Merge bitcoin/bitcoin#34366: test: switch order of error code and message check

0aba464ce7 test: switch order of error code and message check (rkrux)

Pull request description:

  I feel it'd be easier to debug intermittent test failures if the error message is present in the logs instead of error code. So, switching order of error code and message in the `try_rpc` function to aid error debugging.

  Should help in debugging #34354 IMO. It's an intermittent failure on Windows that I can't reproduce and it's more difficult to figure out what could have gone wrong only by seeing the error code like below in the CI logs. Given that the functional tests pass, I don't see a harm in checking for error message first and throwing it in case of a mismatch.

  ```python
  AssertionError: Unexpected JSONRPC error code -1
  ```

  <!--
  *** Please remove the following help text before submitting: ***

  Pull requests without a rationale and clear improvement may be closed
  immediately.

  GUI-related pull requests should be opened against
  https://github.com/bitcoin-core/gui
  first. See CONTRIBUTING.md
  -->

  <!--
  Please provide clear motivation for your patch and explain how it improves
  Bitcoin Core user experience or Bitcoin Core developer experience
  significantly:

  * Any test improvements or new tests that improve coverage are always welcome.
  * All other changes should have accompanying unit tests (see `src/test/`) or
    functional tests (see `test/`). Contributors should note which tests cover
    modified code. If no tests exist for a region of modified code, new tests
    should accompany the change.
  * Bug fixes are most welcome when they come with steps to reproduce or an
    explanation of the potential issue as well as reasoning for the way the bug
    was fixed.
  * Features are welcome, but might be rejected due to design or scope issues.
    If a feature is based on a lot of dependencies, contributors should first
    consider building the system outside of Bitcoin Core, if possible.
  * Refactoring changes are only accepted if they are required for a feature or
    bug fix or otherwise improve developer experience significantly. For example,
    most "code style" refactoring changes require a thorough explanation why they
    are useful, what downsides they have and why they *significantly* improve
    developer experience or avoid serious programming bugs. Note that code style
    is often a subjective matter. Unless they are explicitly mentioned to be
    preferred in the [developer notes](/doc/developer-notes.md), stylistic code
    changes are usually rejected.
  -->

  <!--
  Bitcoin Core has a thorough review process and even the most trivial change
  needs to pass a lot of eyes and requires non-zero or even substantial time
  effort to review. There is a huge lack of active reviewers on the project, so
  patches often sit for a long time.
  -->

ACKs for top commit:
  maflcko:
    lgtm ACK 0aba464ce7
  polespinasa:
    lgtm ACK 0aba464ce7
  fjahr:
    utACK 0aba464ce7
  brunoerg:
    code review ACK 0aba464ce7
  sedited:
    ACK 0aba464ce7

Tree-SHA512: b09ba4b5d13a2c93a4a28a5c1b06af44a91295974236bb8326b74a988878c431e9ce0e19ec14bb98ac2b002da877abaa7da6a9851424453bcb494c0317b57227

.cirrus.yml

@@ -1,214 +0,0 @@
-env:  # Global defaults
-  CIRRUS_CLONE_DEPTH: 1
-  CIRRUS_LOG_TIMESTAMP: true
-  MAKEJOBS: "-j10"
-  TEST_RUNNER_PORT_MIN: "14000"  # Must be larger than 12321, which is used for the http cache. See https://cirrus-ci.org/guide/writing-tasks/#http-cache
-  CI_FAILFAST_TEST_LEAVE_DANGLING: "1"  # Cirrus CI does not care about dangling processes and setting this variable avoids killing the CI script itself on error
-
-# A self-hosted machine(s) can be used via Cirrus CI. It can be configured with
-# multiple users to run tasks in parallel. No sudo permission is required.
-#
-# https://cirrus-ci.org/guide/persistent-workers/
-#
-# Generally, a persistent worker must run Ubuntu 23.04+ or Debian 12+.
-#
-# The following specific types should exist, with the following requirements:
-# - small: For an x86_64 machine, with at least 2 vCPUs and 8 GB of memory.
-# - medium: For an x86_64 machine, with at least 4 vCPUs and 16 GB of memory.
-# - arm64: For an aarch64 machine, with at least 2 vCPUs and 8 GB of memory.
-#
-# CI jobs for the latter configuration can be run on x86_64 hardware
-# by installing qemu-user-static, which works out of the box with
-# podman or docker. Background: https://stackoverflow.com/a/72890225/313633
-#
-# The above machine types are matched to each task by their label. Refer to the
-# Cirrus CI docs for more details.
-#
-# When a contributor maintains a fork of the repo, any pull request they make
-# to their own fork, or to the main repository, will trigger two CI runs:
-# one for the branch push and one for the pull request.
-# This can be avoided by setting SKIP_BRANCH_PUSH=true as a custom env variable
-# in Cirrus repository settings, accessible from
-# https://cirrus-ci.com/github/my-organization/my-repository
-#
-# On machines that are persisted between CI jobs, RESTART_CI_DOCKER_BEFORE_RUN=1
-# ensures that previous containers and artifacts are cleared before each run.
-# This requires installing Podman instead of Docker.
-#
-# Futhermore:
-# - podman-docker-4.1+ is required due to the bugfix in 4.1
-#   (https://github.com/bitcoin/bitcoin/pull/21652#issuecomment-1657098200)
-# - The ./ci/ dependencies (with cirrus-cli) should be installed. One-liner example
-#   for a single user setup with sudo permission:
-#
-#   ```
-#   apt update && apt install git screen python3 bash podman-docker uidmap slirp4netns curl -y && curl -L -o cirrus "https://github.com/cirruslabs/cirrus-cli/releases/latest/download/cirrus-linux-$(dpkg --print-architecture)" && mv cirrus /usr/local/bin/cirrus && chmod +x /usr/local/bin/cirrus
-#   ```
-#
-# - There are no strict requirements on the hardware. Having fewer CPU threads
-#   than recommended merely causes the CI script to run slower.
-#   To avoid rare and intermittent OOM due to short memory usage spikes,
-#   it is recommended to add (and persist) swap:
-#
-#   ```
-#   fallocate -l 16G /swapfile_ci && chmod 600 /swapfile_ci && mkswap /swapfile_ci && swapon /swapfile_ci && ( echo '/swapfile_ci none swap sw 0 0' | tee -a /etc/fstab )
-#   ```
-#
-# - To register the persistent worker, open a `screen` session and run:
-#
-#   ```
-#   RESTART_CI_DOCKER_BEFORE_RUN=1 screen cirrus worker run --labels type=todo_fill_in_type --token todo_fill_in_token
-#   ```
-
-# https://cirrus-ci.org/guide/tips-and-tricks/#sharing-configuration-between-tasks
-filter_template: &FILTER_TEMPLATE
-  # Allow forks to specify SKIP_BRANCH_PUSH=true and skip CI runs when a branch is pushed,
-  # but still run CI when a PR is created.
-  # https://cirrus-ci.org/guide/writing-tasks/#conditional-task-execution
-  skip: $SKIP_BRANCH_PUSH == "true" && $CIRRUS_PR == ""
-  stateful: false  # https://cirrus-ci.org/guide/writing-tasks/#stateful-tasks
-
-base_template: &BASE_TEMPLATE
-  << : *FILTER_TEMPLATE
-  merge_base_script:
-    # Require git (used in fingerprint_script).
-    - git --version || ( apt-get update && apt-get install -y git )
-    - if [ "$CIRRUS_PR" = "" ]; then exit 0; fi
-    - git fetch --depth=1 $CIRRUS_REPO_CLONE_URL "pull/${CIRRUS_PR}/merge"
-    - git checkout FETCH_HEAD  # Use merged changes to detect silent merge conflicts
-                               # Also, the merge commit is used to lint COMMIT_RANGE="HEAD~..HEAD"
-
-main_template: &MAIN_TEMPLATE
-  timeout_in: 120m  # https://cirrus-ci.org/faq/#instance-timed-out
-  ci_script:
-    - ./ci/test_run_all.sh
-
-global_task_template: &GLOBAL_TASK_TEMPLATE
-  << : *BASE_TEMPLATE
-  << : *MAIN_TEMPLATE
-
-compute_credits_template: &CREDITS_TEMPLATE
-  # https://cirrus-ci.org/pricing/#compute-credits
-  # Only use credits for pull requests to the main repo
-  use_compute_credits: $CIRRUS_REPO_FULL_NAME == 'bitcoin/bitcoin' && $CIRRUS_PR != ""
-
-task:
-  name: 'lint'
-  << : *BASE_TEMPLATE
-  container:
-    image: debian:bookworm
-    cpu: 1
-    memory: 1G
-  # For faster CI feedback, immediately schedule the linters
-  << : *CREDITS_TEMPLATE
-  test_runner_cache:
-    folder: "/lint_test_runner"
-    fingerprint_script: echo $CIRRUS_TASK_NAME $(git rev-parse HEAD:test/lint/test_runner)
-  python_cache:
-    folder: "/python_build"
-    fingerprint_script: cat .python-version /etc/os-release
-  unshallow_script:
-    - git fetch --unshallow --no-tags
-  lint_script:
-    - ./ci/lint_run_all.sh
-
-task:
-  name: 'tidy'
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: medium
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_native_tidy.sh"
-
-task:
-  name: 'ARM, unit tests, no functional tests'
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: arm64  # Use arm64 worker to sidestep qemu and avoid a slow CI: https://github.com/bitcoin/bitcoin/pull/28087#issuecomment-1649399453
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_arm.sh"
-
-task:
-  name: 'Win64-cross'
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: small
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_win64.sh"
-
-task:
-  name: 'CentOS, depends, gui'
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: small
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_native_centos.sh"
-
-task:
-  name: 'previous releases, depends DEBUG'
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: small
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_native_previous_releases.sh"
-
-task:
-  name: 'TSan, depends, gui'
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: medium
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_native_tsan.sh"
-
-task:
-  name: 'MSan, depends'
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: small
-  timeout_in: 300m  # Use longer timeout for the *rare* case where a full build (llvm + msan + depends + ...) needs to be done.
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_native_msan.sh"
-
-task:
-  name: 'fuzzer,address,undefined,integer, no depends'
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: medium
-  timeout_in: 240m  # larger timeout, due to the high CPU demand
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_native_fuzz.sh"
-
-task:
-  name: 'multiprocess, i686, DEBUG'
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: medium
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_i686_multiprocess.sh"
-
-task:
-  name: 'no wallet, libbitcoinkernel'
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: small
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_native_nowallet_libbitcoinkernel.sh"
-
-task:
-  name: 'macOS-cross, gui, no tests'
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: small
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_mac_cross.sh"

.github/ISSUE_TEMPLATE/bug.yml

@@ -78,7 +78,7 @@ body:
     id: os
     attributes:
       label: Operating system and version
-      placeholder: e.g. "MacOS Ventura 13.2" or "Ubuntu 22.04 LTS"
+      placeholder: e.g. "MacOS 26.0" or "Ubuntu 26.04 LTS"
     validations:
       required: true
   - type: textarea
@@ -90,4 +90,3 @@ body:
         e.g. OS/CPU and disk type, network connectivity
     validations:
       required: false
-

.github/ISSUE_TEMPLATE/good_first_issue.yml

@@ -28,7 +28,7 @@ body:
     id: useful-skills
     attributes:
       label: Useful Skills
-      description: For example, “`std::thread`”, “Qt5 GUI and async GUI design” or “basic understanding of Bitcoin mining and the Bitcoin Core RPC interface”.
+      description: For example, “`std::thread`”, “Qt6 GUI and async GUI design” or “basic understanding of Bitcoin mining and the Bitcoin Core RPC interface”.
       value: |
         * Compiling Bitcoin Core from source
         * Running the C++ unit tests and the Python functional tests

.github/actions/clear-files/action.yml

@@ -0,0 +1,12 @@
+name: 'Clear unnecessary files'
+description: 'Clear out unnecessary files to make space on the VM'
+runs:
+  using: 'composite'
+  steps:
+    - name: Clear unnecessary files
+      shell: bash
+      env:
+        DEBIAN_FRONTEND: noninteractive
+      run: |
+        set +o errexit
+        sudo bash -c '(ionice -c 3 nice -n 19 rm -rf /usr/share/dotnet/ /usr/local/graalvm/ /usr/local/.ghcup/ /usr/local/share/powershell /usr/local/share/chromium /usr/local/lib/android /usr/local/lib/node_modules)&'

.github/actions/configure-docker/action.yml

@@ -0,0 +1,63 @@
+name: 'Configure Docker'
+description: 'Set up Docker build driver and configure build cache args'
+inputs:
+  cache-provider:
+    description: 'gha or cirrus cache provider'
+    required: true
+runs:
+  using: 'composite'
+  steps:
+    - name: Check inputs
+      shell: python
+      run: |
+        # We expect only gha or cirrus as inputs to cache-provider
+        if "${{ inputs.cache-provider }}" not in ("gha", "cirrus"):
+          print("::warning title=Unknown input to configure docker action::Provided value was ${{ inputs.cache-provider }}")
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+      with:
+        # Use host network to allow access to cirrus gha cache running on the host
+        driver-opts: |
+          network=host
+
+    # This is required to allow buildkit to access the actions cache
+    - name: Expose actions cache variables
+      uses: actions/github-script@v6
+      with:
+        script: |
+          Object.keys(process.env).forEach(function (key) {
+            if (key.startsWith('ACTIONS_')) {
+              core.info(`Exporting ${key}`);
+              core.exportVariable(key, process.env[key]);
+            }
+          });
+
+    - name: Construct docker build cache args
+      shell: bash
+      run: |
+        # Configure docker build cache backend
+        #
+        # On forks the gha cache will work but will use Github's cache backend.
+        # Docker will check for variables $ACTIONS_CACHE_URL, $ACTIONS_RESULTS_URL and $ACTIONS_RUNTIME_TOKEN
+        # which are set automatically when running on GitHub infra: https://docs.docker.com/build/cache/backends/gha/#synopsis
+
+        # Use cirrus cache host
+        if [[ ${{ inputs.cache-provider }} == 'cirrus' ]]; then
+          url_args="url=${CIRRUS_CACHE_HOST},url_v2=${CIRRUS_CACHE_HOST}"
+        else
+          url_args=""
+        fi
+
+        # Always optimistically --cache‑from in case a cache blob exists
+        args=(--cache-from "type=gha${url_args:+,${url_args}},scope=${CONTAINER_NAME}")
+
+        # Only add --cache-to when using the Cirrus cache provider and pushing to the default branch.
+        if [[ ${{ inputs.cache-provider }} == 'cirrus' && ${{ github.event_name }} == "push" && ${{ github.ref_name }} == ${{ github.event.repository.default_branch }} ]]; then
+          args+=(--cache-to "type=gha${url_args:+,${url_args}},mode=max,ignore-error=true,scope=${CONTAINER_NAME}")
+        fi
+
+        # Always `--load` into docker images (needed when using the `docker-container` build driver).
+        args+=(--load)
+
+        echo "DOCKER_BUILD_CACHE_ARG=${args[*]}" >> $GITHUB_ENV

.github/actions/configure-environment/action.yml

@@ -0,0 +1,27 @@
+name: 'Configure environment'
+description: 'Configure CI, cache and container name environment variables'
+runs:
+  using: 'composite'
+  steps:
+    - name: Set CI and cache directories
+      shell: bash
+      run: |
+        echo "BASE_ROOT_DIR=${{ runner.temp }}" >> "$GITHUB_ENV"
+        echo "BASE_BUILD_DIR=${{ runner.temp }}/build" >> "$GITHUB_ENV"
+        echo "CCACHE_DIR=${{ runner.temp }}/ccache_dir" >> $GITHUB_ENV
+        echo "DEPENDS_DIR=${{ runner.temp }}/depends" >> "$GITHUB_ENV"
+        echo "BASE_CACHE=${{ runner.temp }}/depends/built" >> $GITHUB_ENV
+        echo "SOURCES_PATH=${{ runner.temp }}/depends/sources" >> $GITHUB_ENV
+        echo "PREVIOUS_RELEASES_DIR=${{ runner.temp }}/previous_releases" >> $GITHUB_ENV
+
+    - name: Set cache hashes
+      shell: bash
+      run: |
+        echo "DEPENDS_HASH=$(git ls-tree HEAD depends "$FILE_ENV" | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV
+        echo "PREVIOUS_RELEASES_HASH=$(git ls-tree HEAD test/get_previous_releases.py | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV
+
+    - name: Get container name
+      shell: bash
+      run: |
+        source $FILE_ENV
+        echo "CONTAINER_NAME=$CONTAINER_NAME" >> "$GITHUB_ENV"

.github/actions/restore-caches/action.yml

@@ -0,0 +1,47 @@
+name: 'Restore Caches'
+description: 'Restore ccache, depends sources, and built depends caches'
+runs:
+  using: 'composite'
+  steps:
+    - name: Restore Ccache cache
+      id: ccache-cache
+      uses: cirruslabs/cache/restore@v4
+      with:
+        path: ${{ env.CCACHE_DIR }}
+        key: ccache-${{ env.CONTAINER_NAME }}-${{ github.run_id }}
+        restore-keys: |
+          ccache-${{ env.CONTAINER_NAME }}-
+
+    - name: Restore depends sources cache
+      id: depends-sources
+      uses: cirruslabs/cache/restore@v4
+      with:
+        path: ${{ env.SOURCES_PATH }}
+        key: depends-sources-${{ env.CONTAINER_NAME }}-${{ env.DEPENDS_HASH }}
+        restore-keys: |
+          depends-sources-${{ env.CONTAINER_NAME }}-
+
+    - name: Restore built depends cache
+      id: depends-built
+      uses: cirruslabs/cache/restore@v4
+      with:
+        path: ${{ env.BASE_CACHE }}
+        key: depends-built-${{ env.CONTAINER_NAME }}-${{ env.DEPENDS_HASH }}
+        restore-keys: |
+          depends-built-${{ env.CONTAINER_NAME }}-
+
+    - name: Restore previous releases cache
+      id: previous-releases
+      uses: cirruslabs/cache/restore@v4
+      with:
+        path: ${{ env.PREVIOUS_RELEASES_DIR }}
+        key: previous-releases-${{ env.CONTAINER_NAME }}-${{ env.PREVIOUS_RELEASES_HASH }}
+        restore-keys: |
+          previous-releases-${{ env.CONTAINER_NAME }}-
+
+    - name: export cache hits
+      shell: bash
+      run: |
+        echo "depends-sources-cache-hit=${{ steps.depends-sources.outputs.cache-hit }}" >> $GITHUB_ENV
+        echo "depends-built-cache-hit=${{ steps.depends-built.outputs.cache-hit }}" >> $GITHUB_ENV
+        echo "previous-releases-cache-hit=${{ steps.previous-releases.outputs.cache-hit }}" >> $GITHUB_ENV

.github/actions/save-caches/action.yml

@@ -0,0 +1,39 @@
+name: 'Save Caches'
+description: 'Save ccache, depends sources, and built depends caches'
+runs:
+  using: 'composite'
+  steps:
+    - name: debug cache hit inputs
+      shell: bash
+      run: |
+        echo "depends sources direct cache hit to primary key: ${{ env.depends-sources-cache-hit }}"
+        echo "depends built direct cache hit to primary key: ${{ env.depends-built-cache-hit }}"
+        echo "previous releases direct cache hit to primary key: ${{ env.previous-releases-cache-hit }}"
+
+    - name: Save Ccache cache
+      uses: cirruslabs/cache/save@v4
+      if: ${{ (github.event_name == 'push') && (github.ref_name == github.event.repository.default_branch) }}
+      with:
+        path: ${{ env.CCACHE_DIR }}
+        key: ccache-${{ env.CONTAINER_NAME }}-${{ github.run_id }}
+
+    - name: Save depends sources cache
+      uses: cirruslabs/cache/save@v4
+      if: ${{ (github.event_name == 'push') && (github.ref_name == github.event.repository.default_branch) && (env.depends-sources-cache-hit != 'true') }}
+      with:
+        path: ${{ env.SOURCES_PATH }}
+        key: depends-sources-${{ env.CONTAINER_NAME }}-${{ env.DEPENDS_HASH }}
+
+    - name: Save built depends cache
+      uses: cirruslabs/cache/save@v4
+      if: ${{ (github.event_name == 'push') && (github.ref_name == github.event.repository.default_branch) && (env.depends-built-cache-hit != 'true' )}}
+      with:
+        path: ${{ env.BASE_CACHE }}
+        key: depends-built-${{ env.CONTAINER_NAME }}-${{ env.DEPENDS_HASH }}
+
+    - name: Save previous releases cache
+      uses: cirruslabs/cache/save@v4
+      if: ${{ (github.event_name == 'push') && (github.ref_name == github.event.repository.default_branch) && (env.previous-releases-cache-hit != 'true' )}}
+      with:
+        path: ${{ env.PREVIOUS_RELEASES_DIR }}
+        key: previous-releases-${{ env.CONTAINER_NAME }}-${{ env.PREVIOUS_RELEASES_HASH }}

.github/ci-lint-exec.py

@@ -0,0 +1,55 @@
+#!/usr/bin/env python3
+# Copyright (c) The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or https://opensource.org/license/mit.
+
+import os
+import shlex
+import subprocess
+import sys
+import time
+
+
+def run(cmd, **kwargs):
+    print("+ " + shlex.join(cmd), flush=True)
+    kwargs.setdefault("check", True)
+    try:
+        return subprocess.run(cmd, **kwargs)
+    except Exception as e:
+        sys.exit(e)
+
+
+def main():
+    CONTAINER_NAME = os.environ["CONTAINER_NAME"]
+
+    build_cmd = [
+        "docker", "buildx", "build",
+        f"--tag={CONTAINER_NAME}",
+        *shlex.split(os.getenv("DOCKER_BUILD_CACHE_ARG", "")),
+        "--file=./ci/lint_imagefile",
+        "."
+    ]
+
+    if run(build_cmd, check=False).returncode != 0:
+        print("Retry building image tag after failure")
+        time.sleep(3)
+        run(build_cmd)
+
+    extra_env = []
+    if os.environ["GITHUB_EVENT_NAME"] == "pull_request":
+        extra_env = ["--env", "LINT_CI_IS_PR=1"]
+    if os.environ["GITHUB_EVENT_NAME"] != "pull_request" and os.environ["GITHUB_REPOSITORY"] == "bitcoin/bitcoin":
+        extra_env = ["--env", "LINT_CI_SANITY_CHECK_COMMIT_SIG=1"]
+
+    run([
+        "docker",
+        "run",
+        "--rm",
+        *extra_env,
+        f"--volume={os.getcwd()}:/bitcoin",
+        CONTAINER_NAME,
+    ])
+
+
+if __name__ == "__main__":
+    main()

.github/ci-test-each-commit-exec.py

@@ -0,0 +1,65 @@
+#!/usr/bin/env python3
+# Copyright (c) The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or https://opensource.org/license/mit/.
+
+import subprocess
+import sys
+import shlex
+
+
+def run(cmd, **kwargs):
+    print("+ " + shlex.join(cmd), flush=True)
+    try:
+        return subprocess.run(cmd, check=True, **kwargs)
+    except Exception as e:
+        sys.exit(e)
+
+
+def main():
+    print("Running tests on commit ...")
+    run(["git", "log", "-1"])
+
+    num_procs = int(run(["nproc"], stdout=subprocess.PIPE).stdout)
+    build_dir = "ci_build"
+
+    run([
+        "cmake",
+        "-B",
+        build_dir,
+        "-Werror=dev",
+        # Use clang++, because it is a bit faster and uses less memory than g++
+        "-DCMAKE_C_COMPILER=clang",
+        "-DCMAKE_CXX_COMPILER=clang++",
+        # Use mold, because it is faster than the default linker
+        "-DCMAKE_EXE_LINKER_FLAGS=-fuse-ld=mold",
+        # Use Debug build type for more debug checks, but enable optimizations
+        "-DAPPEND_CXXFLAGS='-O3 -g2'",
+        "-DAPPEND_CFLAGS='-O3 -g2'",
+        "-DCMAKE_BUILD_TYPE=Debug",
+        "-DWERROR=ON",
+        "--preset=dev-mode",
+        # Tolerate unused member functions in intermediate commits in a pull request
+        "-DCMAKE_CXX_FLAGS=-Wno-error=unused-member-function",
+    ])
+    run(["cmake", "--build", build_dir, "-j", str(num_procs)])
+    run([
+        "ctest",
+        "--output-on-failure",
+        "--stop-on-failure",
+        "--test-dir",
+        build_dir,
+        "-j",
+        str(num_procs),
+    ])
+    run([
+        sys.executable,
+        f"./{build_dir}/test/functional/test_runner.py",
+        "-j",
+        str(num_procs * 2),
+        "--combinedlogslen=99999999",
+    ])
+
+
+if __name__ == "__main__":
+    main()

.github/workflows/ci.yml

@@ -1,6 +1,6 @@
 # Copyright (c) 2023-present The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+# file COPYING or https://opensource.org/license/mit.
 
 name: CI
 on:
@@ -19,20 +19,54 @@ concurrency:
 
 env:
   CI_FAILFAST_TEST_LEAVE_DANGLING: 1  # GHA does not care about dangling processes and setting this variable avoids killing the CI script itself on error
-  MAKEJOBS: '-j10'
+  CIRRUS_CACHE_HOST: http://127.0.0.1:12321/ # When using Cirrus Runners this host can be used by the docker `gha` build cache type.
+  REPO_USE_CIRRUS_RUNNERS: 'bitcoin/bitcoin' # Use cirrus runners and cache for this repo, instead of falling back to the slow GHA runners
+
+defaults:
+  run:
+    # Enforce fail-fast behavior for all platforms.
+    # See: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
+    shell: bash
 
 jobs:
+  runners:
+    name: '[meta] determine runners'
+    runs-on: ubuntu-latest
+    outputs:
+      provider: ${{ steps.runners.outputs.provider }}
+    steps:
+      - &ANNOTATION_PR_NUMBER
+        name: Annotate with pull request number
+        # This annotation is machine-readable and can be used to assign a check
+        # run to its corresponding pull request. Running in all check runs is
+        # required, because check re-runs discard the annotations of other
+        # tasks in the test suite.
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            echo "::notice title=debug_pull_request_number_str::${{ github.event.number }}"
+          fi
+      - id: runners
+        run: |
+          if [[ "${REPO_USE_CIRRUS_RUNNERS}" == "${{ github.repository }}" ]]; then
+            echo "provider=cirrus" >> "$GITHUB_OUTPUT"
+            echo "::notice title=Runner Selection::Using Cirrus Runners"
+          else
+            echo "provider=gha" >> "$GITHUB_OUTPUT"
+            echo "::notice title=Runner Selection::Using GitHub-hosted runners"
+          fi
+
   test-each-commit:
-    name: 'test each commit'
+    name: 'test max 6 ancestor commits'
     runs-on: ubuntu-24.04
     if: github.event_name == 'pull_request' && github.event.pull_request.commits != 1
     timeout-minutes: 360  # Use maximum time, see https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes. Assuming a worst case time of 1 hour per commit, this leads to a --max-count=6 below.
     env:
-      MAX_COUNT: 6
+      MAX_COUNT: 6  # Keep in sync with name above
     steps:
       - name: Determine fetch depth
         run: echo "FETCH_DEPTH=$((${{ github.event.pull_request.commits }} + 2))" >> "$GITHUB_ENV"
-      - uses: actions/checkout@v4
+      - *ANNOTATION_PR_NUMBER
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: ${{ env.FETCH_DEPTH }}
@@ -65,20 +99,24 @@ jobs:
             EXCLUDE_MERGE_BASE_ANCESTORS=^${MERGE_BASE}^@
           fi
           echo "TEST_BASE=$(git rev-list -n$((${{ env.MAX_COUNT }} + 1)) --reverse HEAD $EXCLUDE_MERGE_BASE_ANCESTORS | head -1)" >> "$GITHUB_ENV"
+      - run: |
+          git fetch origin "${GITHUB_BASE_REF}"
+          git config user.email "ci@example.com"
+          git config user.name "CI"
       - run: |
           sudo apt-get update
-          sudo apt-get install clang ccache build-essential cmake pkgconf python3-zmq libevent-dev libboost-dev libsqlite3-dev libdb++-dev systemtap-sdt-dev libzmq3-dev qtbase5-dev qttools5-dev qttools5-dev-tools qtwayland5 libqrencode-dev -y
+          sudo apt-get install clang mold ccache build-essential cmake ninja-build pkgconf python3-zmq libevent-dev libboost-dev libsqlite3-dev systemtap-sdt-dev libzmq3-dev qt6-base-dev qt6-tools-dev qt6-l10n-tools libqrencode-dev capnproto libcapnp-dev -y
+          sudo pip3 install --break-system-packages pycapnp
       - name: Compile and run tests
         run: |
           # Run tests on commits after the last merge commit and before the PR head commit
-          # Use clang++, because it is a bit faster and uses less memory than g++
-          git rebase --exec "echo Running test-one-commit on \$( git log -1 ) && CC=clang CXX=clang++ cmake -B build -DWERROR=ON -DWITH_ZMQ=ON -DBUILD_GUI=ON -DBUILD_BENCH=ON -DBUILD_FUZZ_BINARY=ON -DWITH_BDB=ON -DWITH_USDT=ON -DCMAKE_CXX_FLAGS='-Wno-error=unused-member-function' && cmake --build build -j $(nproc) && ctest --output-on-failure --stop-on-failure --test-dir build -j $(nproc) && ./build/test/functional/test_runner.py -j $(( $(nproc) * 2 )) --combinedlogslen=99999999" ${{ env.TEST_BASE }}
+          git rebase --exec "git merge --no-commit origin/${GITHUB_BASE_REF} && python3 ./.github/ci-test-each-commit-exec.py && git reset --hard" ${{ env.TEST_BASE }}
 
   macos-native-arm64:
     name: ${{ matrix.job-name }}
     # Use any image to support the xcode-select below, but hardcode version to avoid silent upgrades (and breaks).
     # See: https://github.com/actions/runner-images#available-images.
-    runs-on: macos-14
+    runs-on: macos-15
 
