32689bd5f93e7faaaf341827f1c4069a63ab6f74276564e47819343b6c guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-osx-unsigned.tar.gz
bb5fb113bc022a305e49783d0ba48be90aca61e4a942beeb45206dbc5b91ca6e guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-x86_64-apple-darwin.tar.gz
```
ACKs for top commit:
MarcoFalke:
Concept ACK b7ecef1ddf
Tree-SHA512: 8f761fece405b3b974b9f42ab4ebf8995d3284ce7bfb0556ff8459e1a7d30f8bd2f407cb5651e9fa1094c493148bba7a8918a251b54a83efe12acfaf3d39f350
======================================================================
ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft
validate_path(context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path
return _validate_path(validation_context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path
raise PathValidationError(pretty_message(
certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-01-14 12:00:00Z
Github-Pull: #24057
Rebased-From: 8588591965
e959b46aa9 build: explicitly disable libsecp256k1 openssl based tests (fanquake)
Pull request description:
Backport of #23314
These tests are failing when run against OpenSSL 3, and have been
removed upstream, bitcoin-core/secp256k1#983, so
disabled them for now to avoid `make check` failures.
Note that this will also remove warning output from our build, due to
the use of deprecated OpenSSL API functions. See #23048.
Top commit has no ACKs.
Tree-SHA512: ab3213dc82e7a64a005ce237710009bb447dee2702c4c02245e70df62063a00add73c4e80e9c619ce57345d4a2808fd4dc08e2e02a319b0f3d9285b8b0056599
These tests are failing when run against OpenSSL 3, and have been
removed upstream, https://github.com/bitcoin-core/secp256k1/pull/983, so
disabled them for now to avoid `make check` failures.
Note that this will also remove warning output from our build, due to
the use of deprecated OpenSSL API functions. See #23048.
Github-Pull: #23314
Rebased-From: d7524546ab
dff22619ff doc: clean out release-notes.md (fanquake)
405f58140d doc: Add historical release notes for 22.0 (W. J. van der Laan)
Pull request description:
Cleans out `release-notes.md`, and adds release notes for 22.0.
ACKs for top commit:
MarcoFalke:
cr ACK dff22619ff
Tree-SHA512: bfcfb8a4f6c5d572d9c91380f141141a5dd88936fa4c282c3dc93568b06a5fbca178f7e4b0dd5c0a24d6c2ef56242fd2012896186d04e3ea7666112386341a1b
9f9ffe5bb0 Some small improvements to release notes (Pieter Wuille)
Pull request description:
.
ACKs for top commit:
laanwj:
ACK 9f9ffe5bb0
dongcarl:
ACK 9f9ffe5bb0
Tree-SHA512: 63ff574eb1c5e7b5f2ac4fc99d3352d2de7fa05ccd0abbe58fcc0720b139ace05c855a6cf46ab7a5537b3f0792442d98dc155c3f3ee7bfd1127fe08f5fb01be5
303bc8a069 guix/prelude: Override VERSION with FORCE_VERSION (Carl Dong)
0640bf5c82 doc: mention bech32m/BIP350 in doc/descriptors.md (Pieter Wuille)
Pull request description:
Backports:
* #22847 - guix/prelude: Override VERSION with FORCE_VERSION
* #22837 - doc: mention bech32m/BIP350 in doc/descriptors.md
Theses are both minor enough that they would not require and rc4.
ACKs for top commit:
laanwj:
ACK 303bc8a069
Tree-SHA512: faac095f71abb537f1d2a338e4f79f8389be2362eec0841e3fb47aaee731ce242856db461f89351c2ca4e1129a3afdd49c3e918a7bf22af3e4d2f7deaff48ad8
d447972417 doc: Move 22.0 release notes from wiki (W. J. van der Laan)
Pull request description:
Reintroduce the release notes back into the branch for 22.0 final.
Top commit has no ACKs.