     # When a contributor maintains a fork of the repo, any pull request they make
     # to their own fork, or to the main repository, will trigger two CI runs:
@@ -96,26 +134,32 @@ jobs:
         include:
           - job-type: standard
             file-env: './ci/test/00_setup_env_mac_native.sh'
-            job-name: 'macOS 14 native, arm64, no depends, sqlite only, gui'
+            job-name: 'macOS native'
           - job-type: fuzz
             file-env: './ci/test/00_setup_env_mac_native_fuzz.sh'
-            job-name: 'macOS 14 native, arm64, fuzz'
+            job-name: 'macOS native, fuzz'
 
     env:
       DANGER_RUN_CI_ON_HOST: 1
-      BASE_ROOT_DIR: ${{ github.workspace }}
+      BASE_ROOT_DIR: ${{ github.workspace }}/repo_archive
 
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - *ANNOTATION_PR_NUMBER
+
+      - &CHECKOUT
+        name: Checkout
+        uses: actions/checkout@v6
+        with:
+          # Ensure the latest merged pull request state is used, even on re-runs.
+          ref: &CHECKOUT_REF_TMPL ${{ github.event_name == 'pull_request' && github.ref || '' }}
 
       - name: Clang version
         run: |
-          # Use the earliest Xcode supported by the version of macOS denoted in
+          # Use the latest Xcode supported by the version of macOS denoted in
           # doc/release-notes-empty-template.md and providing at least the
           # minimum clang version denoted in doc/dependencies.md.
-          # See: https://developer.apple.com/documentation/xcode-release-notes/xcode-15-release-notes
-          sudo xcode-select --switch /Applications/Xcode_15.0.app
+          # See: https://developer.apple.com/documentation/xcode-release-notes/xcode-16_2-release-notes
+          sudo xcode-select --switch /Applications/Xcode_16.2.app
           clang --version
 
       - name: Install Homebrew packages
@@ -124,7 +168,7 @@ jobs:
         run: |
           # A workaround for "The `brew link` step did not complete successfully" error.
           brew install --quiet python@3 || brew link --overwrite python@3
-          brew install --quiet coreutils ninja pkgconf gnu-getopt ccache boost libevent zeromq qt@5 qrencode
+          brew install --quiet coreutils ninja pkgconf gnu-getopt ccache boost libevent zeromq qt@6 qrencode capnp
 
       - name: Set Ccache directory
         run: echo "CCACHE_DIR=${RUNNER_TEMP}/ccache_dir" >> "$GITHUB_ENV"
@@ -137,23 +181,29 @@ jobs:
           key: ${{ github.job }}-${{ matrix.job-type }}-ccache-${{ github.run_id }}
           restore-keys: ${{ github.job }}-${{ matrix.job-type }}-ccache-
 
+      - name: Create git archive
+        run: |
+          git log -1
+          git archive --format=tar --prefix=repo_archive/ --output=repo.tar HEAD
+          tar -xf repo.tar
+
       - name: CI script
-        run: ./ci/test_run_all.sh
+        run: |
+          cd repo_archive
+          ./ci/test_run_all.sh
         env:
           FILE_ENV: ${{ matrix.file-env }}
 
       - name: Save Ccache cache
         uses: actions/cache/save@v4
-        if: github.event_name != 'pull_request' && steps.ccache-cache.outputs.cache-hit != 'true'
+        if: github.event_name != 'pull_request' && github.ref_name == github.event.repository.default_branch && steps.ccache-cache.outputs.cache-hit != 'true'
         with:
           path: ${{ env.CCACHE_DIR }}
           # https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache
           key: ${{ github.job }}-${{ matrix.job-type }}-ccache-${{ github.run_id }}
 
-  win64-native:
+  windows-native-dll:
     name: ${{ matrix.job-name }}
-    # Use latest image, but hardcode version to avoid silent upgrades (and breaks).
-    # See: https://github.com/actions/runner-images#available-images.
     runs-on: windows-2022
 
     if: ${{ vars.SKIP_BRANCH_PUSH != 'true' || github.event_name == 'pull_request' }}
@@ -168,23 +218,30 @@ jobs:
         job-type: [standard, fuzz]
         include:
           - job-type: standard
-            generate-options: '-DBUILD_GUI=ON -DWITH_BDB=ON -DWITH_ZMQ=ON -DBUILD_BENCH=ON -DWERROR=ON'
-            job-name: 'Win64 native, VS 2022'
+            generate-options: '-DBUILD_BENCH=ON -DBUILD_KERNEL_LIB=ON -DBUILD_UTIL_CHAINSTATE=ON -DWERROR=ON'
+            job-name: 'Windows native, VS 2022'
           - job-type: fuzz
-            generate-options: '-DVCPKG_MANIFEST_NO_DEFAULT_FEATURES=ON -DVCPKG_MANIFEST_FEATURES="sqlite" -DBUILD_GUI=OFF -DBUILD_FOR_FUZZING=ON -DWERROR=ON'
-            job-name: 'Win64 native fuzz, VS 2022'
+            generate-options: '-DVCPKG_MANIFEST_NO_DEFAULT_FEATURES=ON -DVCPKG_MANIFEST_FEATURES="wallet" -DBUILD_GUI=OFF -DWITH_ZMQ=OFF -DBUILD_FOR_FUZZING=ON -DWERROR=ON'
+            job-name: 'Windows native, fuzz, VS 2022'
 
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - *ANNOTATION_PR_NUMBER
 
-      - name: Configure Developer Command Prompt for Microsoft Visual C++
-        # Using microsoft/setup-msbuild is not enough.
-        uses: ilammy/msvc-dev-cmd@v1
-        with:
-          arch: x64
+      - *CHECKOUT
+
+      - &SET_UP_VS
+        name: Set up VS Developer Prompt
+        shell: pwsh -Command "$PSVersionTable; $PSNativeCommandUseErrorActionPreference = $true; $ErrorActionPreference = 'Stop'; & '{0}'"
+        run: |
+          $vswherePath = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe"
+          $installationPath = & $vswherePath -latest -property installationPath
+          & "${env:COMSPEC}" /s /c "`"$installationPath\Common7\Tools\vsdevcmd.bat`" -arch=x64 -no_logo && set" | foreach-object {
+            $name, $value = $_ -split '=', 2
+            echo "$name=$value" >> $env:GITHUB_ENV
+          }
 
       - name: Get tool information
+        shell: pwsh
         run: |
           cmake -version | Tee-Object -FilePath "cmake_version"
           Write-Output "---"
@@ -192,15 +249,16 @@ jobs:
           $env:VCToolsVersion | Tee-Object -FilePath "toolset_version"
           py -3 --version
           Write-Host "PowerShell version $($PSVersionTable.PSVersion.ToString())"
+          bash --version
 
       - name: Using vcpkg with MSBuild
         run: |
-          Set-Location "$env:VCPKG_INSTALLATION_ROOT"
-          Add-Content -Path "triplets\x64-windows.cmake" -Value "set(VCPKG_BUILD_TYPE release)"
-          Add-Content -Path "triplets\x64-windows-static.cmake" -Value "set(VCPKG_BUILD_TYPE release)"
+          echo "set(VCPKG_BUILD_TYPE release)" >> "${VCPKG_INSTALLATION_ROOT}/triplets/x64-windows.cmake"
+          # Workaround for libevent, which requires CMake 3.1 but is incompatible with CMake >= 4.0.
+          sed -i '1s/^/set(ENV{CMAKE_POLICY_VERSION_MINIMUM} 3.5)\n/' "${VCPKG_INSTALLATION_ROOT}/scripts/ports.cmake"
 
       - name: vcpkg tools cache
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: C:/vcpkg/downloads/tools
           key: ${{ github.job }}-vcpkg-tools
@@ -214,11 +272,11 @@ jobs:
 
       - name: Generate build system
         run: |
-          cmake -B build --preset vs2022-static -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_INSTALLATION_ROOT\scripts\buildsystems\vcpkg.cmake" ${{ matrix.generate-options }}
+          cmake -B build -Werror=dev --preset vs2022 -DCMAKE_TOOLCHAIN_FILE="${VCPKG_INSTALLATION_ROOT}/scripts/buildsystems/vcpkg.cmake" ${{ matrix.generate-options }}
 
       - name: Save vcpkg binary cache
         uses: actions/cache/save@v4
-        if: github.event_name != 'pull_request' && steps.vcpkg-binary-cache.outputs.cache-hit != 'true' && matrix.job-type == 'standard'
+        if: github.event_name != 'pull_request' && github.ref_name == github.event.repository.default_branch && steps.vcpkg-binary-cache.outputs.cache-hit != 'true' && matrix.job-type == 'standard'
         with:
           path: ~/AppData/Local/vcpkg/archives
           key: ${{ github.job }}-vcpkg-binary-${{ hashFiles('cmake_version', 'msbuild_version', 'toolset_version', 'vcpkg.json') }}
@@ -226,32 +284,58 @@ jobs:
       - name: Build
         working-directory: build
         run: |
-          cmake --build . -j $env:NUMBER_OF_PROCESSORS --config Release
+          cmake --build . -j $NUMBER_OF_PROCESSORS --config Release
+
+      - name: Check executable manifests
+        if: matrix.job-type == 'standard'
+        working-directory: build
+        shell: pwsh -Command "$PSVersionTable; $PSNativeCommandUseErrorActionPreference = $true; $ErrorActionPreference = 'Stop'; & '{0}'"
+        run: |
+          mt.exe -nologo -inputresource:bin\Release\bitcoind.exe -out:bitcoind.manifest
+          Get-Content bitcoind.manifest
+
+          Get-ChildItem -Filter "bin\Release\*.exe" | ForEach-Object {
+            $exeName = $_.Name
+
+            # Skip as they currently do not have manifests
+            if ($exeName -eq "fuzz.exe" -or $exeName -eq "bench_bitcoin.exe" -or $exeName -eq "test_bitcoin-qt.exe" -or $exeName -eq "test_kernel.exe" -or $exeName -eq "bitcoin-chainstate.exe") {
+              Write-Host "Skipping $exeName (no manifest present)"
+              return
+            }
+
+            Write-Host "Checking $exeName"
+            & mt.exe -nologo -inputresource:$_.FullName -validate_manifest
+          }
 
       - name: Run test suite
         if: matrix.job-type == 'standard'
         working-directory: build
         run: |
-          ctest --output-on-failure --stop-on-failure -j $env:NUMBER_OF_PROCESSORS -C Release
+          ctest --output-on-failure --stop-on-failure -j $NUMBER_OF_PROCESSORS -C Release
 
       - name: Run functional tests
         if: matrix.job-type == 'standard'
         working-directory: build
         env:
+          BITCOIN_BIN: '${{ github.workspace }}\build\bin\Release\bitcoin.exe'
           BITCOIND: '${{ github.workspace }}\build\bin\Release\bitcoind.exe'
           BITCOINCLI: '${{ github.workspace }}\build\bin\Release\bitcoin-cli.exe'
+          BITCOIN_BENCH: '${{ github.workspace }}\build\bin\Release\bench_bitcoin.exe'
+          BITCOINTX: '${{ github.workspace }}\build\bin\Release\bitcoin-tx.exe'
           BITCOINUTIL: '${{ github.workspace }}\build\bin\Release\bitcoin-util.exe'
           BITCOINWALLET: '${{ github.workspace }}\build\bin\Release\bitcoin-wallet.exe'
+          BITCOINCHAINSTATE: '${{ github.workspace }}\build\bin\Release\bitcoin-chainstate.exe'
           TEST_RUNNER_EXTRA: ${{ github.event_name != 'pull_request' && '--extended' || '' }}
-        shell: cmd
-        run: py -3 test\functional\test_runner.py --jobs %NUMBER_OF_PROCESSORS% --ci --quiet --tmpdirprefix=%RUNNER_TEMP% --combinedlogslen=99999999 --timeout-factor=%TEST_RUNNER_TIMEOUT_FACTOR% %TEST_RUNNER_EXTRA%
+        run: |
+          py -3 -m pip install pyzmq
+          py -3 test/functional/test_runner.py --jobs $NUMBER_OF_PROCESSORS --quiet --tmpdirprefix="${RUNNER_TEMP}" --combinedlogslen=99999999 --timeout-factor=${TEST_RUNNER_TIMEOUT_FACTOR} ${TEST_RUNNER_EXTRA}
 
       - name: Clone corpora
         if: matrix.job-type == 'fuzz'
         run: |
-          git clone --depth=1 https://github.com/bitcoin-core/qa-assets "$env:RUNNER_TEMP\qa-assets"
-          Set-Location "$env:RUNNER_TEMP\qa-assets"
-          Write-Host "Using qa-assets repo from commit ..."
+          git clone --depth=1 https://github.com/bitcoin-core/qa-assets "${RUNNER_TEMP}/qa-assets"
+          cd "${RUNNER_TEMP}/qa-assets"
+          echo "Using qa-assets repo from commit ..."
           git log -1
 
       - name: Run fuzz tests
@@ -259,48 +343,342 @@ jobs:
         working-directory: build
         env:
           BITCOINFUZZ: '${{ github.workspace }}\build\bin\Release\fuzz.exe'
-        shell: cmd
         run: |
-          py -3 test\fuzz\test_runner.py --par %NUMBER_OF_PROCESSORS% --loglevel DEBUG %RUNNER_TEMP%\qa-assets\fuzz_corpora
+          py -3 test/fuzz/test_runner.py --par $NUMBER_OF_PROCESSORS --loglevel DEBUG "${RUNNER_TEMP}/qa-assets/fuzz_corpora"
 
-  asan-lsan-ubsan-integer-no-depends-usdt:
-    name: 'ASan + LSan + UBSan + integer, no depends, USDT'
-    runs-on: ubuntu-24.04 # has to match container in ci/test/00_setup_env_native_asan.sh for tracing tools
-    if: ${{ vars.SKIP_BRANCH_PUSH != 'true' || github.event_name == 'pull_request' }}
-    timeout-minutes: 120
-    env:
-      FILE_ENV: "./ci/test/00_setup_env_native_asan.sh"
-      DANGER_CI_ON_HOST_FOLDERS: 1
+  record-frozen-commit:
+    # Record frozen commit, so that the native tests on cross-builds can run on
+    # the exact same commit id of the build.
+    name: '[meta] record frozen commit'
+    runs-on: ubuntu-latest
+    outputs:
+      commit: ${{ steps.record-commit.outputs.commit }}
     steps:
+      - *ANNOTATION_PR_NUMBER
+      - *CHECKOUT
+      - name: Record commit
+        id: record-commit
+        run: echo "commit=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
+
+  windows-cross:
+    name: 'Windows-cross to x86_64, ${{ matrix.crt }}'
+    needs: [runners, record-frozen-commit]
+    runs-on: ${{ needs.runners.outputs.provider == 'cirrus' && 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-sm' || 'ubuntu-24.04' }}
+    if: ${{ vars.SKIP_BRANCH_PUSH != 'true' || github.event_name == 'pull_request' }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        crt: [msvcrt, ucrt]
+        include:
+          - crt: msvcrt
+            file-env: './ci/test/00_setup_env_win64_msvcrt.sh'
+            artifact-name: 'x86_64-w64-mingw32-executables'
+          - crt: ucrt
+            file-env: './ci/test/00_setup_env_win64.sh'
+            artifact-name: 'x86_64-w64-mingw32ucrt-executables'
+
+    env:
+      FILE_ENV: ${{ matrix.file-env }}
+      DANGER_CI_ON_HOST_FOLDERS: 1
+
+    steps:
+      - *ANNOTATION_PR_NUMBER
+
       - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set CI directories
-        run: |
-          echo "CCACHE_DIR=${{ runner.temp }}/ccache_dir" >> "$GITHUB_ENV"
-          echo "BASE_ROOT_DIR=${{ runner.temp }}" >> "$GITHUB_ENV"
-          echo "BASE_BUILD_DIR=${{ runner.temp }}/build-asan" >> "$GITHUB_ENV"
-
-      - name: Restore Ccache cache
-        id: ccache-cache
-        uses: actions/cache/restore@v4
+        uses: actions/checkout@v6
         with:
-          path: ${{ env.CCACHE_DIR }}
-          key: ${{ github.job }}-ccache-${{ github.run_id }}
-          restore-keys: ${{ github.job }}-ccache-
+          ref: ${{ needs.record-frozen-commit.outputs.commit }}
 
-      - name: Enable bpfcc script
-        # In the image build step, no external environment variables are available,
-        # so any settings will need to be written to the settings env file:
-        run: sed -i "s|\${INSTALL_BCC_TRACING_TOOLS}|true|g" ./ci/test/00_setup_env_native_asan.sh
+      - name: Configure environment
+        uses: ./.github/actions/configure-environment
+
+      - name: Restore caches
+        id: restore-cache
+        uses: ./.github/actions/restore-caches
+
+      - name: Configure Docker
+        uses: ./.github/actions/configure-docker
+        with:
+          cache-provider: ${{ needs.runners.outputs.provider }}
 
       - name: CI script
         run: ./ci/test_run_all.sh
 
-      - name: Save Ccache cache
-        uses: actions/cache/save@v4
-        if: github.event_name != 'pull_request' && steps.ccache-cache.outputs.cache-hit != 'true'
+      - name: Save caches
+        uses: ./.github/actions/save-caches
+
+      - name: Upload built executables
+        uses: actions/upload-artifact@v6
         with:
-          path: ${{ env.CCACHE_DIR }}
-          # https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache
-          key: ${{ github.job }}-ccache-${{ github.run_id }}
+          name: ${{ matrix.artifact-name }}-${{ github.run_id }}
+          path: |
+            ${{ env.BASE_BUILD_DIR }}/bin/*.dll
+            ${{ env.BASE_BUILD_DIR }}/bin/*.exe
+            ${{ env.BASE_BUILD_DIR }}/src/secp256k1/bin/*.exe
+            ${{ env.BASE_BUILD_DIR }}/src/univalue/*.exe
+            ${{ env.BASE_BUILD_DIR }}/test/config.ini
+
+  windows-native-test:
+    name: 'Windows, ${{ matrix.crt }}, test cross-built'
+    runs-on: windows-2022
+    needs: [windows-cross, record-frozen-commit]
+
+    strategy:
+      fail-fast: false
+      matrix:
+        crt: [msvcrt, ucrt]
+        include:
+          - crt: msvcrt
+            artifact-name: 'x86_64-w64-mingw32-executables'
+          - crt: ucrt
+            artifact-name: 'x86_64-w64-mingw32ucrt-executables'
+
+    env:
+      PYTHONUTF8: 1
+      TEST_RUNNER_TIMEOUT_FACTOR: 40
+
+    steps:
+      - *ANNOTATION_PR_NUMBER
+
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ needs.record-frozen-commit.outputs.commit }}
+
+      - name: Download built executables
+        uses: actions/download-artifact@v7
+        with:
+          name: ${{ matrix.artifact-name }}-${{ github.run_id }}
+
+      - name: Run bitcoind.exe
+        run: ./bin/bitcoind.exe -version
+
+      - *SET_UP_VS
+
+      - name: Check executable manifests
+        shell: pwsh -Command "$PSVersionTable; $PSNativeCommandUseErrorActionPreference = $true; $ErrorActionPreference = 'Stop'; & '{0}'"
+        run: |
+          mt.exe -nologo -inputresource:bin\bitcoind.exe -out:bitcoind.manifest
+          Get-Content bitcoind.manifest
+
+          Get-ChildItem -Filter "bin\*.exe" | ForEach-Object {
+            $exeName = $_.Name
+
+            # Skip as they currently do not have manifests
+            if ($exeName -eq "fuzz.exe" -or $exeName -eq "bench_bitcoin.exe" -or $exeName -eq "test_kernel.exe") {
+              Write-Host "Skipping $exeName (no manifest present)"
+              return
+            }
+
+            Write-Host "Checking $exeName"
+            & mt.exe -nologo -inputresource:$_.FullName -validate_manifest
+          }
+
+      - name: Run unit tests
+        # Can't use ctest here like other jobs as we don't have a CMake build tree.
+        run: |
+          ./bin/test_bitcoin-qt.exe
+          ./bin/test_bitcoin.exe -l test_suite  # Intentionally run sequentially here, to catch test case failures caused by dirty global state from prior test cases.
+          ./src/secp256k1/bin/exhaustive_tests.exe
+          ./src/secp256k1/bin/noverify_tests.exe
+          ./src/secp256k1/bin/tests.exe
+          ./src/univalue/object.exe
+          ./src/univalue/unitester.exe
+
+      - name: Adjust paths in test/config.ini
+        shell: pwsh
+        run: |
+          (Get-Content "test/config.ini") -replace '(?<=^SRCDIR=).*', '${{ github.workspace }}' -replace '(?<=^BUILDDIR=).*', '${{ github.workspace }}' -replace '(?<=^RPCAUTH=).*', '${{ github.workspace }}/share/rpcauth/rpcauth.py' | Set-Content "test/config.ini"
+          Get-Content "test/config.ini"
+
+      - name: Set previous release directory
+        run: |
+          echo "PREVIOUS_RELEASES_DIR=${{ runner.temp }}/previous_releases" >> "$GITHUB_ENV"
+
+      - name: Get previous releases
+        run: ./test/get_previous_releases.py --target-dir $PREVIOUS_RELEASES_DIR
+
+      - name: Run functional tests
+        env:
+          TEST_RUNNER_EXTRA: ${{ github.event_name != 'pull_request' && '--extended' || '' }}
+        run: |
+          py -3 -m pip install pyzmq
+          py -3 test/functional/test_runner.py --jobs $NUMBER_OF_PROCESSORS --quiet --tmpdirprefix="$RUNNER_TEMP" --combinedlogslen=99999999 --timeout-factor=$TEST_RUNNER_TIMEOUT_FACTOR $TEST_RUNNER_EXTRA \
+            `# feature_unsupported_utxo_db.py fails on Windows because of emojis in the test data directory.` \
+            --exclude feature_unsupported_utxo_db.py \
+            `# See https://github.com/bitcoin/bitcoin/issues/31409.` \
+            --exclude wallet_multiwallet.py
+          # Run feature_unsupported_utxo_db sequentially in ASCII-only tmp dir,
+          # because it is excluded above due to lack of UTF-8 support in the
+          # ancient release.
+          py -3 test/functional/feature_unsupported_utxo_db.py --previous-releases --tmpdir="${RUNNER_TEMP}/test_feature_unsupported_utxo_db"
+
+  ci-matrix:
+    name: ${{ matrix.name }}
+    needs: runners
+    runs-on: ${{ needs.runners.outputs.provider == 'cirrus' && matrix.cirrus-runner || matrix.fallback-runner }}
+    if: ${{ vars.SKIP_BRANCH_PUSH != 'true' || github.event_name == 'pull_request' }}
+    timeout-minutes: ${{ matrix.timeout-minutes }}
+
+    env:
+      DANGER_CI_ON_HOST_FOLDERS: 1
+      FILE_ENV: ${{ matrix.file-env }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: 'iwyu'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_native_iwyu.sh'
+
+          - name: '32 bit ARM'
+            cirrus-runner: 'ubuntu-24.04-arm' # Cirrus' Arm runners are Apple (with virtual Linux aarch64), which doesn't support 32-bit mode
+            fallback-runner: 'ubuntu-24.04-arm'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_arm.sh'
+            provider: 'gha'
+
+          - name: 'ASan + LSan + UBSan + integer'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md' # has to match container in ci/test/00_setup_env_native_asan.sh for tracing tools
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_native_asan.sh'
+
+          - name: 'macOS-cross to arm64'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-sm'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_mac_cross.sh'
+
+          - name: 'macOS-cross to x86_64'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-sm'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_mac_cross_intel.sh'
+
+          - name: 'No wallet'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-sm'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_native_nowallet.sh'
+
+          - name: 'i686, no IPC'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_i686_no_ipc.sh'
+
+          - name: 'fuzzer,address,undefined,integer'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-lg'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 240
+            file-env: './ci/test/00_setup_env_native_fuzz.sh'
+
+          - name: 'Valgrind, fuzz'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 240
+            file-env: './ci/test/00_setup_env_native_fuzz_with_valgrind.sh'
+
+          - name: 'previous releases'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_native_previous_releases.sh'
+
+          - name: 'Alpine (musl)'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_native_alpine_musl.sh'
+
+          - name: 'tidy'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_native_tidy.sh'
+
+          - name: 'TSan'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_native_tsan.sh'
+
+          - name: 'MSan, fuzz'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 150
+            file-env: './ci/test/00_setup_env_native_fuzz_with_msan.sh'
+
+          - name: 'MSan'
+            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-lg'
+            fallback-runner: 'ubuntu-24.04'
+            timeout-minutes: 120
+            file-env: './ci/test/00_setup_env_native_msan.sh'
+
+    steps:
+      - *ANNOTATION_PR_NUMBER
+
+      - *CHECKOUT
+
+      - name: Configure environment
+        uses: ./.github/actions/configure-environment
+
+      - name: Restore caches
+        id: restore-cache
+        uses: ./.github/actions/restore-caches
+
+      - name: Configure Docker
+        uses: ./.github/actions/configure-docker
+        with:
+          cache-provider: ${{ matrix.provider || needs.runners.outputs.provider }}
+
+      - name: Clear unnecessary files
+        if: ${{ needs.runners.outputs.provider == 'gha' && true || false }} # Only needed on GHA runners
+        uses: ./.github/actions/clear-files
+
+      - name: Enable bpfcc script
+        if: ${{ env.CONTAINER_NAME == 'ci_native_asan' }}
+        # In the image build step, no external environment variables are available,
+        # so any settings will need to be written to the settings env file:
+        run: sed -i "s|\${INSTALL_BCC_TRACING_TOOLS}|true|g" ./ci/test/00_setup_env_native_asan.sh
+
+      - name: Set mmap_rnd_bits
+        if: ${{ env.CONTAINER_NAME == 'ci_native_tsan' || env.CONTAINER_NAME == 'ci_native_msan' || env.CONTAINER_NAME == 'ci_native_fuzz_msan' }}
+        # Prevents crashes due to high ASLR entropy
+        run: sudo sysctl -w vm.mmap_rnd_bits=28
+
+      - name: CI script
+        run: ./ci/test_run_all.sh
+
+      - name: Save caches
+        uses: ./.github/actions/save-caches
+
+  lint:
+    name: 'lint'
+    needs: runners
+    runs-on: ${{ needs.runners.outputs.provider == 'cirrus' && 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-xs' || 'ubuntu-24.04' }}
+    if: ${{ vars.SKIP_BRANCH_PUSH != 'true' || github.event_name == 'pull_request' }}
+    timeout-minutes: 20
+    env:
+      CONTAINER_NAME: "bitcoin-linter"
+    steps:
+      - *ANNOTATION_PR_NUMBER
+
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: *CHECKOUT_REF_TMPL
+          fetch-depth: 0
+
+      - name: Configure Docker
+        uses: ./.github/actions/configure-docker
+        with:
+          cache-provider: ${{ needs.runners.outputs.provider }}
+
+      - name: CI script
+        run: python .github/ci-lint-exec.py

.gitignore

@@ -1,3 +1,8 @@
+# Patterns that are specific to a text editor, IDE, operating system, or user
+# environment are not added here. They should be added to your local gitignore
+# file instead:
+# https://docs.github.com/en/get-started/git-basics/ignoring-files#configuring-ignored-files-for-all-repositories-on-your-computer
+
 # Build subdirectories.
 /*build*
 !/build-aux
@@ -7,6 +12,7 @@
 
 # Only ignore unexpected patches
 *.patch
+!ci/test/*.patch
 !contrib/guix/patches/*.patch
 !depends/patches/**/*.patch
 
@@ -15,8 +21,8 @@
 # Previous releases
 /releases
 
-#build tests
-test/lint/test_runner/target/
+# cargo default target dir
+target/
 
 /guix-build-*
 

.tx/config

@@ -1,7 +1,7 @@
 [main]
 host = https://www.transifex.com
 
-[o:bitcoin:p:bitcoin:r:qt-translation-029x]
+[o:bitcoin:p:bitcoin:r:qt-translation-030x]
 file_filter = src/qt/locale/bitcoin_<lang>.xlf
 source_file = src/qt/locale/bitcoin_en.xlf
 source_lang = en

CMakeLists.txt

@@ -19,16 +19,20 @@ if(POLICY CMP0171)
   cmake_policy(SET CMP0171 NEW)
 endif()
 
+# When adjusting CMake flag variables, we must not override those explicitly
+# set by the user. These are a subset of the CACHE_VARIABLES property.
+get_directory_property(precious_variables CACHE_VARIABLES)
+
 #=============================
 # Project / Package metadata
 #=============================
 set(CLIENT_NAME "Bitcoin Core")
-set(CLIENT_VERSION_MAJOR 28)
+set(CLIENT_VERSION_MAJOR 30)
 set(CLIENT_VERSION_MINOR 99)
 set(CLIENT_VERSION_BUILD 0)
 set(CLIENT_VERSION_RC 0)
 set(CLIENT_VERSION_IS_RELEASE "false")
-set(COPYRIGHT_YEAR "2025")
+set(COPYRIGHT_YEAR "2026")
 
 # During the enabling of the CXX and CXXOBJ languages, we modify
 # CMake's compiler/linker invocation strings by appending the content
@@ -90,47 +94,30 @@ endif()
 #=============================
 include(CMakeDependentOption)
 # When adding a new option, end the <help_text> with a full stop for consistency.
+option(BUILD_BITCOIN_BIN "Build bitcoin executable." ON)
 option(BUILD_DAEMON "Build bitcoind executable." ON)
 option(BUILD_GUI "Build bitcoin-qt executable." OFF)
 option(BUILD_CLI "Build bitcoin-cli executable." ON)
 
-option(BUILD_TESTS "Build test_bitcoin executable." ON)
+option(BUILD_TESTS "Build test_bitcoin and other unit test executables." ON)
 option(BUILD_TX "Build bitcoin-tx executable." ${BUILD_TESTS})
 option(BUILD_UTIL "Build bitcoin-util executable." ${BUILD_TESTS})
 
 option(BUILD_UTIL_CHAINSTATE "Build experimental bitcoin-chainstate executable." OFF)
 option(BUILD_KERNEL_LIB "Build experimental bitcoinkernel library." ${BUILD_UTIL_CHAINSTATE})
+cmake_dependent_option(BUILD_KERNEL_TEST "Build tests for the experimental bitcoinkernel library." ON "BUILD_KERNEL_LIB" OFF)
 
 option(ENABLE_WALLET "Enable wallet." ON)
-option(WITH_SQLITE "Enable SQLite wallet support." ${ENABLE_WALLET})
-if(WITH_SQLITE)
+if(ENABLE_WALLET)
   if(VCPKG_TARGET_TRIPLET)
     # Use of the `unofficial::` namespace is a vcpkg package manager convention.
     find_package(unofficial-sqlite3 CONFIG REQUIRED)
   else()
     find_package(SQLite3 3.7.17 REQUIRED)
   endif()
-  set(USE_SQLITE ON)
-endif()
-option(WITH_BDB "Enable Berkeley DB (BDB) wallet support." OFF)
-cmake_dependent_option(WARN_INCOMPATIBLE_BDB "Warn when using a Berkeley DB (BDB) version other than 4.8." ON "WITH_BDB" OFF)
-if(WITH_BDB)
-  find_package(BerkeleyDB 4.8 MODULE REQUIRED)
-  set(USE_BDB ON)
-  if(NOT BerkeleyDB_VERSION VERSION_EQUAL 4.8)
-    message(WARNING "Found Berkeley DB (BDB) other than 4.8.\n"
-                    "BDB (legacy) wallets opened by this build will not be portable!"
-    )
-    if(WARN_INCOMPATIBLE_BDB)
-      message(WARNING "If this is intended, pass \"-DWARN_INCOMPATIBLE_BDB=OFF\".\n"
-                      "Passing \"-DWITH_BDB=OFF\" will suppress this warning."
-      )
-    endif()
-  endif()
 endif()
 cmake_dependent_option(BUILD_WALLET_TOOL "Build bitcoin-wallet tool." ${BUILD_TESTS} "ENABLE_WALLET" OFF)
 
-option(ENABLE_HARDENING "Attempt to harden the resulting executables." ON)
 option(REDUCE_EXPORTS "Attempt to reduce exported symbols in the resulting executables." OFF)
 option(WERROR "Treat compiler warnings as errors." OFF)
 option(WITH_CCACHE "Attempt to use ccache for compiling." ON)
@@ -145,7 +132,7 @@ if(WITH_USDT)
   find_package(USDT MODULE REQUIRED)
 endif()
 
-cmake_dependent_option(ENABLE_EXTERNAL_SIGNER "Enable external signer support." ON "NOT WIN32" OFF)
+option(ENABLE_EXTERNAL_SIGNER "Enable external signer support." ON)
 
 cmake_dependent_option(WITH_QRENCODE "Enable QR code support." ON "BUILD_GUI" OFF)
 if(WITH_QRENCODE)
@@ -153,10 +140,11 @@ if(WITH_QRENCODE)
   set(USE_QRCODE TRUE)
 endif()
 
-cmake_dependent_option(WITH_DBUS "Enable DBus support." ON "CMAKE_SYSTEM_NAME STREQUAL \"Linux\" AND BUILD_GUI" OFF)
+cmake_dependent_option(WITH_DBUS "Enable DBus support." ON "NOT CMAKE_SYSTEM_NAME MATCHES \"(Windows|Darwin)\" AND BUILD_GUI" OFF)
 
-option(WITH_MULTIPROCESS "Build multiprocess bitcoin-node and bitcoin-gui executables in addition to monolithic bitcoind and bitcoin-qt executables. Requires libmultiprocess library. Experimental." OFF)
-if(WITH_MULTIPROCESS)
+cmake_dependent_option(ENABLE_IPC "Build multiprocess bitcoin-node and bitcoin-gui executables in addition to monolithic bitcoind and bitcoin-qt executables." ON "NOT WIN32" OFF)
+cmake_dependent_option(WITH_EXTERNAL_LIBMULTIPROCESS "Build with external libmultiprocess library instead of with local git subtree when ENABLE_IPC is enabled. This is not normally recommended, but can be useful for developing libmultiprocess itself." OFF "ENABLE_IPC" OFF)
+if(ENABLE_IPC AND WITH_EXTERNAL_LIBMULTIPROCESS)
   find_package(Libmultiprocess REQUIRED COMPONENTS Lib)
   find_package(LibmultiprocessNative REQUIRED COMPONENTS Bin
     NAMES Libmultiprocess
@@ -176,7 +164,7 @@ if(BUILD_GUI)
   if(BUILD_GUI_TESTS)
     list(APPEND qt_components Test)
   endif()
-  find_package(Qt 5.11.3 MODULE REQUIRED
+  find_package(Qt 6.2 MODULE REQUIRED
     COMPONENTS ${qt_components}
   )
   unset(qt_components)
@@ -216,12 +204,14 @@ target_link_libraries(core_interface INTERFACE
 
 if(BUILD_FOR_FUZZING)
   message(WARNING "BUILD_FOR_FUZZING=ON will disable all other targets and force BUILD_FUZZ_BINARY=ON.")
+  set(BUILD_BITCOIN_BIN OFF)
   set(BUILD_DAEMON OFF)
   set(BUILD_CLI OFF)
   set(BUILD_TX OFF)
   set(BUILD_UTIL OFF)
   set(BUILD_UTIL_CHAINSTATE OFF)
   set(BUILD_KERNEL_LIB OFF)
+  set(BUILD_KERNEL_TEST OFF)
   set(BUILD_WALLET_TOOL OFF)
   set(BUILD_GUI OFF)
   set(ENABLE_EXTERNAL_SIGNER OFF)
@@ -229,6 +219,7 @@ if(BUILD_FOR_FUZZING)
   set(BUILD_TESTS OFF)
   set(BUILD_GUI_TESTS OFF)
   set(BUILD_BENCH OFF)
+  set(ENABLE_IPC OFF)
   set(BUILD_FUZZ_BINARY ON)
 
   target_compile_definitions(core_interface INTERFACE
@@ -290,6 +281,10 @@ if(WIN32)
       /Zc:__cplusplus
       /sdl
     )
+    target_link_options(core_interface INTERFACE
+      # We embed our own manifests.
+      /MANIFEST:NO
+    )
     # Improve parallelism in MSBuild.
     # See: https://devblogs.microsoft.com/cppblog/improved-parallelism-in-msbuild/.
     list(APPEND CMAKE_VS_GLOBALS "UseMultiToolTask=true")
@@ -348,13 +343,28 @@ target_link_libraries(core_interface INTERFACE
   Threads::Threads
 )
 
+# Define sanitize_interface with -fsanitize flags intended to apply to all
+# libraries and executables.
 add_library(sanitize_interface INTERFACE)
 target_link_libraries(core_interface INTERFACE sanitize_interface)
 if(SANITIZERS)
+  # Transform list of sanitizers into -fsanitize flags, replacing "fuzzer" with
+  # "fuzzer-no-link" in sanitize_interface flags, and moving "fuzzer" to
+  # fuzzer_interface flags. If -DSANITIZERS=fuzzer is specified, the fuzz test
+  # binary should be built with -fsanitize=fuzzer (so it can use libFuzzer's
+  # main function), but libraries should be built with -fsanitize=fuzzer-no-link
+  # (so they can be linked into other executables that have their own main
+  # functions).
+  string(REGEX REPLACE "(^|,)fuzzer($|,)" "\\1fuzzer-no-link\\2" sanitize_opts "${SANITIZERS}")
+  set(fuzz_flag "")
+  if(NOT sanitize_opts STREQUAL SANITIZERS)
+    set(fuzz_flag "-fsanitize=fuzzer")
+  endif()
+
   # First check if the compiler accepts flags. If an incompatible pair like
   # -fsanitize=address,thread is used here, this check will fail. This will also
   # fail if a bad argument is passed, e.g. -fsanitize=undfeined
-  try_append_cxx_flags("-fsanitize=${SANITIZERS}" TARGET sanitize_interface
+  try_append_cxx_flags("-fsanitize=${sanitize_opts}" TARGET sanitize_interface
     RESULT_VAR cxx_supports_sanitizers
     SKIP_LINK
   )
@@ -367,15 +377,15 @@ if(SANITIZERS)
   # flag. This is a separate check so we can give a better error message when
   # the sanitize flags are supported by the compiler but the actual sanitizer
   # libs are missing.
-  try_append_linker_flag("-fsanitize=${SANITIZERS}" VAR SANITIZER_LDFLAGS
+  try_append_linker_flag("-fsanitize=${sanitize_opts}" VAR SANITIZER_LDFLAGS
     SOURCE "
       #include <cstdint>
       #include <cstddef>
       extern \"C\" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { return 0; }
-      __attribute__((weak)) // allow for libFuzzer linking
       int main() { return 0; }
     "
     RESULT_VAR linker_supports_sanitizers
+    NO_CACHE_IF_FAILED
   )
   if(NOT linker_supports_sanitizers)
     message(FATAL_ERROR "Linker did not accept requested flags, you are missing required libraries.")
@@ -383,8 +393,10 @@ if(SANITIZERS)
 endif()
 target_link_options(sanitize_interface INTERFACE ${SANITIZER_LDFLAGS})
 
+# Define fuzzer_interface with flags intended to apply to the fuzz test binary,
+# and perform a test compilation to determine correct value of
+# FUZZ_BINARY_LINKS_WITHOUT_MAIN_FUNCTION.
 if(BUILD_FUZZ_BINARY)
-  target_link_libraries(core_interface INTERFACE ${FUZZ_LIBS})
   include(CheckSourceCompilesWithFlags)
   check_cxx_source_compiles_with_flags("
       #include <cstdint>
@@ -392,9 +404,12 @@ if(BUILD_FUZZ_BINARY)
       extern \"C\" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { return 0; }
       // No main() function.
     " FUZZ_BINARY_LINKS_WITHOUT_MAIN_FUNCTION
-    LDFLAGS ${SANITIZER_LDFLAGS}
+    LDFLAGS ${SANITIZER_LDFLAGS} ${fuzz_flag}
     LINK_LIBRARIES ${FUZZ_LIBS}
   )
+  add_library(fuzzer_interface INTERFACE)
+  target_link_options(fuzzer_interface INTERFACE ${fuzz_flag})
+  target_link_libraries(fuzzer_interface INTERFACE ${FUZZ_LIBS})
 endif()
 
 include(AddBoostIfNeeded)
@@ -431,6 +446,7 @@ else()
   try_append_cxx_flags("-Wvla" TARGET warn_interface SKIP_LINK)
   try_append_cxx_flags("-Wshadow-field" TARGET warn_interface SKIP_LINK)
   try_append_cxx_flags("-Wthread-safety" TARGET warn_interface SKIP_LINK)
+  try_append_cxx_flags("-Wthread-safety-pointer" TARGET warn_interface SKIP_LINK)
   try_append_cxx_flags("-Wloop-analysis" TARGET warn_interface SKIP_LINK)
   try_append_cxx_flags("-Wredundant-decls" TARGET warn_interface SKIP_LINK)
   try_append_cxx_flags("-Wunused-member-function" TARGET warn_interface SKIP_LINK)
@@ -447,6 +463,8 @@ else()
   try_append_cxx_flags("-Wself-assign" TARGET warn_interface SKIP_LINK)
   try_append_cxx_flags("-Wbidi-chars=any" TARGET warn_interface SKIP_LINK)
   try_append_cxx_flags("-Wundef" TARGET warn_interface SKIP_LINK)
+  try_append_cxx_flags("-Wleading-whitespace=spaces" TARGET warn_interface SKIP_LINK)
+  try_append_cxx_flags("-Wtrailing-whitespace=any" TARGET warn_interface SKIP_LINK)
 
   # Some compilers (gcc) ignore unknown -Wno-* options, but warn about all
   # unknown options if any other warning is produced. Test the -Wfoo case, and
@@ -477,69 +495,77 @@ try_append_cxx_flags("-fmacro-prefix-map=A=B" TARGET core_interface SKIP_LINK
   IF_CHECK_PASSED "-fmacro-prefix-map=${PROJECT_SOURCE_DIR}/src=."
 )
 
-# Currently all versions of gcc are subject to a class of bugs, see the
-# gccbug_90348 test case (only reproduces on GCC 11 and earlier) and
+# GCC versions 13.2 (and earlier) are subject to a class of bugs, see
+# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90348 and the meta bug
 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111843. To work around that, set
 # -fstack-reuse=none for all gcc builds. (Only gcc understands this flag).
 try_append_cxx_flags("-fstack-reuse=none" TARGET core_interface)
 
-if(ENABLE_HARDENING)
-  add_library(hardening_interface INTERFACE)
-  target_link_libraries(core_interface INTERFACE hardening_interface)
-  if(MSVC)
-    try_append_linker_flag("/DYNAMICBASE" TARGET hardening_interface)
-    try_append_linker_flag("/HIGHENTROPYVA" TARGET hardening_interface)
-    try_append_linker_flag("/NXCOMPAT" TARGET hardening_interface)
-  else()
+if(MSVC)
+  try_append_linker_flag("/DYNAMICBASE" TARGET core_interface)
+  try_append_linker_flag("/HIGHENTROPYVA" TARGET core_interface)
+  try_append_linker_flag("/NXCOMPAT" TARGET core_interface)
+else()
 
-    # _FORTIFY_SOURCE requires that there is some level of optimization,
-    # otherwise it does nothing and just creates a compiler warning.
-    try_append_cxx_flags("-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"
-      RESULT_VAR cxx_supports_fortify_source
-      SOURCE "int main() {
-              # if !defined __OPTIMIZE__ || __OPTIMIZE__ <= 0
-                #error
-              #endif
-              }"
+  # _FORTIFY_SOURCE requires that there is some level of optimization,
+  # otherwise it does nothing and just creates a compiler warning.
+  try_append_cxx_flags("-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"
+    RESULT_VAR cxx_supports_fortify_source
+    SOURCE "int main() {
+            # if !defined __OPTIMIZE__ || __OPTIMIZE__ <= 0
+              #error
+            #endif
+            }"
+  )
+  if(cxx_supports_fortify_source)
+    target_compile_options(core_interface INTERFACE
+      -U_FORTIFY_SOURCE
+      -D_FORTIFY_SOURCE=3
     )
-    if(cxx_supports_fortify_source)
-      target_compile_options(hardening_interface INTERFACE
-        -U_FORTIFY_SOURCE
-        -D_FORTIFY_SOURCE=3
-      )
-    endif()
-    unset(cxx_supports_fortify_source)
+  endif()
+  unset(cxx_supports_fortify_source)
 
-    try_append_cxx_flags("-Wstack-protector" TARGET hardening_interface SKIP_LINK)
-    try_append_cxx_flags("-fstack-protector-all" TARGET hardening_interface)
-    try_append_cxx_flags("-fcf-protection=full" TARGET hardening_interface)
+  try_append_cxx_flags("-Wstack-protector" TARGET core_interface SKIP_LINK)
+  try_append_cxx_flags("-fstack-protector-all" TARGET core_interface)
+  try_append_cxx_flags("-fcf-protection=full" TARGET core_interface)
 
-    if(MINGW)
-      # stack-clash-protection is a no-op for Windows.
-      # See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90458 for more details.
-    else()
-      try_append_cxx_flags("-fstack-clash-protection" TARGET hardening_interface)
-    endif()
+  if(MINGW)
+    # stack-clash-protection is a no-op for Windows.
+    # See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90458 for more details.
+  else()
+    try_append_cxx_flags("-fstack-clash-protection" TARGET core_interface)
+  endif()
 
-    if(CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64")
-      if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
-        try_append_cxx_flags("-mbranch-protection=bti" TARGET hardening_interface SKIP_LINK)
-      else()
-        try_append_cxx_flags("-mbranch-protection=standard" TARGET hardening_interface SKIP_LINK)
-      endif()
-    endif()
-
-    try_append_linker_flag("-Wl,--enable-reloc-section" TARGET hardening_interface)
-    try_append_linker_flag("-Wl,--dynamicbase" TARGET hardening_interface)
-    try_append_linker_flag("-Wl,--nxcompat" TARGET hardening_interface)
-    try_append_linker_flag("-Wl,--high-entropy-va" TARGET hardening_interface)
-    try_append_linker_flag("-Wl,-z,relro" TARGET hardening_interface)
-    try_append_linker_flag("-Wl,-z,now" TARGET hardening_interface)
-    try_append_linker_flag("-Wl,-z,separate-code" TARGET hardening_interface)
+  if(CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64")
     if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
-      try_append_linker_flag("-Wl,-fixup_chains" TARGET hardening_interface)
+      try_append_cxx_flags("-mbranch-protection=bti" TARGET core_interface SKIP_LINK)
+    else()
+      try_append_cxx_flags("-mbranch-protection=standard" TARGET core_interface SKIP_LINK)
     endif()
   endif()
+
+  try_append_linker_flag("-Wl,--enable-reloc-section" TARGET core_interface)
+  try_append_linker_flag("-Wl,--dynamicbase" TARGET core_interface)
+  try_append_linker_flag("-Wl,--nxcompat" TARGET core_interface)
+  try_append_linker_flag("-Wl,--high-entropy-va" TARGET core_interface)
+  try_append_linker_flag("-Wl,-z,relro" TARGET core_interface)
+  try_append_linker_flag("-Wl,-z,now" TARGET core_interface)
+  # TODO: This can be dropped once Bitcoin Core no longer supports
+  #       NetBSD 10.0 or if upstream fix is backported.
+  # NetBSD's dynamic linker ld.elf_so < 11.0 supports exactly 2
+  # `PT_LOAD` segments and binaries linked with `-z separate-code`
+  # have 4 `PT_LOAD` segments.
+  # Relevant discussions:
+  # - https://github.com/bitcoin/bitcoin/pull/28724#issuecomment-2589347934
+  # - https://mail-index.netbsd.org/tech-userlevel/2023/01/05/msg013666.html
+  if(CMAKE_SYSTEM_NAME STREQUAL "NetBSD" AND CMAKE_SYSTEM_VERSION VERSION_LESS 11.0)
+    try_append_linker_flag("-Wl,-z,noseparate-code" TARGET core_interface)
+  else()
+    try_append_linker_flag("-Wl,-z,separate-code" TARGET core_interface)
+  endif()
+  if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+    try_append_linker_flag("-Wl,-fixup_chains" TARGET core_interface)
+  endif()
 endif()
 
 if(REDUCE_EXPORTS)
@@ -569,11 +595,9 @@ set(Python3_FIND_FRAMEWORK LAST CACHE STRING "")
 set(Python3_FIND_UNVERSIONED_NAMES FIRST CACHE STRING "")
 mark_as_advanced(Python3_FIND_FRAMEWORK Python3_FIND_UNVERSIONED_NAMES)
 find_package(Python3 3.10 COMPONENTS Interpreter)
-if(Python3_EXECUTABLE)
-  set(PYTHON_COMMAND ${Python3_EXECUTABLE})
-else()
+if(NOT TARGET Python3::Interpreter)
   list(APPEND configure_warnings
-    "Minimum required Python not found. Utils and rpcauth tests are disabled."
+    "Minimum required Python not found."
   )
 endif()
 
@@ -599,29 +623,13 @@ if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.29)
   set(CMAKE_SKIP_TEST_ALL_DEPENDENCY FALSE)
 endif()
 
-# TODO: The `CMAKE_SKIP_BUILD_RPATH` variable setting can be deleted
-#       in the future after reordering Guix script commands to
-#       perform binary checks after the installation step.
-# Relevant discussions:
-# - https://github.com/hebasto/bitcoin/pull/236#issuecomment-2183120953
-# - https://github.com/bitcoin/bitcoin/pull/30312#issuecomment-2191235833
-# NetBSD always requires runtime paths to be set for executables.
-if(CMAKE_SYSTEM_NAME STREQUAL "NetBSD")
-  set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
-else()
-  set(CMAKE_SKIP_BUILD_RPATH TRUE)
-  set(CMAKE_SKIP_INSTALL_RPATH TRUE)
-endif()
 add_subdirectory(test)
 add_subdirectory(doc)
 
 add_subdirectory(src)
 
-include(cmake/tests.cmake)
-
 include(Maintenance)
 setup_split_debug_script()
-add_maintenance_targets()
 add_windows_deploy_target()
 add_macos_deploy_target()
 
@@ -629,15 +637,16 @@ message("\n")
 message("Configure summary")
 message("=================")
 message("Executables:")
+message("  bitcoin ............................. ${BUILD_BITCOIN_BIN}")
 message("  bitcoind ............................ ${BUILD_DAEMON}")
-if(BUILD_DAEMON AND WITH_MULTIPROCESS)
+if(BUILD_DAEMON AND ENABLE_IPC)
   set(bitcoin_daemon_status ON)
 else()
   set(bitcoin_daemon_status OFF)
 endif()
 message("  bitcoin-node (multiprocess) ......... ${bitcoin_daemon_status}")
 message("  bitcoin-qt (GUI) .................... ${BUILD_GUI}")
-if(BUILD_GUI AND WITH_MULTIPROCESS)
+if(BUILD_GUI AND ENABLE_IPC)
   set(bitcoin_gui_status ON)
 else()
   set(bitcoin_gui_status OFF)
@@ -649,17 +658,24 @@ message("  bitcoin-util ........................ ${BUILD_UTIL}")
 message("  bitcoin-wallet ...................... ${BUILD_WALLET_TOOL}")
 message("  bitcoin-chainstate (experimental) ... ${BUILD_UTIL_CHAINSTATE}")
 message("  libbitcoinkernel (experimental) ..... ${BUILD_KERNEL_LIB}")
+message("  kernel-test (experimental) .......... ${BUILD_KERNEL_TEST}")
 message("Optional features:")
 message("  wallet support ...................... ${ENABLE_WALLET}")
-if(ENABLE_WALLET)
-  message("   - descriptor wallets (SQLite) ...... ${WITH_SQLITE}")
-  message("   - legacy wallets (Berkeley DB) ..... ${WITH_BDB}")
-endif()
 message("  external signer ..................... ${ENABLE_EXTERNAL_SIGNER}")
 message("  ZeroMQ .............................. ${WITH_ZMQ}")
+if(ENABLE_IPC)
+  if (WITH_EXTERNAL_LIBMULTIPROCESS)
+    set(ipc_status "ON (with external libmultiprocess)")
+  else()
+    set(ipc_status ON)
+  endif()
+else()
+  set(ipc_status OFF)
+endif()
+message("  IPC ................................. ${ipc_status}")
 message("  USDT tracing ........................ ${WITH_USDT}")
 message("  QR code (GUI) ....................... ${WITH_QRENCODE}")
-message("  DBus (GUI, Linux only) .............. ${WITH_DBUS}")
+message("  DBus (GUI) .......................... ${WITH_DBUS}")
 message("Tests:")
 message("  test_bitcoin ........................ ${BUILD_TESTS}")
 message("  test_bitcoin-qt ..................... ${BUILD_GUI_TESTS}")
@@ -675,7 +691,6 @@ message("Cross compiling ....................... ${cross_status}")
 message("C++ compiler .......................... ${CMAKE_CXX_COMPILER_ID} ${CMAKE_CXX_COMPILER_VERSION}, ${CMAKE_CXX_COMPILER}")
 include(FlagsSummary)
 flags_summary()
-message("Attempt to harden executables ......... ${ENABLE_HARDENING}")
 message("Treat compiler warnings as errors ..... ${WERROR}")
 message("Use ccache for compiling .............. ${WITH_CCACHE}")
 message("\n")

CMakePresets.json

@@ -1,6 +1,5 @@
 {
   "version": 3,
-  "cmakeMinimumRequired": {"major": 3, "minor": 21, "patch": 0},
   "configurePresets": [
     {
       "name": "vs2022",
@@ -15,7 +14,8 @@
       "toolchainFile": "$env{VCPKG_ROOT}\\scripts\\buildsystems\\vcpkg.cmake",
       "cacheVariables": {
         "VCPKG_TARGET_TRIPLET": "x64-windows",
-        "BUILD_GUI": "ON"
+        "BUILD_GUI": "ON",
+        "WITH_ZMQ": "ON"
       }
     },
     {
@@ -31,7 +31,8 @@
       "toolchainFile": "$env{VCPKG_ROOT}\\scripts\\buildsystems\\vcpkg.cmake",
       "cacheVariables": {
         "VCPKG_TARGET_TRIPLET": "x64-windows-static",
-        "BUILD_GUI": "ON"
+        "BUILD_GUI": "ON",
+        "WITH_ZMQ": "ON"
       }
     },
     {
@@ -62,6 +63,7 @@
       "name": "dev-mode",
       "displayName": "Developer mode, with all features/dependencies enabled",
       "binaryDir": "${sourceDir}/build_dev_mode",
+      "errors": {"dev": true},
       "cacheVariables": {
         "BUILD_BENCH": "ON",
         "BUILD_CLI": "ON",
@@ -77,13 +79,9 @@
         "BUILD_UTIL_CHAINSTATE": "ON",
         "BUILD_WALLET_TOOL": "ON",
         "ENABLE_EXTERNAL_SIGNER": "ON",
-        "ENABLE_HARDENING": "ON",
         "ENABLE_WALLET": "ON",
-        "WARN_INCOMPATIBLE_BDB": "OFF",
-        "WITH_BDB": "ON",
-        "WITH_MULTIPROCESS": "ON",
+        "ENABLE_IPC": "ON",
         "WITH_QRENCODE": "ON",
-        "WITH_SQLITE": "ON",
         "WITH_USDT": "ON",
         "WITH_ZMQ": "ON"
       }

CONTRIBUTING.md

@@ -80,7 +80,7 @@ facilitates social contribution, easy testing and peer review.
 
 To contribute a patch, the workflow is as follows:
 
-  1. Fork repository ([only for the first time](https://docs.github.com/en/get-started/quickstart/fork-a-repo))
+  1. Fork repository ([only for the first time](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo))
   1. Create topic branch
   1. Commit patches
 
@@ -115,13 +115,14 @@ fixes or code moves with actual code changes.
 
 Make sure each individual commit is hygienic: that it builds successfully on its
 own without warnings, errors, regressions, or test failures.
+This means tests must be updated in the same commit that changes the behavior.
 
 Commit messages should be verbose by default consisting of a short subject line
 (50 chars max), a blank line and detailed explanatory text as separate
 paragraph(s), unless the title alone is self-explanatory (like "Correct typo
 in init.cpp") in which case a single title line is sufficient. Commit messages should be
 helpful to people reading your code in the future, so explain the reasoning for
-your decisions. Further explanation [here](https://chris.beams.io/posts/git-commit/).
+your decisions. Further explanation [here](https://cbea.ms/git-commit/).
 
 If a particular commit references another issue, please add the reference. For
 example: `refs #1234` or `fixes #4321`. Using the `fixes` or `closes` keywords
@@ -182,7 +183,7 @@ for more information on helping with translations.
 ### Work in Progress Changes and Requests for Comments
 
 If a pull request is not to be considered for merging (yet), please
-prefix the title with [WIP] or use [Tasks Lists](https://docs.github.com/en/github/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#task-lists)
+prefix the title with [WIP] or use [Tasks Lists](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#task-lists)
 in the body of the pull request to indicate tasks are pending.
 