Tree-SHA512: ef2065a43db657a1351bcce18fe59a5eb5ee009da5739fdc077654696cd0e822546981df492924d61c74d2f2a276d7768c2cf0e57402befa8bd4d11c8e9b8fc5
Previously, if the builder exported $VERSION in their environment (as
past Gitian-building docs told them to), but their HEAD does not
actually point to v$VERSION, their build outputs will differ from those
of other builders.
This is because the contrib/guix/guix-* scripts only ever act on the
current git worktree, and does not try to check out $VERSION if $VERSION
is set in the environment.
Setting $VERSION only makes the scripts pretend like the current
worktree is $VERSION.
This problem was seen in jonatack's attestation for all.SHA256SUMS,
where only his bitcoin-22.0rc3-osx-signed.dmg differed from everyone
else's.
Here is my deduced sequence of events:
1. Aug 27th: He guix-builds 22.0rc3 and uploads his attestations up to
guix.sigs
2. Aug 30th, sometime after POSIX time 1630310848: he pulls the latest
changes from master in the same worktree where he guix-built 22.0rc3
and ends up at 7be143a960
3. Aug 30th, sometime before POSIX time 1630315907: With his worktree
still on 7be143a960, he guix-codesigns. Normally, this would result
in outputs going in guix-build-7be143a960e2, but he had
VERSION=22.0rc3 in his environment, so the guix-* scripts pretended
like he was building 22.0rc3, and used 22.0rc3's guix-build directory
to locate un-codesigned outputs and dump codesigned ones.
However, our SOURCE_DATE_EPOCH defaults to the POSIX time of HEAD
(7be143a960), which made all timestamps in the resulting codesigned
DMG 1630310848, 7be143a960e2's POSIX timestamp. This differs from the
POSIX timestamp of 22.0rc3, which is 1630348517. Note that the
windows codesigning procedure does not consider SOURCE_DATE_EPOCH.
We resolve this by only allowing VERSION overrides via the FORCE_VERSION
environment variable.
Github-Pull: #22847
Rebased-From: 96cc6bb04f
The version replacement here is not working anyway, not just that but it
is actively harmful as it removes all `-` from the text. So remove that
line. See discussion in #22681.
Tree-SHA512: 909c6225a50bbda1253bae65c09700a658bd36b5c91c91cea28d1df0aad5dc4adb095e0695259eca377536da34d17741ce453a5c5c50041d1163d94bbbe5355d
aa254a01c1 qt: Pre-rc3 translations update (Hennadii Stepanov)
Pull request description:
A regularly updated PR with new translations fetched from Transifex.com.
ACKs for top commit:
laanwj:
Sanity-check (did not review any specific translations) ACK aa254a01c1
Tree-SHA512: bb380b1afb8af7895ac2de5ccdf489b9a73b6d47334d5eb5608370034795c064b5978106814ada96aaa5abd45a04901e6fd749bddc23149fb4a11dd4e6efe846
The uploaded binaries need to match the same flat directory structure of
the SHA256SUMS file in order for torrent downloaders to be able to
verify the download without moving files. Mention this in the release
process doc.
Github-Pull: bitcoin/bitcoin#22654
Rebased-From: 132cae44f2
The SHA256SUMS file can be used in a sha256sum -c command to verify
downloaded binaries. However users are likely to download just a single
file and not place this file in the correct directory relative to the
SHA256SUMS file for the simple verification command to work. By not
including the directory name in the SHA256SUMS file, it will be easier
for users to verify downloaded binaries.
Co-authored-by: Carl Dong <contact@carldong.me>
Github-Pull: bitcoin/bitcoin#22654
Rebased-From: fb17c99e35
Previously, building from a release source tarball would result in a
version string like v22.0.0-<commithash>, but we expect just v22.0.0.
This commit solves this problem.
Also use PACKAGE_VERSION instead of reconstructing it.
Github-Pull: bitcoin/bitcoin#22685
Rebased-From: 5100deee58
ApproximateBestSubset had an edge case (due to not using
GetSelectionAmount) where it was possible for it to return success but
fail to select enough to cover transaction fees. A test is added that
could trigger this failure prior to the fix being implemented.