 ### Address Feedback
@@ -401,7 +402,7 @@ about:
   - It may be because your code is too complex for all but a few people, and those people
     may not have realized your pull request even exists. A great way to find people who
     are qualified and care about the code you are touching is the
-    [Git Blame feature](https://docs.github.com/en/github/managing-files-in-a-repository/managing-files-on-github/tracking-changes-in-a-file). Simply
+    [Git Blame feature](https://docs.github.com/en/repositories/working-with-files/using-files/viewing-and-understanding-files). Simply
     look up who last modified the code you are changing and see if you can find
     them and give them a nudge. Don't be incessant about the nudging, though.
   - Finally, if all else fails, ask on IRC or elsewhere for someone to give your pull request

COPYING

@@ -1,7 +1,7 @@
 The MIT License (MIT)
 
-Copyright (c) 2009-2025 The Bitcoin Core developers
-Copyright (c) 2009-2025 Bitcoin Developers
+Copyright (c) 2009-2026 The Bitcoin Core developers
+Copyright (c) 2009-2026 Bitcoin Developers
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

INSTALL.md

@@ -1 +1 @@
-See [doc/build-\*.md](/doc)
+See [doc/build-\*.md](/doc)

README.md

@@ -19,7 +19,7 @@ License
 -------
 
 Bitcoin Core is released under the terms of the MIT license. See [COPYING](COPYING) for more
-information or see https://opensource.org/licenses/MIT.
+information or see https://opensource.org/license/MIT.
 
 Development Process
 -------------------
@@ -56,8 +56,8 @@ in Python.
 These tests can be run (if the [test dependencies](/test) are installed) with: `build/test/functional/test_runner.py`
 (assuming `build` is your build directory).
 
-The CI (Continuous Integration) systems make sure that every pull request is built for Windows, Linux, and macOS,
-and that unit/sanity tests are run automatically.
+The CI (Continuous Integration) systems make sure that every pull request is tested on Windows, Linux, and macOS.
+The CI must pass on all commits before merge to avoid unrelated CI failures on new pull requests.
 
 ### Manual Quality Assurance (QA) Testing
 
@@ -70,7 +70,7 @@ Translations
 ------------
 
 Changes to translations as well as new translations can be submitted to
-[Bitcoin Core's Transifex page](https://www.transifex.com/bitcoin/bitcoin/).
+[Bitcoin Core's Transifex page](https://explore.transifex.com/bitcoin/bitcoin/).
 
 Translations are periodically pulled from Transifex and merged into the git repository. See the
 [translation process](doc/translation_process.md) for details on how this works.

ci/README.md

@@ -1,8 +1,8 @@
-## CI Scripts
+# CI Scripts
 
 This directory contains scripts for each build step in each build stage.
 
-### Running a Stage Locally
+## Running a Stage Locally
 
 Be aware that the tests will be built and run in-place, so please run at your own risk.
 If the repository is not a fresh git clone, you might have to clean files from previous builds or test runs first.
@@ -20,14 +20,33 @@ requires `bash`, `docker`, and `python3` to be installed. To run on different ar
 sudo apt install bash docker.io python3 qemu-user-static
 ```
 
-It is recommended to run the ci system in a clean env. To run the test stage
-with a specific configuration,
+For some sanitizer builds, the kernel's address-space layout randomization
+(ASLR) entropy can cause sanitizer shadow memory mappings to fail. When running
+the CI locally you may need to reduce that entropy by running:
 
 ```
-env -i HOME="$HOME" PATH="$PATH" USER="$USER" bash -c 'FILE_ENV="./ci/test/00_setup_env_arm.sh" ./ci/test_run_all.sh'
+sudo sysctl -w vm.mmap_rnd_bits=28
 ```
 
-### Configurations
+To run a test that requires emulating a CPU architecture different from the
+host, we may rely on the container environment recognizing foreign executables
+and automatically running them using `qemu`. The following sets us up to do so
+(also works for `podman`):
+
+```
+docker run --rm --privileged docker.io/multiarch/qemu-user-static --reset -p yes
+```
+
+It is recommended to run the CI system in a clean environment. The `env -i`
+command below ensures that *only* specified environment variables are propagated
+into the local CI.
+To run the test stage with a specific configuration:
+
+```
+env -i HOME="$HOME" PATH="$PATH" USER="$USER" FILE_ENV="./ci/test/00_setup_env_arm.sh" ./ci/test_run_all.sh
+```
+
+## Configurations
 
 The test files (`FILE_ENV`) are constructed to test a wide range of
 configurations, rather than a single pass/fail. This helps to catch build
@@ -43,14 +62,38 @@ It is also possible to force a specific configuration without modifying the
 file. For example,
 
 ```
-env -i HOME="$HOME" PATH="$PATH" USER="$USER" bash -c 'MAKEJOBS="-j1" FILE_ENV="./ci/test/00_setup_env_arm.sh" ./ci/test_run_all.sh'
+env -i HOME="$HOME" PATH="$PATH" USER="$USER" MAKEJOBS="-j1" FILE_ENV="./ci/test/00_setup_env_arm.sh" ./ci/test_run_all.sh
 ```
 
 The files starting with `0n` (`n` greater than 0) are the scripts that are run
 in order.
 
-### Cache
+## Cache
 
 In order to avoid rebuilding all dependencies for each build, the binaries are
 cached and reused when possible. Changes in the dependency-generator will
 trigger cache-invalidation and rebuilds as necessary.
+
+## Configuring a repository for CI
+
+### Primary repository
+
+To configure the primary repository, follow these steps:
+
+1. Register with [Cirrus Runners](https://cirrus-runners.app/) and purchase runners.
+2. Install the Cirrus Runners GitHub app against the GitHub organization.
+3. Enable organisation-level runners to be used in public repositories:
+   1. `Org settings -> Actions -> Runner Groups -> Default -> Allow public repos`
+4. Permit the following actions to run:
+   1. cirruslabs/cache/restore@\*
+   1. cirruslabs/cache/save@\*
+   1. docker/setup-buildx-action@\*
+   1. actions/github-script@\*
+
+### Forked repositories
+
+When used in a fork the CI will run on GitHub's free hosted runners by default.
+In this case, due to GitHub's 10GB-per-repo cache size limitations caches will be frequently evicted and missed, but the workflows will run (slowly).
+
+It is also possible to use your own Cirrus Runners in your own fork with an appropriate patch to the `REPO_USE_CIRRUS_RUNNERS` variable in ../.github/workflows/ci.yml
+NB that Cirrus Runners only work at an organisation level, therefore in order to use your own Cirrus Runners, *the fork must be within your own organisation*.

ci/lint/01_install.sh

@@ -6,16 +6,20 @@
 
 export LC_ALL=C
 
+set -o errexit -o pipefail -o xtrace
+
 export CI_RETRY_EXE="/ci_retry --"
 
 pushd "/"
 
 ${CI_RETRY_EXE} apt-get update
 # Lint dependencies:
+# - cargo (used to run the lint tests)
 # - curl/xz-utils (to install shellcheck)
 # - git (used in many lint scripts)
 # - gpg (used by verify-commits)
-${CI_RETRY_EXE} apt-get install -y curl xz-utils git gpg
+# - moreutils (used by scripted-diff)
+${CI_RETRY_EXE} apt-get install -y cargo curl xz-utils git gpg moreutils
 
 PYTHON_PATH="/python_build"
 if [ ! -d "${PYTHON_PATH}/bin" ]; then
@@ -35,31 +39,19 @@ export PATH="${PYTHON_PATH}/bin:${PATH}"
 command -v python3
 python3 --version
 
-export LINT_RUNNER_PATH="/lint_test_runner"
-if [ ! -d "${LINT_RUNNER_PATH}" ]; then
-  ${CI_RETRY_EXE} apt-get install -y cargo
-  (
-    cd "/test/lint/test_runner" || exit 1
-    cargo build
-    mkdir -p "${LINT_RUNNER_PATH}"
-    mv target/debug/test_runner "${LINT_RUNNER_PATH}"
-  )
-fi
-
 ${CI_RETRY_EXE} pip3 install \
-  codespell==2.2.6 \
-  lief==0.13.2 \
-  mypy==1.4.1 \
-  pyzmq==25.1.0 \
-  ruff==0.5.5 \
-  vulture==2.6
+  lief==0.16.6 \
+  mypy==1.18.2 \
+  pyzmq==27.1.0 \
+  ruff==0.13.2 \
+  vulture==2.14
 
-SHELLCHECK_VERSION=v0.8.0
+SHELLCHECK_VERSION=v0.11.0
 curl -sL "https://github.com/koalaman/shellcheck/releases/download/${SHELLCHECK_VERSION}/shellcheck-${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" | \
     tar --xz -xf - --directory /tmp/
 mv "/tmp/shellcheck-${SHELLCHECK_VERSION}/shellcheck" /usr/bin/
 
-MLC_VERSION=v0.19.0
+MLC_VERSION=v1
 MLC_BIN=mlc-x86_64-linux
 curl -sL "https://github.com/becheran/mlc/releases/download/${MLC_VERSION}/${MLC_BIN}" -o "/usr/bin/mlc"
 chmod +x /usr/bin/mlc

ci/lint/06_script.sh

@@ -6,19 +6,19 @@
 
 export LC_ALL=C
 
-set -ex
+set -o errexit -o pipefail -o xtrace
 
-if [ -n "$CIRRUS_PR" ]; then
+if [ -n "${LINT_CI_IS_PR}" ]; then
   export COMMIT_RANGE="HEAD~..HEAD"
   if [ "$(git rev-list -1 HEAD)" != "$(git rev-list -1 --merges HEAD)" ]; then
-    echo "Error: The top commit must be a merge commit, usually the remote 'pull/${PR_NUMBER}/merge' branch."
+    echo "Error: The top commit must be a merge commit, usually the remote 'pull/<PR_NUMBER>/merge' branch."
     false
   fi
 fi
 
-RUST_BACKTRACE=1 "${LINT_RUNNER_PATH}/test_runner"
+RUST_BACKTRACE=1 cargo run --manifest-path "./test/lint/test_runner/Cargo.toml"
 
-if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ "$CIRRUS_PR" = "" ] ; then
+if [ "${LINT_CI_SANITY_CHECK_COMMIT_SIG}" = "1" ] ; then
     # Sanity check only the last few commits to get notified of missing sigs,
     # missing keys, or expired keys. Usually there is only one new merge commit
     # per push on the master branch and a few commits on release branches, so

ci/lint/container-entrypoint.sh

@@ -11,7 +11,6 @@ export LC_ALL=C
 git config --global --add safe.directory /bitcoin
 
 export PATH="/python_build/bin:${PATH}"
-export LINT_RUNNER_PATH="/lint_test_runner"
 
 if [ -z "$1" ]; then
   bash -ic "./ci/lint/06_script.sh"

ci/lint_imagefile

@@ -4,7 +4,7 @@
 
 # See test/lint/README.md for usage.
 
-FROM mirror.gcr.io/debian:bookworm
+FROM mirror.gcr.io/ubuntu:24.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL=C.UTF-8
@@ -12,8 +12,7 @@ ENV LC_ALL=C.UTF-8
 COPY ./ci/retry/retry /ci_retry
 COPY ./.python-version /.python-version
 COPY ./ci/lint/container-entrypoint.sh /entrypoint.sh
-COPY ./ci/lint/04_install.sh /install.sh
-COPY ./test/lint/test_runner /test/lint/test_runner
+COPY ./ci/lint/01_install.sh /install.sh
 
 RUN /install.sh && \
   echo 'alias lint="./ci/lint/06_script.sh"' >> ~/.bashrc && \

ci/lint_run_all.sh

@@ -1,17 +0,0 @@
-#!/usr/bin/env bash
-#
-# Copyright (c) 2019-present The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-
-export LC_ALL=C.UTF-8
-
-# Only used in .cirrus.yml. Refer to test/lint/README.md on how to run locally.
-
-cp "./ci/retry/retry" "/ci_retry"
-cp "./.python-version" "/.python-version"
-mkdir --parents "/test/lint"
-cp --recursive "./test/lint/test_runner" "/test/lint/"
-set -o errexit; source ./ci/lint/04_install.sh
-set -o errexit
-./ci/lint/06_script.sh

ci/test/00_setup_env.sh

@@ -6,7 +6,7 @@
 
 export LC_ALL=C.UTF-8
 
-set -ex
+set -o errexit -o pipefail -o xtrace
 
 # The source root dir, usually from git, usually read-only.
 # The ci system copies this folder.
@@ -22,9 +22,6 @@ export DEPENDS_DIR=${DEPENDS_DIR:-$BASE_ROOT_DIR/depends}
 # A folder for the ci system to put temporary files (build result, datadirs for tests, ...)
 # This folder only exists on the ci guest.
 export BASE_SCRATCH_DIR=${BASE_SCRATCH_DIR:-$BASE_ROOT_DIR/ci/scratch}
-# A folder for the ci system to put executables.
-# This folder only exists on the ci guest.
-export BINS_SCRATCH_DIR="${BASE_SCRATCH_DIR}/bins/"
 
 echo "Setting specific values in env"
 if [ -n "${FILE_ENV}" ]; then
@@ -35,9 +32,7 @@ fi
 
 echo "Fallback to default values in env (if not yet set)"
 # The number of parallel jobs to pass down to make and test_runner.py
-export MAKEJOBS=${MAKEJOBS:--j4}
-# Whether to prefer BusyBox over GNU utilities
-export USE_BUSY_BOX=${USE_BUSY_BOX:-false}
+export MAKEJOBS=${MAKEJOBS:--j$(if command -v nproc > /dev/null 2>&1; then nproc; else sysctl -n hw.logicalcpu; fi)}
 
 export RUN_UNIT_TESTS=${RUN_UNIT_TESTS:-true}
 export RUN_FUNCTIONAL_TESTS=${RUN_FUNCTIONAL_TESTS:-true}
@@ -64,7 +59,7 @@ export BASE_OUTDIR=${BASE_OUTDIR:-$BASE_SCRATCH_DIR/out}
 # The folder for previous release binaries.
 # This folder exists only on the ci guest, and on the ci host as a volume.
 export PREVIOUS_RELEASES_DIR=${PREVIOUS_RELEASES_DIR:-$BASE_ROOT_DIR/prev_releases}
-export CI_BASE_PACKAGES=${CI_BASE_PACKAGES:-build-essential pkgconf curl ca-certificates ccache python3 rsync git procps bison e2fsprogs cmake}
+export CI_BASE_PACKAGES=${CI_BASE_PACKAGES:-build-essential pkgconf curl ca-certificates ccache python3-dev rsync git procps bison e2fsprogs cmake ninja-build}
 export GOAL=${GOAL:-install}
 export DIR_QA_ASSETS=${DIR_QA_ASSETS:-${BASE_SCRATCH_DIR}/qa-assets}
 export CI_RETRY_EXE=${CI_RETRY_EXE:-"retry --"}

ci/test/00_setup_env_arm.sh

@@ -8,14 +8,16 @@ export LC_ALL=C.UTF-8
 
 export HOST=arm-linux-gnueabihf
 export DPKG_ADD_ARCH="armhf"
-export PACKAGES="python3-zmq g++-arm-linux-gnueabihf busybox libc6:armhf libstdc++6:armhf libfontconfig1:armhf libxcb1:armhf"
+export PACKAGES="python3-zmq g++-arm-linux-gnueabihf libc6:armhf libstdc++6:armhf libfontconfig1:armhf libxcb1:armhf"
 export CONTAINER_NAME=ci_arm_linux
-export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:noble"  # Check that https://packages.ubuntu.com/noble/g++-arm-linux-gnueabihf (version 13.3, similar to guix) can cross-compile
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie"  # Check that https://packages.debian.org/trixie/g++-arm-linux-gnueabihf (version 14.x, similar to guix) can cross-compile
 export CI_IMAGE_PLATFORM="linux/arm64"
-export USE_BUSY_BOX=true
-export RUN_UNIT_TESTS=true
-export RUN_FUNCTIONAL_TESTS=false
 export GOAL="install"
+export CI_LIMIT_STACK_SIZE=1
 # -Wno-psabi is to disable ABI warnings: "note: parameter passing for argument of type ... changed in GCC 7.1"
 # This could be removed once the ABI change warning does not show up by default
-export BITCOIN_CONFIG="-DREDUCE_EXPORTS=ON -DCMAKE_CXX_FLAGS='-Wno-psabi -Wno-error=maybe-uninitialized'"
+export BITCOIN_CONFIG=" \
+  --preset=dev-mode \
+  -DREDUCE_EXPORTS=ON \
+  -DCMAKE_CXX_FLAGS='-Wno-psabi -Wno-error=maybe-uninitialized' \
+"

ci/test/00_setup_env_i686_no_ipc.sh

@@ -7,17 +7,19 @@
 export LC_ALL=C.UTF-8
 
 export HOST=i686-pc-linux-gnu
-export CONTAINER_NAME=ci_i686_multiprocess
-export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
+export CONTAINER_NAME=ci_i686_no_multiprocess
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie"
 export CI_IMAGE_PLATFORM="linux/amd64"
 export PACKAGES="llvm clang g++-multilib"
-export DEP_OPTS="DEBUG=1 MULTIPROCESS=1"
+export DEP_OPTS="DEBUG=1 NO_IPC=1"
 export GOAL="install"
-export TEST_RUNNER_EXTRA="--v2transport"
+export CI_LIMIT_STACK_SIZE=1
+export TEST_RUNNER_EXTRA="--v2transport --usecli"
 export BITCOIN_CONFIG="\
+ --preset=dev-mode \
+ -DENABLE_IPC=OFF \
  -DCMAKE_BUILD_TYPE=Debug \
  -DCMAKE_C_COMPILER='clang;-m32' \
  -DCMAKE_CXX_COMPILER='clang++;-m32' \
  -DAPPEND_CPPFLAGS='-DBOOST_MULTI_INDEX_ENABLE_SAFE_MODE' \
 "
-export BITCOIND=bitcoin-node  # Used in functional tests

ci/test/00_setup_env_mac_cross.sh

@@ -9,12 +9,16 @@ export LC_ALL=C.UTF-8
 export SDK_URL=${SDK_URL:-https://bitcoincore.org/depends-sources/sdks}
 
 export CONTAINER_NAME=ci_macos_cross
-export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
-export HOST=x86_64-apple-darwin
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie" # Check that https://packages.debian.org/trixie/clang (version 19, similar to guix) can cross-compile
+export HOST=arm64-apple-darwin
 export PACKAGES="clang lld llvm zip"
 export XCODE_VERSION=15.0
 export XCODE_BUILD_ID=15A240d
 export RUN_UNIT_TESTS=false
 export RUN_FUNCTIONAL_TESTS=false
 export GOAL="deploy"
-export BITCOIN_CONFIG="-DBUILD_GUI=ON -DREDUCE_EXPORTS=ON"
+export BITCOIN_CONFIG="\
+ --preset=dev-mode \
+ -DWITH_USDT=OFF \
+ -DREDUCE_EXPORTS=ON \
+"

ci/test/00_setup_env_mac_cross_intel.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2019-present The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+export LC_ALL=C.UTF-8
+
+export SDK_URL=${SDK_URL:-https://bitcoincore.org/depends-sources/sdks}
+
+export CONTAINER_NAME=ci_macos_cross_intel
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie" # Check that https://packages.debian.org/trixie/clang (version 19, similar to guix) can cross-compile
+export HOST=x86_64-apple-darwin
+export PACKAGES="clang lld llvm zip"
+export XCODE_VERSION=15.0
+export XCODE_BUILD_ID=15A240d
+export RUN_UNIT_TESTS=false
+export RUN_FUNCTIONAL_TESTS=false
+export GOAL="deploy"
+export BITCOIN_CONFIG="\
+ --preset=dev-mode \
+ -DWITH_USDT=OFF \
+ -DREDUCE_EXPORTS=ON \
+"

ci/test/00_setup_env_mac_native.sh

@@ -6,12 +6,17 @@
 
 export LC_ALL=C.UTF-8
 
-# Homebrew's python@3.12 is marked as externally managed (PEP 668).
-# Therefore, `--break-system-packages` is needed.
-export PIP_PACKAGES="--break-system-packages zmq"
-export GOAL="install"
+export CONTAINER_NAME="ci_mac_native"  # macos does not use a container, but the env var is needed for logging
+export PIP_PACKAGES="--break-system-packages pycapnp zmq"
+export GOAL="install deploy"
 export CMAKE_GENERATOR="Ninja"
-export BITCOIN_CONFIG="-DBUILD_GUI=ON -DWITH_ZMQ=ON -DREDUCE_EXPORTS=ON"
 export CI_OS_NAME="macos"
 export NO_DEPENDS=1
 export OSX_SDK=""
+export BITCOIN_CONFIG="\
+  --preset=dev-mode \
+  -DWITH_USDT=OFF \
+  -DREDUCE_EXPORTS=ON \
+  -DCMAKE_EXE_LINKER_FLAGS='-Wl,-stack_size -Wl,0x80000' \
+"
+export BITCOIN_CMD="bitcoin -m" # Used in functional tests

ci/test/00_setup_env_mac_native_fuzz.sh

@@ -6,8 +6,9 @@
 
 export LC_ALL=C.UTF-8
 
+export CONTAINER_NAME="ci_mac_native_fuzz"  # macos does not use a container, but the env var is needed for logging
 export CMAKE_GENERATOR="Ninja"
-export BITCOIN_CONFIG="-DBUILD_FOR_FUZZING=ON"
+export BITCOIN_CONFIG="-DBUILD_FOR_FUZZING=ON -DCMAKE_EXE_LINKER_FLAGS='-Wl,-stack_size -Wl,0x80000' -DAPPEND_CPPFLAGS='-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_DEBUG'"
 export CI_OS_NAME="macos"
 export NO_DEPENDS=1
 export OSX_SDK=""

ci/test/00_setup_env_native_alpine_musl.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2020-present The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+export LC_ALL=C.UTF-8
+
+export CONTAINER_NAME=ci_native_alpine_musl
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/alpine:3.22"
+export CI_BASE_PACKAGES="build-base musl-dev pkgconf curl ccache make ninja git python3-dev py3-pip which patch xz procps rsync util-linux bison e2fsprogs cmake dash linux-headers"
+export PIP_PACKAGES="--break-system-packages pyzmq pycapnp"
+export DEP_OPTS="DEBUG=1"
+export GOAL="install"
+export BITCOIN_CONFIG="\
+ --preset=dev-mode \
+ -DREDUCE_EXPORTS=ON \
+ -DCMAKE_BUILD_TYPE=Debug \
+"
+export BITCOIN_CMD="bitcoin -m" # Used in functional tests

ci/test/00_setup_env_native_asan.sh

@@ -19,17 +19,20 @@ else
 fi
 
 export CONTAINER_NAME=ci_native_asan
-export APT_LLVM_V="20"
-export PACKAGES="systemtap-sdt-dev clang-${APT_LLVM_V} llvm-${APT_LLVM_V} libclang-rt-${APT_LLVM_V}-dev python3-zmq qtbase5-dev qttools5-dev qttools5-dev-tools libevent-dev libboost-dev libdb5.3++-dev libzmq3-dev libqrencode-dev libsqlite3-dev ${BPFCC_PACKAGE}"
+export APT_LLVM_V="21"
+export PACKAGES="systemtap-sdt-dev clang-${APT_LLVM_V} llvm-${APT_LLVM_V} libclang-rt-${APT_LLVM_V}-dev mold python3-zmq qt6-base-dev qt6-tools-dev qt6-l10n-tools libevent-dev libboost-dev libzmq3-dev libqrencode-dev libsqlite3-dev ${BPFCC_PACKAGE} libcapnp-dev capnproto python3-pip"
+export PIP_PACKAGES="--break-system-packages pycapnp"
 export NO_DEPENDS=1
 export GOAL="install"
+export CI_LIMIT_STACK_SIZE=1
 export BITCOIN_CONFIG="\
- -DWITH_USDT=ON -DWITH_ZMQ=ON -DWITH_BDB=ON -DWARN_INCOMPATIBLE_BDB=OFF -DBUILD_GUI=ON \
+ --preset=dev-mode \
  -DSANITIZERS=address,float-divide-by-zero,integer,undefined \
- -DCMAKE_C_COMPILER=clang-${APT_LLVM_V} \
- -DCMAKE_CXX_COMPILER=clang++-${APT_LLVM_V} \
+ -DCMAKE_C_COMPILER=clang \
+ -DCMAKE_CXX_COMPILER=clang++ \
  -DCMAKE_C_FLAGS='-ftrivial-auto-var-init=pattern' \
- -DCMAKE_CXX_FLAGS='-ftrivial-auto-var-init=pattern -Wno-error=deprecated-declarations' \
+ -DCMAKE_CXX_FLAGS='-ftrivial-auto-var-init=pattern' \
+ -DCMAKE_EXE_LINKER_FLAGS='-fuse-ld=mold' \
  -DAPPEND_CXXFLAGS='-std=c++23' \
  -DAPPEND_CPPFLAGS='-DARENA_DEBUG -DDEBUG_LOCKORDER' \
 "

ci/test/00_setup_env_native_centos.sh

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-#
-# Copyright (c) 2020-present The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-
-export LC_ALL=C.UTF-8
-
-export CONTAINER_NAME=ci_native_centos
-export CI_IMAGE_NAME_TAG="quay.io/centos/centos:stream10"
-export CI_BASE_PACKAGES="gcc-c++ glibc-devel libstdc++-devel ccache make git python3 python3-pip which patch xz procps-ng ksh rsync coreutils bison e2fsprogs cmake"
-export PIP_PACKAGES="pyzmq"
-export DEP_OPTS="DEBUG=1"  # Temporarily enable a DEBUG=1 build to check for GCC-bug-117966 regressions. This can be removed once the minimum GCC version is bumped to 12 in the previous releases task, see https://github.com/bitcoin/bitcoin/issues/31436#issuecomment-2530717875
-export GOAL="install"
-export BITCOIN_CONFIG="-DWITH_ZMQ=ON -DBUILD_GUI=ON -DREDUCE_EXPORTS=ON -DCMAKE_BUILD_TYPE=Debug"

ci/test/00_setup_env_native_fuzz.sh

@@ -8,8 +8,8 @@ export LC_ALL=C.UTF-8
 
 export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
 export CONTAINER_NAME=ci_native_fuzz
-export APT_LLVM_V="20"
-export PACKAGES="clang-${APT_LLVM_V} llvm-${APT_LLVM_V} libclang-rt-${APT_LLVM_V}-dev libevent-dev libboost-dev libsqlite3-dev"
+export APT_LLVM_V="21"
+export PACKAGES="clang-${APT_LLVM_V} llvm-${APT_LLVM_V} libclang-rt-${APT_LLVM_V}-dev libevent-dev libboost-dev libsqlite3-dev libcapnp-dev capnproto"
 export NO_DEPENDS=1
 export RUN_UNIT_TESTS=false
 export RUN_FUNCTIONAL_TESTS=false
@@ -19,9 +19,8 @@ export CI_CONTAINER_CAP="--cap-add SYS_PTRACE"  # If run with (ASan + LSan), the
 export BITCOIN_CONFIG="\
  -DBUILD_FOR_FUZZING=ON \
  -DSANITIZERS=fuzzer,address,undefined,float-divide-by-zero,integer \
- -DCMAKE_C_COMPILER=clang-${APT_LLVM_V} \
- -DCMAKE_CXX_COMPILER=clang++-${APT_LLVM_V} \
+ -DCMAKE_C_COMPILER=clang \
+ -DCMAKE_CXX_COMPILER=clang++ \
  -DCMAKE_C_FLAGS='-ftrivial-auto-var-init=pattern' \
  -DCMAKE_CXX_FLAGS='-ftrivial-auto-var-init=pattern' \
 "
-export LLVM_SYMBOLIZER_PATH="/usr/bin/llvm-symbolizer-${APT_LLVM_V}"

ci/test/00_setup_env_native_fuzz_with_msan.sh

@@ -7,15 +7,16 @@
 export LC_ALL=C.UTF-8
 
 export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
-LIBCXX_DIR="/msan/cxx_build/"
+export APT_LLVM_V="21"
+LIBCXX_DIR="/cxx_build/"
 export MSAN_FLAGS="-fsanitize=memory -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer -g -O1 -fno-optimize-sibling-calls"
-LIBCXX_FLAGS="-nostdinc++ -nostdlib++ -isystem ${LIBCXX_DIR}include/c++/v1 -L${LIBCXX_DIR}lib -Wl,-rpath,${LIBCXX_DIR}lib -lc++ -lc++abi -lpthread -Wno-unused-command-line-argument"
+# -lstdc++ to resolve link issues due to upstream packaging
+LIBCXX_FLAGS="-nostdinc++ -nostdlib++ -isystem ${LIBCXX_DIR}include/c++/v1 -L${LIBCXX_DIR}lib -Wl,-rpath,${LIBCXX_DIR}lib -lc++ -lc++abi -lpthread -Wno-unused-command-line-argument -lstdc++"
 export MSAN_AND_LIBCXX_FLAGS="${MSAN_FLAGS} ${LIBCXX_FLAGS}"
 
 export CONTAINER_NAME="ci_native_fuzz_msan"
-export PACKAGES="ninja-build"
-# BDB generates false-positives and will be removed in future
-export DEP_OPTS="DEBUG=1 NO_BDB=1 NO_QT=1 CC=clang CXX=clang++ CFLAGS='${MSAN_FLAGS}' CXXFLAGS='${MSAN_AND_LIBCXX_FLAGS}'"
+export PACKAGES="clang-${APT_LLVM_V} llvm-${APT_LLVM_V} llvm-${APT_LLVM_V}-dev libclang-${APT_LLVM_V}-dev libclang-rt-${APT_LLVM_V}-dev"
+export DEP_OPTS="DEBUG=1 NO_QT=1 CC=clang CXX=clang++ CFLAGS='${MSAN_FLAGS}' CXXFLAGS='${MSAN_AND_LIBCXX_FLAGS}'"
 export GOAL="all"
 # Setting CMAKE_{C,CXX}_FLAGS_DEBUG flags to an empty string ensures that the flags set in MSAN_FLAGS remain unaltered.
 # _FORTIFY_SOURCE is not compatible with MSAN.
@@ -24,10 +25,10 @@ export BITCOIN_CONFIG="\
  -DCMAKE_C_FLAGS_DEBUG='' \
  -DCMAKE_CXX_FLAGS_DEBUG='' \
  -DBUILD_FOR_FUZZING=ON \
- -DSANITIZERS=fuzzer,memory \
+ -DSANITIZERS=memory \
  -DAPPEND_CPPFLAGS='-DBOOST_MULTI_INDEX_ENABLE_SAFE_MODE -U_FORTIFY_SOURCE' \
 "
-export USE_MEMORY_SANITIZER="true"
+export USE_INSTRUMENTED_LIBCPP="MemoryWithOrigins"
 export RUN_UNIT_TESTS="false"
 export RUN_FUNCTIONAL_TESTS="false"
 export RUN_FUZZ_TESTS=true

ci/test/00_setup_env_native_fuzz_with_valgrind.sh

@@ -6,9 +6,9 @@
 
 export LC_ALL=C.UTF-8
 
-export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie"
 export CONTAINER_NAME=ci_native_fuzz_valgrind
-export PACKAGES="clang-16 llvm-16 libclang-rt-16-dev libevent-dev libboost-dev libsqlite3-dev valgrind"
+export PACKAGES="libevent-dev libboost-dev libsqlite3-dev valgrind libcapnp-dev capnproto"
 export NO_DEPENDS=1
 export RUN_UNIT_TESTS=false
 export RUN_FUNCTIONAL_TESTS=false
@@ -17,8 +17,5 @@ export FUZZ_TESTS_CONFIG="--valgrind"
 export GOAL="all"
 export BITCOIN_CONFIG="\
  -DBUILD_FOR_FUZZING=ON \
- -DSANITIZERS=fuzzer \
- -DCMAKE_C_COMPILER=clang-16 \
- -DCMAKE_CXX_COMPILER=clang++-16 \
+ -DCMAKE_CXX_FLAGS='-Wno-error=array-bounds' \
 "
-export LLVM_SYMBOLIZER_PATH="/usr/bin/llvm-symbolizer-16"

ci/test/00_setup_env_native_iwyu.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2023-present The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+export LC_ALL=C.UTF-8
+
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie"  # To build codegen, CMake must be 3.31 or newer.
+export CONTAINER_NAME=ci_native_iwyu
+export TIDY_LLVM_V="21"
+export APT_LLVM_V="${TIDY_LLVM_V}"
+export PACKAGES="clang-${TIDY_LLVM_V} clang-format-${TIDY_LLVM_V} libclang-${TIDY_LLVM_V}-dev llvm-${TIDY_LLVM_V}-dev jq libevent-dev libboost-dev libzmq3-dev systemtap-sdt-dev qt6-base-dev qt6-tools-dev qt6-l10n-tools libqrencode-dev libsqlite3-dev libcapnp-dev capnproto"
+export NO_DEPENDS=1
+export RUN_UNIT_TESTS=false
+export RUN_FUNCTIONAL_TESTS=false
+export RUN_FUZZ_TESTS=false
+export RUN_CHECK_DEPS=false
+export RUN_IWYU=true
+export GOAL="codegen"
+export BITCOIN_CONFIG="\
+ --preset dev-mode -DBUILD_GUI=OFF \
+ -DCMAKE_C_COMPILER=clang-${TIDY_LLVM_V} \
+ -DCMAKE_CXX_COMPILER=clang++-${TIDY_LLVM_V} \
+"

ci/test/00_setup_env_native_msan.sh

@@ -7,23 +7,27 @@
 export LC_ALL=C.UTF-8
 
 export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
-LIBCXX_DIR="/msan/cxx_build/"
+export APT_LLVM_V="21"
+LIBCXX_DIR="/cxx_build/"
 export MSAN_FLAGS="-fsanitize=memory -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer -g -O1 -fno-optimize-sibling-calls"
 LIBCXX_FLAGS="-nostdinc++ -nostdlib++ -isystem ${LIBCXX_DIR}include/c++/v1 -L${LIBCXX_DIR}lib -Wl,-rpath,${LIBCXX_DIR}lib -lc++ -lc++abi -lpthread -Wno-unused-command-line-argument"
 export MSAN_AND_LIBCXX_FLAGS="${MSAN_FLAGS} ${LIBCXX_FLAGS}"
 
 export CONTAINER_NAME="ci_native_msan"
-export PACKAGES="ninja-build"
-# BDB generates false-positives and will be removed in future
-export DEP_OPTS="DEBUG=1 NO_BDB=1 NO_QT=1 CC=clang CXX=clang++ CFLAGS='${MSAN_FLAGS}' CXXFLAGS='${MSAN_AND_LIBCXX_FLAGS}'"
+export PACKAGES="clang-${APT_LLVM_V} llvm-${APT_LLVM_V} llvm-${APT_LLVM_V}-dev libclang-${APT_LLVM_V}-dev libclang-rt-${APT_LLVM_V}-dev python3-pip"
+export PIP_PACKAGES="--break-system-packages pycapnp"
+export DEP_OPTS="DEBUG=1 NO_QT=1 CC=clang CXX=clang++ CFLAGS='${MSAN_FLAGS}' CXXFLAGS='${MSAN_AND_LIBCXX_FLAGS}'"
 export GOAL="install"
+export CI_LIMIT_STACK_SIZE=1
 # Setting CMAKE_{C,CXX}_FLAGS_DEBUG flags to an empty string ensures that the flags set in MSAN_FLAGS remain unaltered.
 # _FORTIFY_SOURCE is not compatible with MSAN.
 export BITCOIN_CONFIG="\
+ --preset=dev-mode \
+ -DBUILD_GUI=OFF \
  -DCMAKE_BUILD_TYPE=Debug \
  -DCMAKE_C_FLAGS_DEBUG='' \
  -DCMAKE_CXX_FLAGS_DEBUG='' \
  -DSANITIZERS=memory \
  -DAPPEND_CPPFLAGS='-U_FORTIFY_SOURCE' \
 "
-export USE_MEMORY_SANITIZER="true"
+export USE_INSTRUMENTED_LIBCPP="MemoryWithOrigins"

ci/test/00_setup_env_native_nowallet.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2019-present The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+export LC_ALL=C.UTF-8
+
+export CONTAINER_NAME=ci_native_nowallet
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
+# Use minimum supported python3.10 (or best-effort 3.12) and clang-17, see doc/dependencies.md
+export PACKAGES="python3-zmq python3-pip clang-17 llvm-17 libc++abi-17-dev libc++-17-dev"
+export PIP_PACKAGES="--break-system-packages pycapnp"
+export DEP_OPTS="NO_WALLET=1 CC=clang-17 CXX='clang++-17 -stdlib=libc++'"
+export GOAL="install"
+export BITCOIN_CONFIG="\
+  --preset=dev-mode \
+  -DREDUCE_EXPORTS=ON \
+  -DENABLE_WALLET=OFF \
+"

ci/test/00_setup_env_native_nowallet_libbitcoinkernel.sh

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-#
-# Copyright (c) 2019-present The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-
-export LC_ALL=C.UTF-8
-
-export CONTAINER_NAME=ci_native_nowallet_libbitcoinkernel
-export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:bookworm"
-# Use minimum supported python3.10 (or best-effort 3.11) and clang-16, see doc/dependencies.md
-export PACKAGES="python3-zmq clang-16 llvm-16 libc++abi-16-dev libc++-16-dev"
-export DEP_OPTS="NO_WALLET=1 CC=clang-16 CXX='clang++-16 -stdlib=libc++'"
-export GOAL="install"
-export BITCOIN_CONFIG="-DREDUCE_EXPORTS=ON -DBUILD_UTIL_CHAINSTATE=ON -DBUILD_KERNEL_LIB=ON -DBUILD_SHARED_LIBS=ON"

ci/test/00_setup_env_native_previous_releases.sh

@@ -8,20 +8,20 @@ export LC_ALL=C.UTF-8
 
 export CONTAINER_NAME=ci_native_previous_releases
 export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:22.04"
-# Use minimum supported python3.10 and gcc-11, see doc/dependencies.md
-export PACKAGES="gcc-11 g++-11 python3-zmq"
-export DEP_OPTS="DEBUG=1 CC=gcc-11 CXX=g++-11"
+# Use minimum supported python3.10 and gcc-12, see doc/dependencies.md
+export PACKAGES="gcc-12 g++-12 python3-zmq"
+export DEP_OPTS="CC=gcc-12 CXX=g++-12"
 export TEST_RUNNER_EXTRA="--previous-releases --coverage --extended --exclude feature_dbcrash"  # Run extended tests so that coverage does not fail, but exclude the very slow dbcrash