Github-Pull: bitcoin/bitcoin#22686
Rebased-From: 92885c4f69
When the fee is not subtracted from the outputs, the amount that has
been reserved for the fee (change_and_fee - change_amount) must be
enough to cover the fee that is needed. It would be a bug to not do so,
so use an assert to make this obvious if such a situation were to occur.
Github-Pull: bitcoin/bitcoin#22686
Rebased-From: d9262324e8
For target value calculations, GetSelectionAmount should be used, not
m_effective_value or m_value.
Specifically, ApproximateBestSubset mistakenly uses m_value when
calculating whether the target value has been met. This has been changed
to use GetSelectionAmount.
Github-Pull: bitcoin/bitcoin#22686
Rebased-From: 2de222c401
This allows us to remove the rfc4880 EOL hacks and release with a
SHA256SUMS.asc file that's a combination of all signer signatures.
Github-Pull: bitcoin/bitcoin#22642
Rebased-From: 90b3e482e9
Previously, if verification fails, the correct message will be printed,
but the exit code would still be 0.
Github-Pull: bitcoin/bitcoin#22643
Rebased-From: d451b60d22
When no external signers are available, the option to enable external
signers should always be disabled. However the encrypt wallet checkbox
can erroneously re-enable the external signer checkbox. To avoid this,
CreateWalletDialog now stores whether signers were available during
setSigners so that future calls to external_signer_checkbox->setEnabled
can account for whether signers are available.
Github-Pull: bitcoin-core/gui#396
Rebased-From: a9b9ca82da
Adding a new item to the m_wallet_selector must follow the establishment
of signal-slot connections.
Github-Pull: bitcoin-core/gui#393
Rebased-From: d54d949598
739d19053b doc: add info to i2p.md about IBD time and multiple networks (Jon Atack)
cc8838ce98 contrib, p2p: update I2P hardcoded seeds (Jon Atack)
cd57bb1a66 guix: Ensure EPOCH_SOURCE_DATE does not include GPG information (Andrew Chow)
219900a123 guix: Remove extra \r from all.SHA256SUMS line ending (Andrew Chow)
38d18c01e2 guix, doc: Add a note that codesigners need to rebuild after tagging (Andrew Chow)
aa9b6aba03 guix: Allow changing the base manifest in guix-verify (Andrew Chow)
056e47d887 guix: Make all.SHA256SUMS rather than codesigned.SHA256SUMS (Andrew Chow)
8f1e3b31b2 script, doc: guix touchups (jonatack)
3bbfc1b8e0 Updated Readme, Corrected the codesign typo (h)
34f9f88bc9 guix/build: Remove vestigial SKIPATTEST.TAG (Carl Dong)
9e52a30ebd guix/INSTALL: Misc fixups (Carl Dong)
45e0f3d608 guix: Silence getent(1) invocation (Carl Dong)
Pull request description:
Currently backports #22511. We can collect up further backports and merge prior to rc2.
ACKs for top commit:
laanwj:
ACK 739d19053b
Tree-SHA512: 8fc795ee56b7757ff405636a2811bd606ea33ba1160f3f1ea42e0e1478ce8211bb60bf7b16a673b932db40a24b76d47c54e703bf2775d3b9385d9b080183b433
2d3fcf5760 qt: Pre-rc2 translations update (Hennadii Stepanov)
Pull request description:
Since 6312b8370c translations are still updating everyday.
I'm going to keep this PR updated until the moment just before tagging rc2, when it is expected to be merged.
Hope this will make life of both translators and release maintainers a bit easier :)
Top commit has no ACKs.
Tree-SHA512: d2c44f3900ee313cfce24edaed30a08dbe340e5ecc627301bc3cc7162ddebe6c0403351ce0bf056395ab14e55908de1609f5e6e8183d3405bed86416888cb32d