-export RUN_UNIT_TESTS_SEQUENTIAL="true"
-export RUN_UNIT_TESTS="false"
 export GOAL="install"
+export CI_LIMIT_STACK_SIZE=1
 export DOWNLOAD_PREVIOUS_RELEASES="true"
 export BITCOIN_CONFIG="\
- -DWITH_ZMQ=ON -DBUILD_GUI=ON -DREDUCE_EXPORTS=ON \
+ --preset=dev-mode \
+ -DREDUCE_EXPORTS=ON \
  -DCMAKE_BUILD_TYPE=Debug \
  -DCMAKE_C_FLAGS='-funsigned-char' \
- -DCMAKE_C_FLAGS_DEBUG='-g0 -O2' \
+ -DCMAKE_C_FLAGS_DEBUG='-g2 -O2' \
  -DCMAKE_CXX_FLAGS='-funsigned-char' \
- -DCMAKE_CXX_FLAGS_DEBUG='-g0 -O2' \
+ -DCMAKE_CXX_FLAGS_DEBUG='-g2 -O2' \
  -DAPPEND_CPPFLAGS='-DBOOST_MULTI_INDEX_ENABLE_SAFE_MODE' \
 "

ci/test/00_setup_env_native_tidy.sh

@@ -8,9 +8,9 @@ export LC_ALL=C.UTF-8
 
 export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
 export CONTAINER_NAME=ci_native_tidy
-export TIDY_LLVM_V="19"
+export TIDY_LLVM_V="21"
 export APT_LLVM_V="${TIDY_LLVM_V}"
-export PACKAGES="clang-${TIDY_LLVM_V} libclang-${TIDY_LLVM_V}-dev llvm-${TIDY_LLVM_V}-dev libomp-${TIDY_LLVM_V}-dev clang-tidy-${TIDY_LLVM_V} jq libevent-dev libboost-dev libzmq3-dev systemtap-sdt-dev qtbase5-dev qttools5-dev qttools5-dev-tools libqrencode-dev libsqlite3-dev libdb++-dev"
+export PACKAGES="clang-${TIDY_LLVM_V} libclang-${TIDY_LLVM_V}-dev llvm-${TIDY_LLVM_V}-dev libomp-${TIDY_LLVM_V}-dev clang-tidy-${TIDY_LLVM_V} jq libevent-dev libboost-dev libzmq3-dev systemtap-sdt-dev qt6-base-dev qt6-tools-dev qt6-l10n-tools libqrencode-dev libsqlite3-dev libcapnp-dev capnproto"
 export NO_DEPENDS=1
 export RUN_UNIT_TESTS=false
 export RUN_FUNCTIONAL_TESTS=false
@@ -19,8 +19,7 @@ export RUN_CHECK_DEPS=true
 export RUN_TIDY=true
 export GOAL="install"
 export BITCOIN_CONFIG="\
- -DWITH_ZMQ=ON -DBUILD_GUI=ON -DBUILD_BENCH=ON -DWITH_USDT=ON -DWITH_BDB=ON -DWARN_INCOMPATIBLE_BDB=OFF \
- -DENABLE_HARDENING=OFF \
+ --preset dev-mode \
  -DCMAKE_C_COMPILER=clang-${TIDY_LLVM_V} \
  -DCMAKE_CXX_COMPILER=clang++-${TIDY_LLVM_V} \
  -DCMAKE_C_FLAGS_RELWITHDEBINFO='-O0 -g0' \

ci/test/00_setup_env_native_tsan.sh

@@ -8,9 +8,18 @@ export LC_ALL=C.UTF-8
 
 export CONTAINER_NAME=ci_native_tsan
 export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
-export APT_LLVM_V="20"
-export PACKAGES="clang-${APT_LLVM_V} llvm-${APT_LLVM_V} libclang-rt-${APT_LLVM_V}-dev libc++abi-${APT_LLVM_V}-dev libc++-${APT_LLVM_V}-dev python3-zmq"
-export DEP_OPTS="CC=clang-${APT_LLVM_V} CXX='clang++-${APT_LLVM_V} -stdlib=libc++'"
+export APT_LLVM_V="21"
+LIBCXX_DIR="/cxx_build/"
+LIBCXX_FLAGS="-fsanitize=thread -nostdinc++ -nostdlib++ -isystem ${LIBCXX_DIR}include/c++/v1 -L${LIBCXX_DIR}lib -Wl,-rpath,${LIBCXX_DIR}lib -lc++ -lc++abi -lpthread -Wno-unused-command-line-argument"
+export PACKAGES="clang-${APT_LLVM_V} llvm-${APT_LLVM_V} llvm-${APT_LLVM_V}-dev libclang-${APT_LLVM_V}-dev libclang-rt-${APT_LLVM_V}-dev python3-zmq python3-pip"
+export PIP_PACKAGES="--break-system-packages pycapnp"
+export DEP_OPTS="CC=clang CXX=clang++ CXXFLAGS='${LIBCXX_FLAGS}' NO_QT=1"
 export GOAL="install"
-export BITCOIN_CONFIG="-DWITH_ZMQ=ON -DSANITIZERS=thread \
--DAPPEND_CPPFLAGS='-DARENA_DEBUG -DDEBUG_LOCKORDER -DDEBUG_LOCKCONTENTION -D_LIBCPP_REMOVE_TRANSITIVE_INCLUDES'"
+export CI_LIMIT_STACK_SIZE=1
+export BITCOIN_CONFIG="\
+  --preset=dev-mode \
+  -DBUILD_GUI=OFF \
+  -DSANITIZERS=thread \
+  -DAPPEND_CPPFLAGS='-DARENA_DEBUG -DDEBUG_LOCKCONTENTION -D_LIBCPP_REMOVE_TRANSITIVE_INCLUDES' \
+"
+export USE_INSTRUMENTED_LIBCPP="Thread"

ci/test/00_setup_env_native_valgrind.sh

@@ -6,16 +6,18 @@
 
 export LC_ALL=C.UTF-8
 
-export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie"
 export CONTAINER_NAME=ci_native_valgrind
-export PACKAGES="valgrind clang-16 llvm-16 libclang-rt-16-dev python3-zmq libevent-dev libboost-dev libdb5.3++-dev libzmq3-dev libsqlite3-dev"
+export PACKAGES="valgrind python3-zmq libevent-dev libboost-dev libzmq3-dev libsqlite3-dev libcapnp-dev capnproto python3-pip"
+export PIP_PACKAGES="--break-system-packages pycapnp"
 export USE_VALGRIND=1
 export NO_DEPENDS=1
-export TEST_RUNNER_EXTRA="--exclude feature_init,rpc_bind,feature_bind_extra"  # feature_init excluded for now, see https://github.com/bitcoin/bitcoin/issues/30011 ; bind tests excluded for now, see https://github.com/bitcoin/bitcoin/issues/17765#issuecomment-602068547
+# bind tests excluded for now, see https://github.com/bitcoin/bitcoin/issues/17765#issuecomment-602068547
+export TEST_RUNNER_EXTRA="--exclude rpc_bind --exclude feature_bind_extra"
 export GOAL="install"
 # TODO enable GUI
 export BITCOIN_CONFIG="\
- -DWITH_ZMQ=ON -DWITH_BDB=ON -DWARN_INCOMPATIBLE_BDB=OFF -DBUILD_GUI=OFF \
- -DCMAKE_C_COMPILER=clang-16 \
- -DCMAKE_CXX_COMPILER=clang++-16 \
+  --preset=dev-mode \
+ -DBUILD_GUI=OFF \
+ -DWITH_USDT=OFF \
 "

ci/test/00_setup_env_s390x.sh

@@ -9,9 +9,13 @@ export LC_ALL=C.UTF-8
 export HOST=s390x-linux-gnu
 export PACKAGES="python3-zmq"
 export CONTAINER_NAME=ci_s390x
-export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie"
 export CI_IMAGE_PLATFORM="linux/s390x"
-export TEST_RUNNER_EXTRA="--exclude rpc_bind,feature_bind_extra"  # Excluded for now, see https://github.com/bitcoin/bitcoin/issues/17765#issuecomment-602068547
+# bind tests excluded for now, see https://github.com/bitcoin/bitcoin/issues/17765#issuecomment-602068547
+export TEST_RUNNER_EXTRA="--exclude rpc_bind --exclude feature_bind_extra"
 export RUN_FUNCTIONAL_TESTS=true
 export GOAL="install"
-export BITCOIN_CONFIG="-DREDUCE_EXPORTS=ON"
+export BITCOIN_CONFIG="\
+  --preset=dev-mode \
+  -DREDUCE_EXPORTS=ON \
+"

ci/test/00_setup_env_win64.sh

@@ -1,21 +1,22 @@
 #!/usr/bin/env bash
 #
-# Copyright (c) 2019-present The Bitcoin Core developers
+# Copyright (c) 2025-present The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 export LC_ALL=C.UTF-8
 
 export CONTAINER_NAME=ci_win64
-export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:noble"  # Check that g++-mingw-w64-x86-64-posix (version 13.2, similar to guix) can cross-compile
-export CI_IMAGE_PLATFORM="linux/amd64"
-export HOST=x86_64-w64-mingw32
-export DPKG_ADD_ARCH="i386"
-export PACKAGES="nsis g++-mingw-w64-x86-64-posix wine-binfmt wine64 wine32 file"
-# Install wine, but do not run unit tests, as they surface frequent
-# false-positives.
-export RUN_UNIT_TESTS=${RUN_UNIT_TESTS:-false}
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie"  # Check that https://packages.debian.org/trixie/g++-mingw-w64-ucrt64 can cross-compile
+export HOST=x86_64-w64-mingw32ucrt
+export PACKAGES="g++-mingw-w64-ucrt64 nsis"
+export RUN_UNIT_TESTS=false
 export RUN_FUNCTIONAL_TESTS=false
 export GOAL="deploy"
-export BITCOIN_CONFIG="-DREDUCE_EXPORTS=ON -DBUILD_GUI_TESTS=OFF \
--DCMAKE_CXX_FLAGS='-Wno-error=maybe-uninitialized -Wno-error=array-bounds'"
+export BITCOIN_CONFIG="\
+  --preset=dev-mode \
+  -DENABLE_IPC=OFF \
+  -DWITH_USDT=OFF \
+  -DREDUCE_EXPORTS=ON \
+  -DCMAKE_CXX_FLAGS='-Wno-error=maybe-uninitialized' \
+"

ci/test/00_setup_env_win64_msvcrt.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2019-present The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+export LC_ALL=C.UTF-8
+
+export CONTAINER_NAME=ci_win64_msvcrt
+export CI_IMAGE_NAME_TAG="mirror.gcr.io/debian:trixie"  # Check that https://packages.debian.org/trixie/g++-mingw-w64-x86-64-posix (version 14.x, similar to guix) can cross-compile
+export HOST=x86_64-w64-mingw32
+export PACKAGES="g++-mingw-w64-x86-64-posix nsis"
+export RUN_UNIT_TESTS=false
+export RUN_FUNCTIONAL_TESTS=false
+export GOAL="deploy"
+export BITCOIN_CONFIG="\
+  --preset=dev-mode \
+  -DENABLE_IPC=OFF \
+  -DWITH_USDT=OFF \
+  -DREDUCE_EXPORTS=ON \
+  -DCMAKE_CXX_FLAGS='-Wno-error=maybe-uninitialized' \
+"

ci/test/01_base_install.sh

@@ -6,11 +6,11 @@
 
 export LC_ALL=C.UTF-8
 
-set -ex
+set -o errexit -o pipefail -o xtrace
 
-CFG_DONE="ci.base-install-done"  # Use a global git setting to remember whether this script ran to avoid running it twice
+CFG_DONE="${BASE_ROOT_DIR}/ci.base-install-done"  # Use a global setting to remember whether this script ran to avoid running it twice
 
-if [ "$(git config --global ${CFG_DONE})" == "true" ]; then
+if [ "$( cat "${CFG_DONE}" || true )" == "done" ]; then
   echo "Skip base install"
   exit 0
 fi
@@ -32,15 +32,23 @@ if [ -n "${APT_LLVM_V}" ]; then
   )
 fi
 
-if [[ $CI_IMAGE_NAME_TAG == *centos* ]]; then
-  bash -c "dnf -y install epel-release"
-  bash -c "dnf -y --allowerasing install $CI_BASE_PACKAGES $PACKAGES"
+if [[ $CI_IMAGE_NAME_TAG == *alpine* ]]; then
+  ${CI_RETRY_EXE} apk update
+  # shellcheck disable=SC2086
+  ${CI_RETRY_EXE} apk add --no-cache $CI_BASE_PACKAGES $PACKAGES
 elif [ "$CI_OS_NAME" != "macos" ]; then
   if [[ -n "${APPEND_APT_SOURCES_LIST}" ]]; then
     echo "${APPEND_APT_SOURCES_LIST}" >> /etc/apt/sources.list
   fi
   ${CI_RETRY_EXE} apt-get update
-  ${CI_RETRY_EXE} bash -c "apt-get install --no-install-recommends --no-upgrade -y $PACKAGES $CI_BASE_PACKAGES"
+  # shellcheck disable=SC2086
+  ${CI_RETRY_EXE} apt-get install --no-install-recommends --no-upgrade -y $PACKAGES $CI_BASE_PACKAGES
+fi
+
+if [ -n "${APT_LLVM_V}" ]; then
+  update-alternatives --install /usr/bin/clang++ clang++ "/usr/bin/clang++-${APT_LLVM_V}" 100
+  update-alternatives --install /usr/bin/clang clang "/usr/bin/clang-${APT_LLVM_V}" 100
+  update-alternatives --install /usr/bin/llvm-symbolizer llvm-symbolizer "/usr/bin/llvm-symbolizer-${APT_LLVM_V}" 100
 fi
 
 if [ -n "$PIP_PACKAGES" ]; then
@@ -48,27 +56,13 @@ if [ -n "$PIP_PACKAGES" ]; then
   ${CI_RETRY_EXE} pip3 install --user $PIP_PACKAGES
 fi
 
-if [[ ${USE_MEMORY_SANITIZER} == "true" ]]; then
-  ${CI_RETRY_EXE} git clone --depth=1 https://github.com/llvm/llvm-project -b "llvmorg-20.1.0" /msan/llvm-project
+if [[ -n "${USE_INSTRUMENTED_LIBCPP}" ]]; then
+  ${CI_RETRY_EXE} git clone --depth=1 https://github.com/llvm/llvm-project -b "llvmorg-21.1.5" /llvm-project
 
-  cmake -G Ninja -B /msan/clang_build/ \
-    -DLLVM_ENABLE_PROJECTS="clang" \
-    -DCMAKE_BUILD_TYPE=Release \
-    -DLLVM_TARGETS_TO_BUILD=Native \
-    -DLLVM_ENABLE_RUNTIMES="compiler-rt;libcxx;libcxxabi;libunwind" \
-    -S /msan/llvm-project/llvm
-
-  ninja -C /msan/clang_build/ "$MAKEJOBS"
-  ninja -C /msan/clang_build/ install-runtimes
-
-  update-alternatives --install /usr/bin/clang++ clang++ /msan/clang_build/bin/clang++ 100
-  update-alternatives --install /usr/bin/clang clang /msan/clang_build/bin/clang 100
-  update-alternatives --install /usr/bin/llvm-symbolizer llvm-symbolizer /msan/clang_build/bin/llvm-symbolizer 100
-
-  cmake -G Ninja -B /msan/cxx_build/ \
+  cmake -G Ninja -B /cxx_build/ \
     -DLLVM_ENABLE_RUNTIMES="libcxx;libcxxabi;libunwind" \
     -DCMAKE_BUILD_TYPE=Release \
-    -DLLVM_USE_SANITIZER=MemoryWithOrigins \
+    -DLLVM_USE_SANITIZER="${USE_INSTRUMENTED_LIBCPP}" \
     -DCMAKE_C_COMPILER=clang \
     -DCMAKE_CXX_COMPILER=clang++ \
     -DLLVM_TARGETS_TO_BUILD=Native \
@@ -76,17 +70,18 @@ if [[ ${USE_MEMORY_SANITIZER} == "true" ]]; then
     -DLIBCXXABI_USE_LLVM_UNWINDER=OFF \
     -DLIBCXX_ABI_DEFINES="_LIBCPP_ABI_BOUNDED_ITERATORS;_LIBCPP_ABI_BOUNDED_ITERATORS_IN_STD_ARRAY;_LIBCPP_ABI_BOUNDED_ITERATORS_IN_STRING;_LIBCPP_ABI_BOUNDED_ITERATORS_IN_VECTOR;_LIBCPP_ABI_BOUNDED_UNIQUE_PTR" \
     -DLIBCXX_HARDENING_MODE=debug \
-    -S /msan/llvm-project/runtimes
+    -S /llvm-project/runtimes
 
-  ninja -C /msan/cxx_build/ "$MAKEJOBS"
+  ninja -C /cxx_build/ "$MAKEJOBS"
 
   # Clear no longer needed source folder
-  du -sh /msan/llvm-project
-  rm -rf /msan/llvm-project
+  du -sh /llvm-project
+  rm -rf /llvm-project
 fi
 
-if [[ "${RUN_TIDY}" == "true" ]]; then
+if [[ "${RUN_IWYU}" == true ]]; then
   ${CI_RETRY_EXE} git clone --depth=1 https://github.com/include-what-you-use/include-what-you-use -b clang_"${TIDY_LLVM_V}" /include-what-you-use
+  (cd /include-what-you-use && patch -p1 < /ci_container_base/ci/test/01_iwyu.patch)
   cmake -B /iwyu-build/ -G 'Unix Makefiles' -DCMAKE_PREFIX_PATH=/usr/lib/llvm-"${TIDY_LLVM_V}" -S /include-what-you-use
   make -C /iwyu-build/ install "$MAKEJOBS"
 fi
@@ -96,7 +91,7 @@ mkdir -p "${DEPENDS_DIR}/SDKs" "${DEPENDS_DIR}/sdk-sources"
 OSX_SDK_BASENAME="Xcode-${XCODE_VERSION}-${XCODE_BUILD_ID}-extracted-SDK-with-libcxx-headers"
 
 if [ -n "$XCODE_VERSION" ] && [ ! -d "${DEPENDS_DIR}/SDKs/${OSX_SDK_BASENAME}" ]; then
-  OSX_SDK_FILENAME="${OSX_SDK_BASENAME}.tar.gz"
+  OSX_SDK_FILENAME="${OSX_SDK_BASENAME}.tar"
   OSX_SDK_PATH="${DEPENDS_DIR}/sdk-sources/${OSX_SDK_FILENAME}"
   if [ ! -f "$OSX_SDK_PATH" ]; then
     ${CI_RETRY_EXE} curl --location --fail "${SDK_URL}/${OSX_SDK_FILENAME}" -o "$OSX_SDK_PATH"
@@ -104,4 +99,4 @@ if [ -n "$XCODE_VERSION" ] && [ ! -d "${DEPENDS_DIR}/SDKs/${OSX_SDK_BASENAME}" ]
   tar -C "${DEPENDS_DIR}/SDKs" -xf "$OSX_SDK_PATH"
 fi
 
-git config --global ${CFG_DONE} "true"
+echo -n "done" > "${CFG_DONE}"

ci/test/01_iwyu.patch

@@ -0,0 +1,600 @@
+Prefer angled brackets over quotes for include directives.
+See: https://en.cppreference.com/w/cpp/preprocessor/include.html.
+
+--- a/iwyu_path_util.cc
++++ b/iwyu_path_util.cc
+@@ -211,7 +211,7 @@ bool IsQuotedInclude(const string& s) {
+ }
+
+ string AddQuotes(string include_name, bool angled) {
+-  if (angled) {
++  if (true) {
+       return "<" + include_name + ">";
+   }
+   return "\"" + include_name + "\"";
+
+
+Prefer C++ headers over C counterparts.
+See: https://github.com/include-what-you-use/include-what-you-use/blob/clang_21/iwyu_include_picker.cc#L587-L629.
+
+--- a/iwyu_include_picker.cc
++++ b/iwyu_include_picker.cc
+@@ -100,20 +100,20 @@ const IncludeMapEntry libc_symbol_map[] = {
+   // equal.  The visibility on the symbol-name is ignored; by convention
+   // we always set it to kPrivate.
+   { "_POSIX_VDISABLE", kPrivate, "<unistd.h>", kPublic },
+-  { "abort", kPrivate, "<stdlib.h>", kPublic },
++  { "abort", kPrivate, "<stdlib.h>", kPrivate },
+   { "aiocb", kPrivate, "<aio.h>", kPublic },
+   { "blkcnt_t", kPrivate, "<sys/types.h>", kPublic },
+   { "blksize_t", kPrivate, "<sys/types.h>", kPublic },
+   { "cc_t", kPrivate, "<termios.h>", kPublic },
+-  { "clock_t", kPrivate, "<time.h>", kPublic },
++  { "clock_t", kPrivate, "<time.h>", kPrivate },
+   { "clock_t", kPrivate, "<sys/types.h>", kPublic },
+   { "clockid_t", kPrivate, "<sys/types.h>", kPublic },
+-  { "ctermid", kPrivate, "<stdio.h>", kPublic },
++  { "ctermid", kPrivate, "<stdio.h>", kPrivate },
+   { "daddr_t", kPrivate, "<sys/types.h>", kPublic },
+   { "dev_t", kPrivate, "<sys/types.h>", kPublic },
+-  { "div_t", kPrivate, "<stdlib.h>", kPublic },
+-  { "double_t", kPrivate, "<math.h>", kPublic },
+-  { "error_t", kPrivate, "<errno.h>", kPublic },
++  { "div_t", kPrivate, "<stdlib.h>", kPrivate },
++  { "double_t", kPrivate, "<math.h>", kPrivate },
++  { "error_t", kPrivate, "<errno.h>", kPrivate },
+   { "error_t", kPrivate, "<argp.h>", kPublic },
+   { "error_t", kPrivate, "<argz.h>", kPublic },
+   { "FD_CLR", kPrivate, "<sys/select.h>", kPublic },
+@@ -122,10 +122,10 @@ const IncludeMapEntry libc_symbol_map[] = {
+   { "fd_set", kPrivate, "<sys/select.h>", kPublic },
+   { "FD_SETSIZE", kPrivate, "<sys/select.h>", kPublic },
+   { "FD_ZERO", kPrivate, "<sys/select.h>", kPublic },
+-  { "fenv_t", kPrivate, "<fenv.h>", kPublic },
+-  { "fexcept_t", kPrivate, "<fenv.h>", kPublic },
+-  { "FILE", kPrivate, "<stdio.h>", kPublic },
+-  { "float_t", kPrivate, "<math.h>", kPublic },
++  { "fenv_t", kPrivate, "<fenv.h>", kPrivate },
++  { "fexcept_t", kPrivate, "<fenv.h>", kPrivate },
++  { "FILE", kPrivate, "<stdio.h>", kPrivate },
++  { "float_t", kPrivate, "<math.h>", kPrivate },
+   { "fsblkcnt_t", kPrivate, "<sys/types.h>", kPublic },
+   { "fsfilcnt_t", kPrivate, "<sys/types.h>", kPublic },
+   { "getopt", kPrivate, "<unistd.h>", kPublic },
+@@ -135,31 +135,31 @@ const IncludeMapEntry libc_symbol_map[] = {
+   { "in_addr_t", kPrivate, "<netinet/in.h>", kPublic },
+   { "in_port_t", kPrivate, "<netinet/in.h>", kPublic },
+   { "id_t", kPrivate, "<sys/types.h>", kPublic },
+-  { "imaxdiv_t", kPrivate, "<inttypes.h>", kPublic },
+-  { "intmax_t", kPrivate, "<stdint.h>", kPublic },
+-  { "uintmax_t", kPrivate, "<stdint.h>", kPublic },
++  { "imaxdiv_t", kPrivate, "<inttypes.h>", kPrivate },
++  { "intmax_t", kPrivate, "<stdint.h>", kPrivate },
++  { "uintmax_t", kPrivate, "<stdint.h>", kPrivate },
+   { "ino64_t", kPrivate, "<sys/types.h>", kPublic },
+   { "ino_t", kPrivate, "<sys/types.h>", kPublic },
+-  { "int8_t", kPrivate, "<stdint.h>", kPublic },
+-  { "int16_t", kPrivate, "<stdint.h>", kPublic },
+-  { "int32_t", kPrivate, "<stdint.h>", kPublic },
+-  { "int64_t", kPrivate, "<stdint.h>", kPublic },
+-  { "uint8_t", kPrivate, "<stdint.h>", kPublic },
+-  { "uint16_t", kPrivate, "<stdint.h>", kPublic },
+-  { "uint32_t", kPrivate, "<stdint.h>", kPublic },
+-  { "uint64_t", kPrivate, "<stdint.h>", kPublic },
+-  { "intptr_t", kPrivate, "<stdint.h>", kPublic },
+-  { "uintptr_t", kPrivate, "<stdint.h>", kPublic },
++  { "int8_t", kPrivate, "<stdint.h>", kPrivate },
++  { "int16_t", kPrivate, "<stdint.h>", kPrivate },
++  { "int32_t", kPrivate, "<stdint.h>", kPrivate },
++  { "int64_t", kPrivate, "<stdint.h>", kPrivate },
++  { "uint8_t", kPrivate, "<stdint.h>", kPrivate },
++  { "uint16_t", kPrivate, "<stdint.h>", kPrivate },
++  { "uint32_t", kPrivate, "<stdint.h>", kPrivate },
++  { "uint64_t", kPrivate, "<stdint.h>", kPrivate },
++  { "intptr_t", kPrivate, "<stdint.h>", kPrivate },
++  { "uintptr_t", kPrivate, "<stdint.h>", kPrivate },
+   { "iovec", kPrivate, "<sys/uio.h>", kPublic },
+-  { "itimerspec", kPrivate, "<time.h>", kPublic },
++  { "itimerspec", kPrivate, "<time.h>", kPrivate },
+   { "key_t", kPrivate, "<sys/types.h>", kPublic },
+-  { "L_ctermid", kPrivate, "<stdio.h>", kPublic },
+-  { "lconv", kPrivate, "<locale.h>", kPublic },
+-  { "ldiv_t", kPrivate, "<stdlib.h>", kPublic },
+-  { "lldiv_t", kPrivate, "<stdlib.h>", kPublic },
+-  { "locale_t", kPrivate, "<locale.h>", kPublic },
+-  { "max_align_t", kPrivate, "<stddef.h>", kPublic },
+-  { "mbstate_t", kPrivate, "<wchar.h>", kPublic },
++  { "L_ctermid", kPrivate, "<stdio.h>", kPrivate },
++  { "lconv", kPrivate, "<locale.h>", kPrivate },
++  { "ldiv_t", kPrivate, "<stdlib.h>", kPrivate },
++  { "lldiv_t", kPrivate, "<stdlib.h>", kPrivate },
++  { "locale_t", kPrivate, "<locale.h>", kPrivate },
++  { "max_align_t", kPrivate, "<stddef.h>", kPrivate },
++  { "mbstate_t", kPrivate, "<wchar.h>", kPrivate },
+   { "mcontext_t", kPrivate, "<ucontext.h>", kPublic },
+   { "mode_t", kPrivate, "<sys/types.h>", kPublic },
+   { "nl_item", kPrivate, "<nl_types.h>", kPublic },
+@@ -175,8 +175,8 @@ const IncludeMapEntry libc_symbol_map[] = {
+   { "optind", kPrivate, "<unistd.h>", kPublic },
+   { "optopt", kPrivate, "<unistd.h>", kPublic },
+   { "pid_t", kPrivate, "<sys/types.h>", kPublic },
+-  { "posix_memalign", kPrivate, "<stdlib.h>", kPublic },
+-  { "printf", kPrivate, "<stdio.h>", kPublic },
++  { "posix_memalign", kPrivate, "<stdlib.h>", kPrivate },
++  { "printf", kPrivate, "<stdio.h>", kPrivate },
+   { "pthread_attr_t", kPrivate, "<pthread.h>", kPublic },
+   { "pthread_cond_t", kPrivate, "<pthread.h>", kPublic },
+   { "pthread_condattr_t", kPrivate, "<pthread.h>", kPublic },
+@@ -187,7 +187,7 @@ const IncludeMapEntry libc_symbol_map[] = {
+   { "pthread_rwlock_t", kPrivate, "<pthread.h>", kPublic },
+   { "pthread_rwlockattr_t", kPrivate, "<pthread.h>", kPublic },
+   { "pthread_t", kPrivate, "<pthread.h>", kPublic },
+-  { "ptrdiff_t", kPrivate, "<stddef.h>", kPublic },
++  { "ptrdiff_t", kPrivate, "<stddef.h>", kPrivate },
+   { "regex_t", kPrivate, "<regex.h>", kPublic },
+   { "regmatch_t", kPrivate, "<regex.h>", kPublic },
+   { "regoff_t", kPrivate, "<regex.h>", kPublic },
+@@ -218,51 +218,51 @@ const IncludeMapEntry libc_symbol_map[] = {
+   { "SCHED_FIFO", kPrivate, "<sched.h>", kPublic },
+   { "SCHED_OTHER", kPrivate, "<sched.h>", kPublic },
+   { "SCHED_RR", kPrivate, "<sched.h>", kPublic },
+-  { "SEEK_CUR", kPrivate, "<stdio.h>", kPublic },
+-  { "SEEK_END", kPrivate, "<stdio.h>", kPublic },
+-  { "SEEK_SET", kPrivate, "<stdio.h>", kPublic },
+-  { "sig_atomic_t", kPrivate, "<signal.h>", kPublic },
+-  { "sigevent", kPrivate, "<signal.h>", kPublic },
+-  { "siginfo_t", kPrivate, "<signal.h>", kPublic },
+-  { "sigset_t", kPrivate, "<signal.h>", kPublic },
+-  { "sigval", kPrivate, "<signal.h>", kPublic },
++  { "SEEK_CUR", kPrivate, "<stdio.h>", kPrivate },
++  { "SEEK_END", kPrivate, "<stdio.h>", kPrivate },
++  { "SEEK_SET", kPrivate, "<stdio.h>", kPrivate },
++  { "sig_atomic_t", kPrivate, "<signal.h>", kPrivate },
++  { "sigevent", kPrivate, "<signal.h>", kPrivate },
++  { "siginfo_t", kPrivate, "<signal.h>", kPrivate },
++  { "sigset_t", kPrivate, "<signal.h>", kPrivate },
++  { "sigval", kPrivate, "<signal.h>", kPrivate },
+   { "sockaddr", kPrivate, "<sys/socket.h>", kPublic },
+   { "socklen_t", kPrivate, "<sys/socket.h>", kPublic },
+   { "ssize_t", kPrivate, "<sys/types.h>", kPublic },
+-  { "stack_t", kPrivate, "<signal.h>", kPublic },
++  { "stack_t", kPrivate, "<signal.h>", kPrivate },
+   { "stat", kPrivate, "<sys/stat.h>", kPublic },
+   { "suseconds_t", kPrivate, "<sys/types.h>", kPublic },
+-  { "time_t", kPrivate, "<time.h>", kPublic },
++  { "time_t", kPrivate, "<time.h>", kPrivate },
+   { "time_t", kPrivate, "<sys/types.h>", kPublic },
+   { "timer_t", kPrivate, "<sys/types.h>", kPublic },
+-  { "timespec", kPrivate, "<time.h>", kPublic },
++  { "timespec", kPrivate, "<time.h>", kPrivate },
+   { "timeval", kPrivate, "<sys/time.h>", kPublic },
+-  { "tm", kPrivate, "<time.h>", kPublic },
++  { "tm", kPrivate, "<time.h>", kPrivate },
+   { "u_char", kPrivate, "<sys/types.h>", kPublic },
+   { "ucontext_t", kPrivate, "<ucontext.h>", kPublic },
+   { "uid_t", kPrivate, "<sys/types.h>", kPublic },
+   { "useconds_t", kPrivate, "<sys/types.h>", kPublic },
+-  { "wchar_t", kPrivate, "<stddef.h>", kPublic },
+-  { "wctrans_t", kPrivate, "<wctype.h>", kPublic },
+-  { "wctype_t", kPrivate, "<wctype.h>", kPublic },
++  { "wchar_t", kPrivate, "<stddef.h>", kPrivate },
++  { "wctrans_t", kPrivate, "<wctype.h>", kPrivate },
++  { "wctype_t", kPrivate, "<wctype.h>", kPrivate },
+   { "winsize", kPrivate, "<termios.h>", kPublic },
+-  { "wint_t", kPrivate, "<wchar.h>", kPublic },
++  { "wint_t", kPrivate, "<wchar.h>", kPrivate },
+   // It is unspecified if the cname headers provide ::size_t.
+   // <locale.h> is the one header which defines NULL but not size_t.
+-  { "size_t", kPrivate, "<stddef.h>", kPublic },  // 'canonical' location for size_t
+-  { "size_t", kPrivate, "<signal.h>", kPublic },
+-  { "size_t", kPrivate, "<stdio.h>", kPublic },
+-  { "size_t", kPrivate, "<stdlib.h>", kPublic },
+-  { "size_t", kPrivate, "<string.h>", kPublic },
+-  { "size_t", kPrivate, "<time.h>", kPublic },
+-  { "size_t", kPrivate, "<uchar.h>", kPublic },
+-  { "size_t", kPrivate, "<wchar.h>", kPublic },
++  { "size_t", kPrivate, "<stddef.h>", kPrivate },  // 'canonical' location for size_t
++  { "size_t", kPrivate, "<signal.h>", kPrivate },
++  { "size_t", kPrivate, "<stdio.h>", kPrivate },
++  { "size_t", kPrivate, "<stdlib.h>", kPrivate },
++  { "size_t", kPrivate, "<string.h>", kPrivate },
++  { "size_t", kPrivate, "<time.h>", kPrivate },
++  { "size_t", kPrivate, "<uchar.h>", kPrivate },
++  { "size_t", kPrivate, "<wchar.h>", kPrivate },
+   // Macros that can be defined in more than one file, don't have the
+   // same __foo_defined guard that other types do, so the grep above
+   // doesn't discover them.  Until I figure out a better way, I just
+   // add them in by hand as I discover them.
+-  { "EOF", kPrivate, "<stdio.h>", kPublic },
+-  { "FILE", kPrivate, "<stdio.h>", kPublic },
++  { "EOF", kPrivate, "<stdio.h>", kPrivate },
++  { "FILE", kPrivate, "<stdio.h>", kPrivate },
+   { "IBSHIFT", kPrivate, "<asm/termbits.h>", kPublic },
+   { "MAP_POPULATE", kPrivate, "<sys/mman.h>", kPublic },
+   { "MAP_POPULATE", kPrivate, "<linux/mman.h>", kPublic },
+@@ -270,22 +270,22 @@ const IncludeMapEntry libc_symbol_map[] = {
+   { "MAP_STACK", kPrivate, "<linux/mman.h>", kPublic },
+   { "MAXHOSTNAMELEN", kPrivate, "<sys/param.h>", kPublic },
+   { "MAXHOSTNAMELEN", kPrivate, "<protocols/timed.h>", kPublic },
+-  { "SIGABRT", kPrivate, "<signal.h>", kPublic },
+-  { "SIGCHLD", kPrivate, "<signal.h>", kPublic },
+-  { "va_arg", kPrivate, "<stdarg.h>", kPublic },
+-  { "va_copy", kPrivate, "<stdarg.h>", kPublic },
+-  { "va_end", kPrivate, "<stdarg.h>", kPublic },
+-  { "va_list", kPrivate, "<stdarg.h>", kPublic },
+-  { "va_start", kPrivate, "<stdarg.h>", kPublic },
+-  { "WEOF", kPrivate, "<wchar.h>", kPublic },
++  { "SIGABRT", kPrivate, "<signal.h>", kPrivate },
++  { "SIGCHLD", kPrivate, "<signal.h>", kPrivate },
++  { "va_arg", kPrivate, "<stdarg.h>", kPrivate },
++  { "va_copy", kPrivate, "<stdarg.h>", kPrivate },
++  { "va_end", kPrivate, "<stdarg.h>", kPrivate },
++  { "va_list", kPrivate, "<stdarg.h>", kPrivate },
++  { "va_start", kPrivate, "<stdarg.h>", kPrivate },
++  { "WEOF", kPrivate, "<wchar.h>", kPrivate },
+   // These are symbols that could be defined in either stdlib.h or
+   // malloc.h, but we always want the stdlib location.
+-  { "malloc", kPrivate, "<stdlib.h>", kPublic },
+-  { "calloc", kPrivate, "<stdlib.h>", kPublic },
+-  { "realloc", kPrivate, "<stdlib.h>", kPublic },
+-  { "free", kPrivate, "<stdlib.h>", kPublic },
++  { "malloc", kPrivate, "<stdlib.h>", kPrivate },
++  { "calloc", kPrivate, "<stdlib.h>", kPrivate },
++  { "realloc", kPrivate, "<stdlib.h>", kPrivate },
++  { "free", kPrivate, "<stdlib.h>", kPrivate },
+   // Entries for NULL
+-  { "NULL", kPrivate, "<stddef.h>", kPublic },  // 'canonical' location for NULL
++  { "NULL", kPrivate, "<stddef.h>", kPrivate },  // 'canonical' location for NULL
+   { "NULL", kPrivate, "<clocale>", kPublic },
+   { "NULL", kPrivate, "<cstddef>", kPublic },
+   { "NULL", kPrivate, "<cstdio>", kPublic },
+@@ -293,13 +293,13 @@ const IncludeMapEntry libc_symbol_map[] = {
+   { "NULL", kPrivate, "<cstring>", kPublic },
+   { "NULL", kPrivate, "<ctime>", kPublic },
+   { "NULL", kPrivate, "<cwchar>", kPublic },
+-  { "NULL", kPrivate, "<locale.h>", kPublic },
+-  { "NULL", kPrivate, "<stdio.h>", kPublic },
+-  { "NULL", kPrivate, "<stdlib.h>", kPublic },
+-  { "NULL", kPrivate, "<string.h>", kPublic },
+-  { "NULL", kPrivate, "<time.h>", kPublic },
+-  { "NULL", kPrivate, "<wchar.h>", kPublic },
+-  { "offsetof", kPrivate, "<stddef.h>", kPublic },
++  { "NULL", kPrivate, "<locale.h>", kPrivate },
++  { "NULL", kPrivate, "<stdio.h>", kPrivate },
++  { "NULL", kPrivate, "<stdlib.h>", kPrivate },
++  { "NULL", kPrivate, "<string.h>", kPrivate },
++  { "NULL", kPrivate, "<time.h>", kPrivate },
++  { "NULL", kPrivate, "<wchar.h>", kPrivate },
++  { "offsetof", kPrivate, "<stddef.h>", kPrivate },
+ };
+ 
+ // Common kludges for C++ standard libraries
+@@ -355,7 +355,7 @@ const IncludeMapEntry libc_include_map[] = {
+   { "<bits/a.out.h>", kPrivate, "<a.out.h>", kPublic },
+   { "<bits/auxv.h>", kPrivate, "<sys/auxv.h>", kPublic },
+   { "<bits/byteswap.h>", kPrivate, "<byteswap.h>", kPublic },
+-  { "<bits/cmathcalls.h>", kPrivate, "<complex.h>", kPublic },
++  { "<bits/cmathcalls.h>", kPrivate, "<complex.h>", kPrivate },
+   { "<bits/confname.h>", kPrivate, "<unistd.h>", kPublic },
+   { "<bits/dirent.h>", kPrivate, "<dirent.h>", kPublic },
+   { "<bits/dlfcn.h>", kPrivate, "<dlfcn.h>", kPublic },
+@@ -363,18 +363,18 @@ const IncludeMapEntry libc_include_map[] = {
+   { "<bits/endian.h>", kPrivate, "<endian.h>", kPublic },
+   { "<bits/environments.h>", kPrivate, "<unistd.h>", kPublic },
+   { "<bits/epoll.h>", kPrivate, "<sys/epoll.h>", kPublic },
+-  { "<bits/errno.h>", kPrivate, "<errno.h>", kPublic },
++  { "<bits/errno.h>", kPrivate, "<errno.h>", kPrivate },
+   { "<bits/error.h>", kPrivate, "<error.h>", kPublic },
+   { "<bits/eventfd.h>", kPrivate, "<sys/eventfd.h>", kPublic },
+   { "<bits/fcntl.h>", kPrivate, "<fcntl.h>", kPublic },
+   { "<bits/fcntl2.h>", kPrivate, "<fcntl.h>", kPublic },
+-  { "<bits/fenv.h>", kPrivate, "<fenv.h>", kPublic },
+-  { "<bits/fenvinline.h>", kPrivate, "<fenv.h>", kPublic },
+-  { "<bits/huge_val.h>", kPrivate, "<math.h>", kPublic },
+-  { "<bits/huge_valf.h>", kPrivate, "<math.h>", kPublic },
+-  { "<bits/huge_vall.h>", kPrivate, "<math.h>", kPublic },
++  { "<bits/fenv.h>", kPrivate, "<fenv.h>", kPrivate },
++  { "<bits/fenvinline.h>", kPrivate, "<fenv.h>", kPrivate },
++  { "<bits/huge_val.h>", kPrivate, "<math.h>", kPrivate },
++  { "<bits/huge_valf.h>", kPrivate, "<math.h>", kPrivate },
++  { "<bits/huge_vall.h>", kPrivate, "<math.h>", kPrivate },
+   { "<bits/hwcap.h>", kPrivate, "<sys/auxv.h>", kPublic },
+-  { "<bits/inf.h>", kPrivate, "<math.h>", kPublic },
++  { "<bits/inf.h>", kPrivate, "<math.h>", kPrivate },
+   { "<bits/inotify.h>", kPrivate, "<sys/inotify.h>", kPublic },
+   { "<bits/ioctl-types.h>", kPrivate, "<sys/ioctl.h>", kPublic },
+   { "<bits/ioctls.h>", kPrivate, "<sys/ioctl.h>", kPublic },
+@@ -382,24 +382,24 @@ const IncludeMapEntry libc_include_map[] = {
+   { "<bits/ipctypes.h>", kPrivate, "<sys/ipc.h>", kPublic },
+   { "<bits/libio-ldbl.h>", kPrivate, "<libio.h>", kPublic },
+   { "<bits/link.h>", kPrivate, "<link.h>", kPublic },
+-  { "<bits/locale.h>", kPrivate, "<locale.h>", kPublic },
+-  { "<bits/math-finite.h>", kPrivate, "<math.h>", kPublic },
+-  { "<bits/mathcalls.h>", kPrivate, "<math.h>", kPublic },
+-  { "<bits/mathdef.h>", kPrivate, "<math.h>", kPublic },
+-  { "<bits/mathinline.h>", kPrivate, "<math.h>", kPublic },
++  { "<bits/locale.h>", kPrivate, "<locale.h>", kPrivate },
++  { "<bits/math-finite.h>", kPrivate, "<math.h>", kPrivate },
++  { "<bits/mathcalls.h>", kPrivate, "<math.h>", kPrivate },
++  { "<bits/mathdef.h>", kPrivate, "<math.h>", kPrivate },
++  { "<bits/mathinline.h>", kPrivate, "<math.h>", kPrivate },
+   { "<bits/mman.h>", kPrivate, "<sys/mman.h>", kPublic },
+   { "<bits/mman-shared.h>", kPrivate, "<sys/mman.h>", kPublic },
+   { "<bits/monetary-ldbl.h>", kPrivate, "<monetary.h>", kPublic },
+   { "<bits/mqueue.h>", kPrivate, "<mqueue.h>", kPublic },
+   { "<bits/mqueue2.h>", kPrivate, "<mqueue.h>", kPublic },
+   { "<bits/msq.h>", kPrivate, "<sys/msg.h>", kPublic },
+-  { "<bits/nan.h>", kPrivate, "<math.h>", kPublic },
++  { "<bits/nan.h>", kPrivate, "<math.h>", kPrivate },
+   { "<bits/netdb.h>", kPrivate, "<netdb.h>", kPublic },
+   { "<bits/param.h>", kPrivate, "<sys/param.h>", kPublic },
+   { "<bits/poll.h>", kPrivate, "<sys/poll.h>", kPrivate },
+   { "<bits/poll2.h>", kPrivate, "<sys/poll.h>", kPrivate },
+-  { "<bits/posix1_lim.h>", kPrivate, "<limits.h>", kPublic },
+-  { "<bits/posix2_lim.h>", kPrivate, "<limits.h>", kPublic },
++  { "<bits/posix1_lim.h>", kPrivate, "<limits.h>", kPrivate },
++  { "<bits/posix2_lim.h>", kPrivate, "<limits.h>", kPrivate },
+   { "<bits/posix_opt.h>", kPrivate, "<unistd.h>", kPublic },
+   { "<bits/printf-ldbl.h>", kPrivate, "<printf.h>", kPublic },
+   { "<bits/pthreadtypes.h>", kPrivate, "<pthread.h>", kPublic },
+@@ -409,17 +409,17 @@ const IncludeMapEntry libc_include_map[] = {
+   { "<bits/select2.h>", kPrivate, "<sys/select.h>", kPublic },
+   { "<bits/sem.h>", kPrivate, "<sys/sem.h>", kPublic },
+   { "<bits/semaphore.h>", kPrivate, "<semaphore.h>", kPublic },
+-  { "<bits/setjmp.h>", kPrivate, "<setjmp.h>", kPublic },
+-  { "<bits/setjmp2.h>", kPrivate, "<setjmp.h>", kPublic },
++  { "<bits/setjmp.h>", kPrivate, "<setjmp.h>", kPrivate },
++  { "<bits/setjmp2.h>", kPrivate, "<setjmp.h>", kPrivate },
+   { "<bits/shm.h>", kPrivate, "<sys/shm.h>", kPublic },
+-  { "<bits/sigaction.h>", kPrivate, "<signal.h>", kPublic },
+-  { "<bits/sigcontext.h>", kPrivate, "<signal.h>", kPublic },
+-  { "<bits/siginfo.h>", kPrivate, "<signal.h>", kPublic },
+-  { "<bits/signum.h>", kPrivate, "<signal.h>", kPublic },
+-  { "<bits/signum-arch.h>", kPrivate, "<signal.h>", kPublic },
+-  { "<bits/sigset.h>", kPrivate, "<signal.h>", kPublic },
+-  { "<bits/sigstack.h>", kPrivate, "<signal.h>", kPublic },
+-  { "<bits/sigthread.h>", kPrivate, "<signal.h>", kPublic },
++  { "<bits/sigaction.h>", kPrivate, "<signal.h>", kPrivate },
++  { "<bits/sigcontext.h>", kPrivate, "<signal.h>", kPrivate },
++  { "<bits/siginfo.h>", kPrivate, "<signal.h>", kPrivate },
++  { "<bits/signum.h>", kPrivate, "<signal.h>", kPrivate },
++  { "<bits/signum-arch.h>", kPrivate, "<signal.h>", kPrivate },
++  { "<bits/sigset.h>", kPrivate, "<signal.h>", kPrivate },
++  { "<bits/sigstack.h>", kPrivate, "<signal.h>", kPrivate },
++  { "<bits/sigthread.h>", kPrivate, "<signal.h>", kPrivate },
+   { "<bits/sockaddr.h>", kPrivate, "<sys/un.h>", kPublic },
+   { "<bits/socket.h>", kPrivate, "<sys/socket.h>", kPublic },
+   { "<bits/socket2.h>", kPrivate, "<sys/socket.h>", kPublic },
+@@ -429,22 +429,22 @@ const IncludeMapEntry libc_include_map[] = {
+   { "<bits/statfs.h>", kPrivate, "<sys/statfs.h>", kPublic },
+   { "<bits/statvfs.h>", kPrivate, "<sys/statvfs.h>", kPublic },
+   { "<bits/statx-generic.h>", kPrivate, "<sys/stat.h>", kPublic },
+-  { "<bits/stdio-ldbl.h>", kPrivate, "<stdio.h>", kPublic },
++  { "<bits/stdio-ldbl.h>", kPrivate, "<stdio.h>", kPrivate },
+   { "<bits/stdio-lock.h>", kPrivate, "<libio.h>", kPublic },
+-  { "<bits/stdio.h>", kPrivate, "<stdio.h>", kPublic },
+-  { "<bits/stdio2.h>", kPrivate, "<stdio.h>", kPublic },
+-  { "<bits/stdio_lim.h>", kPrivate, "<stdio.h>", kPublic },
+-  { "<bits/stdlib-bsearch.h>", kPrivate, "<stdlib.h>", kPublic },
+-  { "<bits/stdlib-float.h>", kPrivate, "<stdlib.h>", kPublic },
+-  { "<bits/stdlib-ldbl.h>", kPrivate, "<stdlib.h>", kPublic },
+-  { "<bits/stdlib.h>", kPrivate, "<stdlib.h>", kPublic },
+-  { "<bits/string.h>", kPrivate, "<string.h>", kPublic },
+-  { "<bits/string2.h>", kPrivate, "<string.h>", kPublic },
+-  { "<bits/string3.h>", kPrivate, "<string.h>", kPublic },
++  { "<bits/stdio.h>", kPrivate, "<stdio.h>", kPrivate },
++  { "<bits/stdio2.h>", kPrivate, "<stdio.h>", kPrivate },
++  { "<bits/stdio_lim.h>", kPrivate, "<stdio.h>", kPrivate },
++  { "<bits/stdlib-bsearch.h>", kPrivate, "<stdlib.h>", kPrivate },
++  { "<bits/stdlib-float.h>", kPrivate, "<stdlib.h>", kPrivate },
++  { "<bits/stdlib-ldbl.h>", kPrivate, "<stdlib.h>", kPrivate },
++  { "<bits/stdlib.h>", kPrivate, "<stdlib.h>", kPrivate },
++  { "<bits/string.h>", kPrivate, "<string.h>", kPrivate },
++  { "<bits/string2.h>", kPrivate, "<string.h>", kPrivate },
++  { "<bits/string3.h>", kPrivate, "<string.h>", kPrivate },
+   { "<bits/stropts.h>", kPrivate, "<stropts.h>", kPublic },
+   { "<bits/struct_stat.h>", kPrivate, "<sys/stat.h>", kPublic },
+   { "<bits/struct_stat.h>", kPrivate, "<ftw.h>", kPublic },
+-  { "<bits/sys_errlist.h>", kPrivate, "<stdio.h>", kPublic },
++  { "<bits/sys_errlist.h>", kPrivate, "<stdio.h>", kPrivate },
+   { "<bits/syscall.h>", kPrivate, "<sys/syscall.h>", kPublic },
+   { "<bits/sysctl.h>", kPrivate, "<sys/sysctl.h>", kPublic },
+   { "<bits/syslog-ldbl.h>", kPrivate, "<sys/syslog.h>", kPrivate },
+@@ -459,12 +459,12 @@ const IncludeMapEntry libc_include_map[] = {
+   { "<bits/termios-struct.h>", kPrivate, "<termios.h>", kPublic },
+   { "<bits/termios-tcflow.h>", kPrivate, "<termios.h>", kPublic },
+   { "<bits/termios.h>", kPrivate, "<termios.h>", kPublic },
+-  { "<bits/time.h>", kPrivate, "<time.h>", kPublic },
++  { "<bits/time.h>", kPrivate, "<time.h>", kPrivate },
+   { "<bits/time.h>", kPrivate, "<sys/time.h>", kPublic },
+   { "<bits/timerfd.h>", kPrivate, "<sys/timerfd.h>", kPublic },
+   { "<bits/timex.h>", kPrivate, "<sys/timex.h>", kPublic },
+   { "<bits/types.h>", kPrivate, "<sys/types.h>", kPublic },
+-  { "<bits/types/siginfo_t.h>", kPrivate, "<signal.h>", kPublic },
++  { "<bits/types/siginfo_t.h>", kPrivate, "<signal.h>", kPrivate },
+   { "<bits/types/siginfo_t.h>", kPrivate, "<sys/wait.h>", kPublic },
+   { "<bits/uio.h>", kPrivate, "<sys/uio.h>", kPublic },
+   { "<bits/unistd.h>", kPrivate, "<unistd.h>", kPublic },
+@@ -474,11 +474,11 @@ const IncludeMapEntry libc_include_map[] = {
+   { "<bits/utsname.h>", kPrivate, "<sys/utsname.h>", kPublic },
+   { "<bits/waitflags.h>", kPrivate, "<sys/wait.h>", kPublic },
+   { "<bits/waitstatus.h>", kPrivate, "<sys/wait.h>", kPublic },
+-  { "<bits/wchar-ldbl.h>", kPrivate, "<wchar.h>", kPublic },
+-  { "<bits/wchar.h>", kPrivate, "<wchar.h>", kPublic },
+-  { "<bits/wchar2.h>", kPrivate, "<wchar.h>", kPublic },
+-  { "<bits/wordsize.h>", kPrivate, "<limits.h>", kPublic },
+-  { "<bits/xopen_lim.h>", kPrivate, "<limits.h>", kPublic },
++  { "<bits/wchar-ldbl.h>", kPrivate, "<wchar.h>", kPrivate },
++  { "<bits/wchar.h>", kPrivate, "<wchar.h>", kPrivate },
++  { "<bits/wchar2.h>", kPrivate, "<wchar.h>", kPrivate },
++  { "<bits/wordsize.h>", kPrivate, "<limits.h>", kPrivate },
++  { "<bits/xopen_lim.h>", kPrivate, "<limits.h>", kPrivate },
+   { "<bits/xtitypes.h>", kPrivate, "<stropts.h>", kPublic },
+   // Sometimes libc tells you what mapping to do via an '#error':
+   // # error "Never use <bits/dlfcn.h> directly; include <dlfcn.h> instead."
+@@ -488,7 +488,7 @@ const IncludeMapEntry libc_include_map[] = {
+   { "<bits/a.out.h>", kPrivate, "<a.out.h>", kPublic },
+   { "<bits/byteswap-16.h>", kPrivate, "<byteswap.h>", kPublic },
+   { "<bits/byteswap.h>", kPrivate, "<byteswap.h>", kPublic },
+-  { "<bits/cmathcalls.h>", kPrivate, "<complex.h>", kPublic },
++  { "<bits/cmathcalls.h>", kPrivate, "<complex.h>", kPrivate },
+   { "<bits/confname.h>", kPrivate, "<unistd.h>", kPublic },
+   { "<bits/dirent.h>", kPrivate, "<dirent.h>", kPublic },
+   { "<bits/dlfcn.h>", kPrivate, "<dlfcn.h>", kPublic },
+@@ -498,38 +498,38 @@ const IncludeMapEntry libc_include_map[] = {
+   { "<bits/eventfd.h>", kPrivate, "<sys/eventfd.h>", kPublic },
+   { "<bits/fcntl-linux.h>", kPrivate, "<fcntl.h>", kPublic },
+   { "<bits/fcntl.h>", kPrivate, "<fcntl.h>", kPublic },
+-  { "<bits/fenv.h>", kPrivate, "<fenv.h>", kPublic },
+-  { "<bits/huge_val.h>", kPrivate, "<math.h>", kPublic },
+-  { "<bits/huge_valf.h>", kPrivate, "<math.h>", kPublic },
+-  { "<bits/huge_vall.h>", kPrivate, "<math.h>", kPublic },
++  { "<bits/fenv.h>", kPrivate, "<fenv.h>", kPrivate },
++  { "<bits/huge_val.h>", kPrivate, "<math.h>", kPrivate },
++  { "<bits/huge_valf.h>", kPrivate, "<math.h>", kPrivate },
++  { "<bits/huge_vall.h>", kPrivate, "<math.h>", kPrivate },
+   { "<bits/in.h>", kPrivate, "<netinet/in.h>", kPublic },
+-  { "<bits/inf.h>", kPrivate, "<math.h>", kPublic },
++  { "<bits/inf.h>", kPrivate, "<math.h>", kPrivate },
+   { "<bits/inotify.h>", kPrivate, "<sys/inotify.h>", kPublic },
+   { "<bits/ioctl-types.h>", kPrivate, "<sys/ioctl.h>", kPublic },
+   { "<bits/ioctls.h>", kPrivate, "<sys/ioctl.h>", kPublic },
+   { "<bits/ipc.h>", kPrivate, "<sys/ipc.h>", kPublic },
+   { "<bits/ipctypes.h>", kPrivate, "<sys/ipc.h>", kPublic },
+-  { "<bits/locale.h>", kPrivate, "<locale.h>", kPublic },
+-  { "<bits/math-finite.h>", kPrivate, "<math.h>", kPublic },
+-  { "<bits/mathdef.h>", kPrivate, "<math.h>", kPublic },
+-  { "<bits/mathinline.h>", kPrivate, "<math.h>", kPublic },
++  { "<bits/locale.h>", kPrivate, "<locale.h>", kPrivate },
++  { "<bits/math-finite.h>", kPrivate, "<math.h>", kPrivate },
++  { "<bits/mathdef.h>", kPrivate, "<math.h>", kPrivate },
++  { "<bits/mathinline.h>", kPrivate, "<math.h>", kPrivate },
+   { "<bits/mman-linux.h>", kPrivate, "<sys/mman.h>", kPublic },
+   { "<bits/mman.h>", kPrivate, "<sys/mman.h>", kPublic },
+   { "<bits/mqueue.h>", kPrivate, "<mqueue.h>", kPublic },
+   { "<bits/msq.h>", kPrivate, "<sys/msg.h>", kPublic },
+-  { "<bits/nan.h>", kPrivate, "<math.h>", kPublic },
++  { "<bits/nan.h>", kPrivate, "<math.h>", kPrivate },
+   { "<bits/param.h>", kPrivate, "<sys/param.h>", kPublic },
+   { "<bits/poll.h>", kPrivate, "<sys/poll.h>", kPrivate },
+   { "<bits/predefs.h>", kPrivate, "<features.h>", kPublic },
+   { "<bits/resource.h>", kPrivate, "<sys/resource.h>", kPublic },
+   { "<bits/select.h>", kPrivate, "<sys/select.h>", kPublic },
+   { "<bits/semaphore.h>", kPrivate, "<semaphore.h>", kPublic },
+-  { "<bits/sigcontext.h>", kPrivate, "<signal.h>", kPublic },
++  { "<bits/sigcontext.h>", kPrivate, "<signal.h>", kPrivate },
+   { "<bits/signalfd.h>", kPrivate, "<sys/signalfd.h>", kPublic },
+-  { "<bits/stdlib-float.h>", kPrivate, "<stdlib.h>", kPublic },
+-  { "<bits/string.h>", kPrivate, "<string.h>", kPublic },
+-  { "<bits/string2.h>", kPrivate, "<string.h>", kPublic },
+-  { "<bits/string3.h>", kPrivate, "<string.h>", kPublic },
++  { "<bits/stdlib-float.h>", kPrivate, "<stdlib.h>", kPrivate },
++  { "<bits/string.h>", kPrivate, "<string.h>", kPrivate },
++  { "<bits/string2.h>", kPrivate, "<string.h>", kPrivate },
++  { "<bits/string3.h>", kPrivate, "<string.h>", kPrivate },
+   { "<bits/timerfd.h>", kPrivate, "<sys/timerfd.h>", kPublic },
+   { "<bits/typesizes.h>", kPrivate, "<sys/types.h>", kPublic },
+   // Top-level #includes that just forward to another file:
+@@ -541,13 +541,13 @@ const IncludeMapEntry libc_include_map[] = {
+   // on the POSIX.1-2024 list, I just choose the top-level one.
+   { "<sys/aio.h>", kPrivate, "<aio.h>", kPublic },
+   { "<sys/dirent.h>", kPrivate, "<dirent.h>", kPublic },
+-  { "<sys/errno.h>", kPrivate, "<errno.h>", kPublic },
++  { "<sys/errno.h>", kPrivate, "<errno.h>", kPrivate },
+   { "<sys/fcntl.h>", kPrivate, "<fcntl.h>", kPublic },
+   { "<sys/poll.h>", kPrivate, "<poll.h>", kPublic },
+   { "<sys/semaphore.h>", kPrivate, "<semaphore.h>", kPublic },
+-  { "<sys/signal.h>", kPrivate, "<signal.h>", kPublic },
++  { "<sys/signal.h>", kPrivate, "<signal.h>", kPrivate },
+   { "<sys/spawn.h>", kPrivate, "<spawn.h>", kPublic },
+-  { "<sys/stdio.h>", kPrivate, "<stdio.h>", kPublic },
++  { "<sys/stdio.h>", kPrivate, "<stdio.h>", kPrivate },
+   { "<sys/syslog.h>", kPrivate, "<syslog.h>", kPublic },
+   { "<sys/termios.h>", kPrivate, "<termios.h>", kPublic },
+   { "<sys/unistd.h>", kPrivate, "<unistd.h>", kPublic },
+@@ -567,21 +567,21 @@ const IncludeMapEntry libc_include_map[] = {
+   { "<asm/unistd_64.h>", kPrivate, "<asm/unistd.h>", kPrivate },
+   // I don't know what grep would have found these.  I found them
+   // via user report.
+-  { "<asm/errno.h>", kPrivate, "<errno.h>", kPublic },
+-  { "<asm/errno-base.h>", kPrivate, "<errno.h>", kPublic },
++  { "<asm/errno.h>", kPrivate, "<errno.h>", kPrivate },
++  { "<asm/errno-base.h>", kPrivate, "<errno.h>", kPrivate },
+   { "<asm/ptrace-abi.h>", kPrivate, "<asm/ptrace.h>", kPublic },
+   { "<asm/unistd.h>", kPrivate, "<sys/syscall.h>", kPublic },
+-  { "<linux/limits.h>", kPrivate, "<limits.h>", kPublic },   // PATH_MAX
++  { "<linux/limits.h>", kPrivate, "<limits.h>", kPrivate },   // PATH_MAX
+   { "<linux/prctl.h>", kPrivate, "<sys/prctl.h>", kPublic },
+   { "<sys/ucontext.h>", kPrivate, "<ucontext.h>", kPublic },
+   // System headers available on AIX, BSD, Solaris and other Unix systems
+   { "<sys/dtrace.h>", kPrivate, "<dtrace.h>", kPublic },
+   { "<sys/paths.h>", kPrivate, "<paths.h>", kPublic },
+-  { "<sys/syslimits.h>", kPrivate, "<limits.h>", kPublic },
++  { "<sys/syslimits.h>", kPrivate, "<limits.h>", kPrivate },
+   { "<sys/ttycom.h>", kPrivate, "<sys/ioctl.h>", kPublic },
+   { "<sys/ustat.h>", kPrivate, "<ustat.h>", kPublic },
+   // Exports guaranteed by the C standard
+-  { "<stdint.h>", kPublic, "<inttypes.h>", kPublic },
++  { "<stdint.h>", kPrivate, "<inttypes.h>", kPrivate },
+ };
+ 
+ const IncludeMapEntry stdlib_c_include_map[] = {
+@@ -600,32 +600,32 @@ const IncludeMapEntry stdlib_c_include_map[] = {
+   // https://github.com/cplusplus/draft/blob/c+%2B20/source/lib-intro.tex
+   //
+   // $ curl -s -N https://raw.githubusercontent.com/cplusplus/draft/c%2B%2B20/source/lib-intro.tex | sed -n '/begin{multicolfloattable}.*{headers.cpp.c}/,/end{multicolfloattable}/p' | grep tcode | perl -nle 'm/tcode{<c(.*)>}/ && print qq@  { "<$1.h>", kPublic, "<c$1>", kPublic },@' | sort
+-  { "<assert.h>", kPublic, "<cassert>", kPublic },
+-  { "<complex.h>", kPublic, "<ccomplex>", kPublic },
+-  { "<ctype.h>", kPublic, "<cctype>", kPublic },
+-  { "<errno.h>", kPublic, "<cerrno>", kPublic },
+-  { "<fenv.h>", kPublic, "<cfenv>", kPublic },
+-  { "<float.h>", kPublic, "<cfloat>", kPublic },
+-  { "<inttypes.h>", kPublic, "<cinttypes>", kPublic },
+-  { "<iso646.h>", kPublic, "<ciso646>", kPublic },
+-  { "<limits.h>", kPublic, "<climits>", kPublic },
+-  { "<locale.h>", kPublic, "<clocale>", kPublic },
+-  { "<math.h>", kPublic, "<cmath>", kPublic },
+-  { "<setjmp.h>", kPublic, "<csetjmp>", kPublic },
+-  { "<signal.h>", kPublic, "<csignal>", kPublic },
+-  { "<stdalign.h>", kPublic, "<cstdalign>", kPublic },
+-  { "<stdarg.h>", kPublic, "<cstdarg>", kPublic },
+-  { "<stdbool.h>", kPublic, "<cstdbool>", kPublic },
+-  { "<stddef.h>", kPublic, "<cstddef>", kPublic },
+-  { "<stdint.h>", kPublic, "<cstdint>", kPublic },
+-  { "<stdio.h>", kPublic, "<cstdio>", kPublic },
+-  { "<stdlib.h>", kPublic, "<cstdlib>", kPublic },
+-  { "<string.h>", kPublic, "<cstring>", kPublic },
+-  { "<tgmath.h>", kPublic, "<ctgmath>", kPublic },
+-  { "<time.h>", kPublic, "<ctime>", kPublic },
+-  { "<uchar.h>", kPublic, "<cuchar>", kPublic },
+-  { "<wchar.h>", kPublic, "<cwchar>", kPublic },
+-  { "<wctype.h>", kPublic, "<cwctype>", kPublic },
++  { "<assert.h>", kPrivate, "<cassert>", kPublic },
++  { "<complex.h>", kPrivate, "<ccomplex>", kPublic },
++  { "<ctype.h>", kPrivate, "<cctype>", kPublic },
++  { "<errno.h>", kPrivate, "<cerrno>", kPublic },
++  { "<fenv.h>", kPrivate, "<cfenv>", kPublic },
++  { "<float.h>", kPrivate, "<cfloat>", kPublic },
++  { "<inttypes.h>", kPrivate, "<cinttypes>", kPublic },
++  { "<iso646.h>", kPrivate, "<ciso646>", kPublic },
++  { "<limits.h>", kPrivate, "<climits>", kPublic },
++  { "<locale.h>", kPrivate, "<clocale>", kPublic },
++  { "<math.h>", kPrivate, "<cmath>", kPublic },
++  { "<setjmp.h>", kPrivate, "<csetjmp>", kPublic },
++  { "<signal.h>", kPrivate, "<csignal>", kPublic },
++  { "<stdalign.h>", kPrivate, "<cstdalign>", kPublic },
++  { "<stdarg.h>", kPrivate, "<cstdarg>", kPublic },
++  { "<stdbool.h>", kPrivate, "<cstdbool>", kPublic },
++  { "<stddef.h>", kPrivate, "<cstddef>", kPublic },
++  { "<stdint.h>", kPrivate, "<cstdint>", kPublic },
++  { "<stdio.h>", kPrivate, "<cstdio>", kPublic },
++  { "<stdlib.h>", kPrivate, "<cstdlib>", kPublic },
++  { "<string.h>", kPrivate, "<cstring>", kPublic },
++  { "<tgmath.h>", kPrivate, "<ctgmath>", kPublic },
++  { "<time.h>", kPrivate, "<ctime>", kPublic },
++  { "<uchar.h>", kPrivate, "<cuchar>", kPublic },
++  { "<wchar.h>", kPrivate, "<cwchar>", kPublic },
++  { "<wctype.h>", kPrivate, "<cwctype>", kPublic },
+ };
+ 
+ const char* stdlib_cpp_public_headers[] = {

ci/test/02_run_container.py

@@ -0,0 +1,192 @@
+#!/usr/bin/env python3
+# Copyright (c) The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or https://opensource.org/license/mit/.
+
+from pathlib import Path
+import os
+import shlex
+import subprocess
+import sys
+import time
+
+
+def run(cmd, **kwargs):
+    print("+ " + shlex.join(cmd), flush=True)
+    kwargs.setdefault("check", True)
+    try:
+        return subprocess.run(cmd, **kwargs)
+    except Exception as e:
+        sys.exit(e)
+
+
+def main():
+    print("Export only allowed settings:")
+    settings = run(
+        ["bash", "-c", "grep export ./ci/test/00_setup_env*.sh"],
+        stdout=subprocess.PIPE,
+        text=True,
+    ).stdout.splitlines()
+    settings = set(l.split("=")[0].split("export ")[1] for l in settings)
+    # Add "hidden" settings, which are never exported, manually. Otherwise,
+    # they will not be passed on.
+    settings.update([
+        "BASE_BUILD_DIR",
+        "CI_FAILFAST_TEST_LEAVE_DANGLING",
+    ])
+
+    # Append $USER to /tmp/env to support multi-user systems and $CONTAINER_NAME
+    # to allow support starting multiple runs simultaneously by the same user.
+    env_file = "/tmp/env-{u}-{c}".format(
+        u=os.environ["USER"],
+        c=os.environ["CONTAINER_NAME"],
+    )
+    with open(env_file, "w") as file:
+        for k, v in os.environ.items():
+            if k in settings:
+                file.write(f"{k}={v}\n")
+    run(["cat", env_file])
+
+    if os.getenv("DANGER_RUN_CI_ON_HOST"):
+        print("Running on host system without docker wrapper")
+        print("Create missing folders")
+        for create_dir in [
+                os.environ["CCACHE_DIR"],
+                os.environ["PREVIOUS_RELEASES_DIR"],
+        ]:
+            Path(create_dir).mkdir(parents=True, exist_ok=True)
+
+        # Modify PATH to prepend the retry script, needed for CI_RETRY_EXE
+        os.environ["PATH"] = f"{os.environ['BASE_ROOT_DIR']}/ci/retry:{os.environ['PATH']}"
+        # GNU getopt is required for the CI_RETRY_EXE script
+        if os.getenv("CI_OS_NAME") == "macos":
+            prefix = run(
+                ["brew", "--prefix", "gnu-getopt"],
+                stdout=subprocess.PIPE,
+                text=True,
+            ).stdout.strip()
+            os.environ["IN_GETOPT_BIN"] = f"{prefix}/bin/getopt"
+    else:
+        CI_IMAGE_LABEL = "bitcoin-ci-test"
+
+        # Use buildx unconditionally
+        # Using buildx is required to properly load the correct driver, for use with registry caching. Neither build, nor BUILDKIT=1 currently do this properly
+        cmd_build = ["docker", "buildx", "build"]
+        cmd_build += [
+            f"--file={os.environ['BASE_READ_ONLY_DIR']}/ci/test_imagefile",
+            f"--build-arg=CI_IMAGE_NAME_TAG={os.environ['CI_IMAGE_NAME_TAG']}",
+            f"--build-arg=FILE_ENV={os.environ['FILE_ENV']}",
+            f"--build-arg=BASE_ROOT_DIR={os.environ['BASE_ROOT_DIR']}",
+            f"--platform={os.environ['CI_IMAGE_PLATFORM']}",
+            f"--label={CI_IMAGE_LABEL}",
+            f"--tag={os.environ['CONTAINER_NAME']}",
+        ]
+        cmd_build += shlex.split(os.getenv("DOCKER_BUILD_CACHE_ARG", ""))
+        cmd_build += [os.environ["BASE_READ_ONLY_DIR"]]
+
+        print(f"Building {os.environ['CONTAINER_NAME']} image tag to run in")
+        if run(cmd_build, check=False).returncode != 0:
+            print(f"Retry building {os.environ['CONTAINER_NAME']} image tag after failure")
+            time.sleep(3)
+            run(cmd_build)
+
+        for suffix in ["ccache", "depends", "depends_sources", "previous_releases"]:
+            run(["docker", "volume", "create", f"{os.environ['CONTAINER_NAME']}_{suffix}"], check=False)
+
+        CI_CCACHE_MOUNT = f"type=volume,src={os.environ['CONTAINER_NAME']}_ccache,dst={os.environ['CCACHE_DIR']}"
+        CI_DEPENDS_MOUNT = f"type=volume,src={os.environ['CONTAINER_NAME']}_depends,dst={os.environ['DEPENDS_DIR']}/built"
+        CI_DEPENDS_SOURCES_MOUNT = f"type=volume,src={os.environ['CONTAINER_NAME']}_depends_sources,dst={os.environ['DEPENDS_DIR']}/sources"
+        CI_PREVIOUS_RELEASES_MOUNT = f"type=volume,src={os.environ['CONTAINER_NAME']}_previous_releases,dst={os.environ['PREVIOUS_RELEASES_DIR']}"
+        CI_BUILD_MOUNT = []
+
+        if os.getenv("DANGER_CI_ON_HOST_FOLDERS"):
+            # ensure the directories exist
+            for create_dir in [
+                    os.environ["CCACHE_DIR"],
+                    f"{os.environ['DEPENDS_DIR']}/built",
+                    f"{os.environ['DEPENDS_DIR']}/sources",
+                    os.environ["PREVIOUS_RELEASES_DIR"],
+                    os.environ["BASE_BUILD_DIR"],  # Unset by default, must be defined externally
+            ]:
+                Path(create_dir).mkdir(parents=True, exist_ok=True)
+
+            CI_CCACHE_MOUNT = f"type=bind,src={os.environ['CCACHE_DIR']},dst={os.environ['CCACHE_DIR']}"
+            CI_DEPENDS_MOUNT = f"type=bind,src={os.environ['DEPENDS_DIR']}/built,dst={os.environ['DEPENDS_DIR']}/built"
+            CI_DEPENDS_SOURCES_MOUNT = f"type=bind,src={os.environ['DEPENDS_DIR']}/sources,dst={os.environ['DEPENDS_DIR']}/sources"
+            CI_PREVIOUS_RELEASES_MOUNT = f"type=bind,src={os.environ['PREVIOUS_RELEASES_DIR']},dst={os.environ['PREVIOUS_RELEASES_DIR']}"
+            CI_BUILD_MOUNT = [f"--mount=type=bind,src={os.environ['BASE_BUILD_DIR']},dst={os.environ['BASE_BUILD_DIR']}"]
+
+        if os.getenv("DANGER_CI_ON_HOST_CCACHE_FOLDER"):
+            if not os.path.isdir(os.environ["CCACHE_DIR"]):
+                print(f"Error: Directory '{os.environ['CCACHE_DIR']}' must be created in advance.")
+                sys.exit(1)
+            CI_CCACHE_MOUNT = f"type=bind,src={os.environ['CCACHE_DIR']},dst={os.environ['CCACHE_DIR']}"
+
+        run(["docker", "network", "create", "--ipv6", "--subnet", "1111:1111::/112", "ci-ip6net"], check=False)
+
+        if os.getenv("RESTART_CI_DOCKER_BEFORE_RUN"):
+            print("Restart docker before run to stop and clear all containers started with --rm")
+            run(["podman", "container", "rm", "--force", "--all"])  # Similar to "systemctl restart docker"
+
+            # Still prune everything in case the filtered pruning doesn't work, or if labels were not set
+            # on a previous run. Belt and suspenders approach, should be fine to remove in the future.
+            # Prune images used by --external containers (e.g. build containers) when
+            # using podman.
+            print("Prune all dangling images")
+            run(["podman", "image", "prune", "--force", "--external"])
+
+        print(f"Prune all dangling {CI_IMAGE_LABEL} images")
+        # When detecting podman-docker, `--external` should be added.
+        run(["docker", "image", "prune", "--force", "--filter", f"label={CI_IMAGE_LABEL}"])
+
+        cmd_run = ["docker", "run", "--rm", "--interactive", "--detach", "--tty"]
+        cmd_run += [
+            "--cap-add=LINUX_IMMUTABLE",
+            *shlex.split(os.getenv("CI_CONTAINER_CAP", "")),
+            f"--mount=type=bind,src={os.environ['BASE_READ_ONLY_DIR']},dst={os.environ['BASE_READ_ONLY_DIR']},readonly",
+            f"--mount={CI_CCACHE_MOUNT}",
+            f"--mount={CI_DEPENDS_MOUNT}",
+            f"--mount={CI_DEPENDS_SOURCES_MOUNT}",
+            f"--mount={CI_PREVIOUS_RELEASES_MOUNT}",
+            *CI_BUILD_MOUNT,
+            f"--env-file={env_file}",
+            f"--name={os.environ['CONTAINER_NAME']}",
+            "--network=ci-ip6net",
+            f"--platform={os.environ['CI_IMAGE_PLATFORM']}",
+            os.environ["CONTAINER_NAME"],
+        ]
+
+        container_id = run(
+            cmd_run,
+            stdout=subprocess.PIPE,
+            text=True,
+        ).stdout.strip()
+
+    def ci_exec(cmd_inner, **kwargs):
+        if os.getenv("DANGER_RUN_CI_ON_HOST"):
+            prefix = []
+        else:
+            prefix = ["docker", "exec", container_id]
+
+        return run([*prefix, *cmd_inner], **kwargs)
+
+    # Normalize all folders to BASE_ROOT_DIR
+    ci_exec([
+        "rsync",
+        "--recursive",
+        "--perms",
+        "--stats",
+        "--human-readable",
+        f"{os.environ['BASE_READ_ONLY_DIR']}/",
+        f"{os.environ['BASE_ROOT_DIR']}",
+    ])
+    ci_exec([f"{os.environ['BASE_ROOT_DIR']}/ci/test/01_base_install.sh"])
+    ci_exec([f"{os.environ['BASE_ROOT_DIR']}/ci/test/03_test_script.sh"])
+
+    if not os.getenv("DANGER_RUN_CI_ON_HOST"):
+        print("Stop and remove CI container by ID")
+        run(["docker", "container", "kill", container_id])
+
+
+if __name__ == "__main__":
+    main()

ci/test/02_run_container.sh

@@ -1,175 +0,0 @@
-#!/usr/bin/env bash
-#
-# Copyright (c) 2018-present The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-
-export LC_ALL=C.UTF-8
-export CI_IMAGE_LABEL="bitcoin-ci-test"
-
-set -o errexit -o pipefail -o xtrace
-
-if [ -z "$DANGER_RUN_CI_ON_HOST" ]; then
-  # Export all env vars to avoid missing some.
-  # Though, exclude those with newlines to avoid parsing problems.
-  python3 -c 'import os; [print(f"{key}={value}") for key, value in os.environ.items() if "\n" not in value and "HOME" != key and "PATH" != key and "USER" != key]' | tee "/tmp/env-$USER-$CONTAINER_NAME"
-
-  # Env vars during the build can not be changed. For example, a modified
-  # $MAKEJOBS is ignored in the build process. Use --cpuset-cpus as an
-  # approximation to respect $MAKEJOBS somewhat, if cpuset is available.
-  MAYBE_CPUSET=""
-  if [ "$HAVE_CGROUP_CPUSET" ]; then
-    MAYBE_CPUSET="--cpuset-cpus=$( python3 -c "import random;P=$( nproc );M=min(P,int('$MAKEJOBS'.lstrip('-j')));print(','.join(map(str,sorted(random.sample(range(P),M)))))" )"
-  fi
-  echo "Creating $CI_IMAGE_NAME_TAG container to run in"
-
-  DOCKER_BUILD_CACHE_ARG=""
-  DOCKER_BUILD_CACHE_TEMPDIR=""
-  DOCKER_BUILD_CACHE_OLD_DIR=""
-  DOCKER_BUILD_CACHE_NEW_DIR=""
-  # If set, use an `docker build` cache directory on the CI host
-  # to cache docker image layers for the CI container image.
-  # This cache can be multiple GB in size. Prefixed with DANGER
-  # as setting it removes (old cache) files from the host.
-  if [ "$DANGER_DOCKER_BUILD_CACHE_HOST_DIR" ]; then
-    # Directory where the current cache for this run could be. If not existing
-    # or empty, "docker build" will warn, but treat it as cache-miss and continue.
-    DOCKER_BUILD_CACHE_OLD_DIR="${DANGER_DOCKER_BUILD_CACHE_HOST_DIR}/${CONTAINER_NAME}"
-    # Temporary directory for a newly created cache. We can't write the new
-    # cache into OLD_DIR directly, as old cache layers would not be removed.
-    # The NEW_DIR contents are moved to OLD_DIR after OLD_DIR has been cleared.
-    # This happens after `docker build`. If a task fails or is aborted, the
-    # DOCKER_BUILD_CACHE_TEMPDIR might be retained on the host. If the host isn't
-    # ephemeral, it has to take care of cleaning old TEMPDIR's up.
-    DOCKER_BUILD_CACHE_TEMPDIR="$(mktemp --directory ci-docker-build-cache-XXXXXXXXXX)"
-    DOCKER_BUILD_CACHE_NEW_DIR="${DOCKER_BUILD_CACHE_TEMPDIR}/${CONTAINER_NAME}"
-    DOCKER_BUILD_CACHE_ARG="--cache-from type=local,src=${DOCKER_BUILD_CACHE_OLD_DIR} --cache-to type=local,dest=${DOCKER_BUILD_CACHE_NEW_DIR},mode=max"
-  fi
-
-  # shellcheck disable=SC2086
-  DOCKER_BUILDKIT=1 docker build \
-      --file "${BASE_READ_ONLY_DIR}/ci/test_imagefile" \
-      --build-arg "CI_IMAGE_NAME_TAG=${CI_IMAGE_NAME_TAG}" \
-      --build-arg "FILE_ENV=${FILE_ENV}" \
-      $MAYBE_CPUSET \
-      --platform="${CI_IMAGE_PLATFORM}" \
-      --label="${CI_IMAGE_LABEL}" \
-      --tag="${CONTAINER_NAME}" \
-      $DOCKER_BUILD_CACHE_ARG \
-      "${BASE_READ_ONLY_DIR}"
-
-  if [ "$DANGER_DOCKER_BUILD_CACHE_HOST_DIR" ]; then
-    if [ -e "${DOCKER_BUILD_CACHE_NEW_DIR}/index.json" ]; then
-      echo "Removing the existing docker build cache in ${DOCKER_BUILD_CACHE_OLD_DIR}"
-      rm -rf "${DOCKER_BUILD_CACHE_OLD_DIR}"
-      echo "Moving the contents of ${DOCKER_BUILD_CACHE_NEW_DIR} to ${DOCKER_BUILD_CACHE_OLD_DIR}"
-      mv "${DOCKER_BUILD_CACHE_NEW_DIR}" "${DOCKER_BUILD_CACHE_OLD_DIR}"
-    fi
-  fi
-
-  docker volume create "${CONTAINER_NAME}_ccache" || true
-  docker volume create "${CONTAINER_NAME}_depends" || true
-  docker volume create "${CONTAINER_NAME}_depends_sources" || true
-  docker volume create "${CONTAINER_NAME}_previous_releases" || true
-
-  CI_CCACHE_MOUNT="type=volume,src=${CONTAINER_NAME}_ccache,dst=$CCACHE_DIR"
-  CI_DEPENDS_MOUNT="type=volume,src=${CONTAINER_NAME}_depends,dst=$DEPENDS_DIR/built"
-  CI_DEPENDS_SOURCES_MOUNT="type=volume,src=${CONTAINER_NAME}_depends_sources,dst=$DEPENDS_DIR/sources"
-  CI_PREVIOUS_RELEASES_MOUNT="type=volume,src=${CONTAINER_NAME}_previous_releases,dst=$PREVIOUS_RELEASES_DIR"
-  CI_BUILD_MOUNT=""
-
-  if [ "$DANGER_CI_ON_HOST_FOLDERS" ]; then
-    # ensure the directories exist
-    mkdir -p "${CCACHE_DIR}"
-    mkdir -p "${DEPENDS_DIR}/built"
-    mkdir -p "${DEPENDS_DIR}/sources"
-    mkdir -p "${PREVIOUS_RELEASES_DIR}"
-    mkdir -p "${BASE_BUILD_DIR}"  # Unset by default, must be defined externally
-
-    CI_CCACHE_MOUNT="type=bind,src=${CCACHE_DIR},dst=$CCACHE_DIR"
-    CI_DEPENDS_MOUNT="type=bind,src=${DEPENDS_DIR}/built,dst=$DEPENDS_DIR/built"
-    CI_DEPENDS_SOURCES_MOUNT="type=bind,src=${DEPENDS_DIR}/sources,dst=$DEPENDS_DIR/sources"
-    CI_PREVIOUS_RELEASES_MOUNT="type=bind,src=${PREVIOUS_RELEASES_DIR},dst=$PREVIOUS_RELEASES_DIR"
-    CI_BUILD_MOUNT="--mount type=bind,src=${BASE_BUILD_DIR},dst=${BASE_BUILD_DIR}"
-  fi
-
-  if [ "$DANGER_CI_ON_HOST_CCACHE_FOLDER" ]; then
-   # Temporary exclusion for https://github.com/bitcoin/bitcoin/issues/31108
-   # to allow CI configs and envs generated in the past to work for a bit longer.
-   # Can be removed in March 2025.
-   if [ "${CCACHE_DIR}" != "/tmp/ccache_dir" ]; then
-    if [ ! -d "${CCACHE_DIR}" ]; then
-      echo "Error: Directory '${CCACHE_DIR}' must be created in advance."
-      exit 1
-    fi
-    CI_CCACHE_MOUNT="type=bind,src=${CCACHE_DIR},dst=${CCACHE_DIR}"
-   fi # End temporary exclusion
-  fi
-
-  docker network create --ipv6 --subnet 1111:1111::/112 ci-ip6net || true
-
-  if [ -n "${RESTART_CI_DOCKER_BEFORE_RUN}" ] ; then
-    echo "Restart docker before run to stop and clear all containers started with --rm"
-    podman container rm --force --all  # Similar to "systemctl restart docker"
-
-    # Still prune everything in case the filtered pruning doesn't work, or if labels were not set
-    # on a previous run. Belt and suspenders approach, should be fine to remove in the future.
-    # Prune images used by --external containers (e.g. build containers) when
-    # using podman.
-    echo "Prune all dangling images"
-    podman image prune --force --external
-  fi
-  echo "Prune all dangling $CI_IMAGE_LABEL images"
-  # When detecting podman-docker, `--external` should be added.
-  docker image prune --force --filter "label=$CI_IMAGE_LABEL"
-
-  # Append $USER to /tmp/env to support multi-user systems and $CONTAINER_NAME
-  # to allow support starting multiple runs simultaneously by the same user.
-  # shellcheck disable=SC2086
-  CI_CONTAINER_ID=$(docker run --cap-add LINUX_IMMUTABLE $CI_CONTAINER_CAP --rm --interactive --detach --tty \
-                  --mount "type=bind,src=$BASE_READ_ONLY_DIR,dst=$BASE_READ_ONLY_DIR,readonly" \
-                  --mount "${CI_CCACHE_MOUNT}" \
-                  --mount "${CI_DEPENDS_MOUNT}" \
-                  --mount "${CI_DEPENDS_SOURCES_MOUNT}" \
-                  --mount "${CI_PREVIOUS_RELEASES_MOUNT}" \
-                  ${CI_BUILD_MOUNT} \
-                  --env-file /tmp/env-$USER-$CONTAINER_NAME \
-                  --name "$CONTAINER_NAME" \
-                  --network ci-ip6net \
-                  --platform="${CI_IMAGE_PLATFORM}" \
-                  "$CONTAINER_NAME")
-  export CI_CONTAINER_ID
-  export CI_EXEC_CMD_PREFIX="docker exec ${CI_CONTAINER_ID}"
-else
-  echo "Running on host system without docker wrapper"
-  echo "Create missing folders"
-  mkdir -p "${CCACHE_DIR}"
-  mkdir -p "${PREVIOUS_RELEASES_DIR}"
-fi
-
-if [ "$CI_OS_NAME" == "macos" ]; then
-  IN_GETOPT_BIN="$(brew --prefix gnu-getopt)/bin/getopt"
-  export IN_GETOPT_BIN
-fi
-
-CI_EXEC () {
-  $CI_EXEC_CMD_PREFIX bash -c "export PATH=\"/path_with space:${BINS_SCRATCH_DIR}:${BASE_ROOT_DIR}/ci/retry:\$PATH\" && cd \"${BASE_ROOT_DIR}\" && $*"
-}
-export -f CI_EXEC
-
-# Normalize all folders to BASE_ROOT_DIR
-CI_EXEC rsync --archive --stats --human-readable "${BASE_READ_ONLY_DIR}/" "${BASE_ROOT_DIR}" || echo "Nothing to copy from ${BASE_READ_ONLY_DIR}/"
-CI_EXEC "${BASE_ROOT_DIR}/ci/test/01_base_install.sh"
-
-# Fixes permission issues when there is a container UID/GID mismatch with the owner
-# of the git source code directory.
-CI_EXEC git config --global --add safe.directory \"*\"
-
-CI_EXEC mkdir -p "${BINS_SCRATCH_DIR}"
-
-CI_EXEC "${BASE_ROOT_DIR}/ci/test/03_test_script.sh"
-
-if [ -z "$DANGER_RUN_CI_ON_HOST" ]; then
-  echo "Stop and remove CI container by ID"
-  docker container kill "${CI_CONTAINER_ID}"
-fi

ci/test/03_test_script.sh

@@ -8,6 +8,9 @@ export LC_ALL=C.UTF-8
 
 set -ex
 
+cd "${BASE_ROOT_DIR}"
+
+export PATH="/path_with space:${PATH}"
 export ASAN_OPTIONS="detect_leaks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1"
 export LSAN_OPTIONS="suppressions=${BASE_ROOT_DIR}/test/sanitizer_suppressions/lsan"
 export TSAN_OPTIONS="suppressions=${BASE_ROOT_DIR}/test/sanitizer_suppressions/tsan:halt_on_error=1:second_deadlock_stack=1"
@@ -24,6 +27,14 @@ fi
 echo "Free disk space:"
 df -h
 
+# We force an install of linux-headers again here via $PACKAGES to fix any
+# kernel mismatch between a cached docker image and the underlying host.
+# This can happen occasionally on hosted runners if the runner image is updated.
+if [[ "$CONTAINER_NAME" == "ci_native_asan" ]]; then
+  $CI_RETRY_EXE apt-get update
+  ${CI_RETRY_EXE} bash -c "apt-get install --no-install-recommends --no-upgrade -y $PACKAGES"
+fi
+
 # What host to compile for. See also ./depends/README.md
 # Tests that need cross-compilation export the appropriate HOST.
 # Tests that run natively guess the host
@@ -33,7 +44,10 @@ echo "=== BEGIN env ==="
 env
 echo "=== END env ==="
 
-(
+# Don't apply patches in the iwyu job, because it relies on the `git diff`
+# command to detect IWYU errors. It is safe to skip this patch in the iwyu job
+# because it doesn't run a UB detector.
+if [[ "${RUN_IWYU}" != true ]]; then
   # compact->outputs[i].file_size is uninitialized memory, so reading it is UB.
   # The statistic bytes_written is only used for logging, which is disabled in
   # CI, so as a temporary minimal fix to work around UB and CI failures, leave
@@ -54,7 +68,7 @@ echo "=== END env ==="
    mutex_.Lock();
    stats_[compact->compaction->level() + 1].Add(stats);
 EOF
-)
+fi
 
 if [ "$RUN_FUZZ_TESTS" = "true" ]; then
   export DIR_FUZZ_IN=${DIR_QA_ASSETS}/fuzz_corpora/
@@ -66,7 +80,7 @@ if [ "$RUN_FUZZ_TESTS" = "true" ]; then
     echo "Using qa-assets repo from commit ..."
     git log -1
   )
-elif [ "$RUN_UNIT_TESTS" = "true" ] || [ "$RUN_UNIT_TESTS_SEQUENTIAL" = "true" ]; then
+elif [ "$RUN_UNIT_TESTS" = "true" ]; then
   export DIR_UNIT_TEST_DATA=${DIR_QA_ASSETS}/unit_test_data/
   if [ ! -d "$DIR_UNIT_TEST_DATA" ]; then
     mkdir -p "$DIR_UNIT_TEST_DATA"
@@ -74,15 +88,6 @@ elif [ "$RUN_UNIT_TESTS" = "true" ] || [ "$RUN_UNIT_TESTS_SEQUENTIAL" = "true" ]
   fi
 fi
 
-if [ "$USE_BUSY_BOX" = "true" ]; then
-  echo "Setup to use BusyBox utils"
-  # tar excluded for now because it requires passing in the exact archive type in ./depends (fixed in later BusyBox version)
-  # ar excluded for now because it does not recognize the -q option in ./depends (unknown if fixed)
-  for util in $(busybox --list | grep -v "^ar$" | grep -v "^tar$" ); do ln -s "$(command -v busybox)" "${BINS_SCRATCH_DIR}/$util"; done
-  # Print BusyBox version
-  patch --help
-fi
-
 # Make sure default datadir does not exist and is never read by creating a dummy file
 if [ "$CI_OS_NAME" == "macos" ]; then
   echo > "${HOME}/Library/Application Support/Bitcoin"
@@ -91,15 +96,15 @@ else
 fi
 
 if [ -z "$NO_DEPENDS" ]; then
-  if [[ $CI_IMAGE_NAME_TAG == *centos* ]]; then
-    SHELL_OPTS="CONFIG_SHELL=/bin/ksh"  # Temporarily use ksh instead of dash, until https://bugzilla.redhat.com/show_bug.cgi?id=2335416 is fixed.
+  if [[ $CI_IMAGE_NAME_TAG == *alpine* ]]; then
+    SHELL_OPTS="CONFIG_SHELL=/usr/bin/dash"
   else
     SHELL_OPTS="CONFIG_SHELL="
   fi
   bash -c "$SHELL_OPTS make $MAKEJOBS -C depends HOST=$HOST $DEP_OPTS LOG=1"
 fi
 if [ "$DOWNLOAD_PREVIOUS_RELEASES" = "true" ]; then
-  test/get_previous_releases.py -b -t "$PREVIOUS_RELEASES_DIR"
+  test/get_previous_releases.py --target-dir "$PREVIOUS_RELEASES_DIR"
 fi
 
 BITCOIN_CONFIG_ALL="-DBUILD_BENCH=ON -DBUILD_FUZZ_BINARY=ON"
@@ -115,25 +120,45 @@ PRINT_CCACHE_STATISTICS="ccache --version | head -n 1 && ccache --show-stats"
 
 # Folder where the build is done.
 BASE_BUILD_DIR=${BASE_BUILD_DIR:-$BASE_SCRATCH_DIR/build-$HOST}
-mkdir -p "${BASE_BUILD_DIR}"
-cd "${BASE_BUILD_DIR}"
 
-BITCOIN_CONFIG_ALL="$BITCOIN_CONFIG_ALL -DENABLE_EXTERNAL_SIGNER=ON -DCMAKE_INSTALL_PREFIX=$BASE_OUTDIR"
+BITCOIN_CONFIG_ALL="$BITCOIN_CONFIG_ALL -DCMAKE_INSTALL_PREFIX=$BASE_OUTDIR -Werror=dev"
 
-if [[ "${RUN_TIDY}" == "true" ]]; then
+if [[ "${RUN_IWYU}" == true || "${RUN_TIDY}" == true ]]; then
   BITCOIN_CONFIG_ALL="$BITCOIN_CONFIG_ALL -DCMAKE_EXPORT_COMPILE_COMMANDS=ON"
 fi
 
-bash -c "cmake -S $BASE_ROOT_DIR $BITCOIN_CONFIG_ALL $BITCOIN_CONFIG || ( (cat $(cmake -P "${BASE_ROOT_DIR}/ci/test/GetCMakeLogFiles.cmake")) && false)"
+eval "CMAKE_ARGS=($BITCOIN_CONFIG_ALL $BITCOIN_CONFIG)"
+cmake -S "$BASE_ROOT_DIR" -B "$BASE_BUILD_DIR" "${CMAKE_ARGS[@]}" || (
+  cd "${BASE_BUILD_DIR}"
+  # shellcheck disable=SC2046
+  cat $(cmake -P "${BASE_ROOT_DIR}/ci/test/GetCMakeLogFiles.cmake")
+  false
+)
 
-bash -c "cmake --build . $MAKEJOBS --target all $GOAL" || ( echo "Build failure. Verbose build follows." && cmake --build . --target all "$GOAL" --verbose ; false )
+if [[ "${GOAL}" != all && "${GOAL}" != codegen ]]; then
+  GOAL="all ${GOAL}"
+fi
+
+# shellcheck disable=SC2086
+cmake --build "${BASE_BUILD_DIR}" "$MAKEJOBS" --target $GOAL || (
+  echo "Build failure. Verbose build follows."
+  # shellcheck disable=SC2086
+  cmake --build "${BASE_BUILD_DIR}" -j1 --target $GOAL --verbose
+  false
+)
 
 bash -c "${PRINT_CCACHE_STATISTICS}"
+if [ "$CI" = "true" ]; then
+  hit_rate=$(ccache -s | grep "Hits:" | head -1 | sed 's/.*(\(.*\)%).*/\1/')
+  if [ "${hit_rate%.*}" -lt 75 ]; then
+      echo "::notice title=low ccache hitrate::Ccache hit-rate in $CONTAINER_NAME was $hit_rate%"
+  fi
+fi
 du -sh "${DEPENDS_DIR}"/*/
 du -sh "${PREVIOUS_RELEASES_DIR}"
 
-if [[ $HOST = *-mingw32 ]]; then
-  "${BASE_ROOT_DIR}/ci/test/wrap-wine.sh"
+if [ -n "${CI_LIMIT_STACK_SIZE}" ]; then
+  ulimit -s 512
 fi
 
 if [ -n "$USE_VALGRIND" ]; then
@@ -141,21 +166,32 @@ if [ -n "$USE_VALGRIND" ]; then
 fi
 
 if [ "$RUN_CHECK_DEPS" = "true" ]; then
-  "${BASE_ROOT_DIR}/contrib/devtools/check-deps.sh" .
+  "${BASE_ROOT_DIR}/contrib/devtools/check-deps.sh" "${BASE_BUILD_DIR}"
 fi
 
 if [ "$RUN_UNIT_TESTS" = "true" ]; then
-  DIR_UNIT_TEST_DATA="${DIR_UNIT_TEST_DATA}" LD_LIBRARY_PATH="${DEPENDS_DIR}/${HOST}/lib" CTEST_OUTPUT_ON_FAILURE=ON ctest --stop-on-failure "${MAKEJOBS}" --timeout $(( TEST_RUNNER_TIMEOUT_FACTOR * 60 ))
-fi
-
-if [ "$RUN_UNIT_TESTS_SEQUENTIAL" = "true" ]; then
-  DIR_UNIT_TEST_DATA="${DIR_UNIT_TEST_DATA}" LD_LIBRARY_PATH="${DEPENDS_DIR}/${HOST}/lib" "${BASE_OUTDIR}"/bin/test_bitcoin --catch_system_errors=no -l test_suite
+  DIR_UNIT_TEST_DATA="${DIR_UNIT_TEST_DATA}" \
+  LD_LIBRARY_PATH="${DEPENDS_DIR}/${HOST}/lib" \
+  CTEST_OUTPUT_ON_FAILURE=ON \
+  ctest --test-dir "${BASE_BUILD_DIR}" \
+    --stop-on-failure \
+    "${MAKEJOBS}" \
+    --timeout $(( TEST_RUNNER_TIMEOUT_FACTOR * 60 ))
 fi
 
 if [ "$RUN_FUNCTIONAL_TESTS" = "true" ]; then
   # parses TEST_RUNNER_EXTRA as an array which allows for multiple arguments such as TEST_RUNNER_EXTRA='--exclude "rpc_bind.py --ipv6"'
   eval "TEST_RUNNER_EXTRA=($TEST_RUNNER_EXTRA)"
-  LD_LIBRARY_PATH="${DEPENDS_DIR}/${HOST}/lib" test/functional/test_runner.py --ci "${MAKEJOBS}" --tmpdirprefix "${BASE_SCRATCH_DIR}"/test_runner/ --ansi --combinedlogslen=99999999 --timeout-factor="${TEST_RUNNER_TIMEOUT_FACTOR}" "${TEST_RUNNER_EXTRA[@]}" --quiet --failfast
+  LD_LIBRARY_PATH="${DEPENDS_DIR}/${HOST}/lib" \
+  "${BASE_BUILD_DIR}/test/functional/test_runner.py" \
+    "${MAKEJOBS}" \
+    --tmpdirprefix "${BASE_SCRATCH_DIR}/test_runner/" \
+    --ansi \
+    --combinedlogslen=99999999 \
+    --timeout-factor="${TEST_RUNNER_TIMEOUT_FACTOR}" \
+    "${TEST_RUNNER_EXTRA[@]}" \
+    --quiet \
+    --failfast
 fi
 
 if [ "${RUN_TIDY}" = "true" ]; then
@@ -175,19 +211,44 @@ if [ "${RUN_TIDY}" = "true" ]; then
     echo "^^^ ⚠️ Failure generated from clang-tidy"
     false
   fi
+fi
+
+if [[ "${RUN_IWYU}" == true ]]; then
+  # TODO: Consider enforcing IWYU across the entire codebase.
+  FILES_WITH_ENFORCED_IWYU="/src/((crypto|index|kernel)/.*\\.cpp|node/blockstorage.cpp|node/utxo_snapshot.cpp|core_io.cpp|signet.cpp)"
+  jq --arg patterns "$FILES_WITH_ENFORCED_IWYU" 'map(select(.file | test($patterns)))' "${BASE_BUILD_DIR}/compile_commands.json" > "${BASE_BUILD_DIR}/compile_commands_iwyu_errors.json"
+  jq --arg patterns "$FILES_WITH_ENFORCED_IWYU" 'map(select(.file | test($patterns) | not))' "${BASE_BUILD_DIR}/compile_commands.json" > "${BASE_BUILD_DIR}/compile_commands_iwyu_warnings.json"
 
   cd "${BASE_ROOT_DIR}"
-  python3 "/include-what-you-use/iwyu_tool.py" \
-           -p "${BASE_BUILD_DIR}" "${MAKEJOBS}" \
-           -- -Xiwyu --cxx17ns -Xiwyu --mapping_file="${BASE_ROOT_DIR}/contrib/devtools/iwyu/bitcoin.core.imp" \
-           -Xiwyu --max_line_length=160 \
-           2>&1 | tee /tmp/iwyu_ci.out
-  cd "${BASE_ROOT_DIR}/src"
-  python3 "/include-what-you-use/fix_includes.py" --nosafe_headers < /tmp/iwyu_ci.out
+
+  run_iwyu() {
+    mv "${BASE_BUILD_DIR}/$1" "${BASE_BUILD_DIR}/compile_commands.json"
+    python3 "/include-what-you-use/iwyu_tool.py" \
+             -p "${BASE_BUILD_DIR}" "${MAKEJOBS}" \
+             -- -Xiwyu --cxx17ns -Xiwyu --mapping_file="${BASE_ROOT_DIR}/contrib/devtools/iwyu/bitcoin.core.imp" \
+             -Xiwyu --max_line_length=160 \
+             2>&1 | tee /tmp/iwyu_ci.out
+    python3 "/include-what-you-use/fix_includes.py" --nosafe_headers < /tmp/iwyu_ci.out
+    git diff -U0 | ./contrib/devtools/clang-format-diff.py -binary="clang-format-${TIDY_LLVM_V}" -p1 -i -v
+  }
+
+  run_iwyu "compile_commands_iwyu_errors.json"
+  if ! ( git --no-pager diff --exit-code ); then
+    echo "^^^ ⚠️ Failure generated from IWYU"
+    false
+  fi
+
+  run_iwyu "compile_commands_iwyu_warnings.json"
   git --no-pager diff
 fi
 
 if [ "$RUN_FUZZ_TESTS" = "true" ]; then
   # shellcheck disable=SC2086
-  LD_LIBRARY_PATH="${DEPENDS_DIR}/${HOST}/lib" test/fuzz/test_runner.py ${FUZZ_TESTS_CONFIG} "${MAKEJOBS}" -l DEBUG "${DIR_FUZZ_IN}" --empty_min_time=60
+  LD_LIBRARY_PATH="${DEPENDS_DIR}/${HOST}/lib" \
+  "${BASE_BUILD_DIR}/test/fuzz/test_runner.py" \
+    ${FUZZ_TESTS_CONFIG} \
+    "${MAKEJOBS}" \
+    -l DEBUG \
+    "${DIR_FUZZ_IN}" \
+    --empty_min_time=60
 fi

ci/test/wrap-valgrind.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Copyright (c) 2018-2021 The Bitcoin Core developers
+# Copyright (c) 2018-present The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
@@ -12,7 +12,7 @@ for b_name in "${BASE_OUTDIR}/bin"/*; do
       echo "Wrap $b ..."
       mv "$b" "${b}_orig"
       echo '#!/usr/bin/env bash' > "$b"
-      echo "valgrind --gen-suppressions=all --quiet --error-exitcode=1 --suppressions=${BASE_ROOT_DIR}/contrib/valgrind.supp \"${b}_orig\" \"\$@\"" >> "$b"
+      echo "exec valgrind --gen-suppressions=all --quiet --error-exitcode=1 --suppressions=${BASE_ROOT_DIR}/contrib/valgrind.supp \"${b}_orig\" \"\$@\"" >> "$b"
       chmod +x "$b"
     done
 done

ci/test/wrap-wine.sh

@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-#
-# Copyright (c) 2020-2022 The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-
-export LC_ALL=C.UTF-8
-
-for b_name in {"${BASE_OUTDIR}/bin"/*,src/univalue/{test_json,unitester,object}}.exe; do
-    # shellcheck disable=SC2044
-    for b in $(find "${BASE_ROOT_DIR}" -executable -type f -name "$(basename "$b_name")"); do
-      if (file "$b" | grep "Windows"); then
-        echo "Wrap $b ..."
-        mv "$b" "${b}_orig"
-        echo '#!/usr/bin/env bash' > "$b"
-        echo "( wine \"${b}_orig\" \"\$@\" ) || ( sleep 1 && wine \"${b}_orig\" \"\$@\" )" >> "$b"
-        chmod +x "$b"
-      fi
-    done
-done

ci/test_imagefile

@@ -4,13 +4,21 @@
 
 # See ci/README.md for usage.
 
-ARG CI_IMAGE_NAME_TAG
+# We never want scratch, but default arg silences a Warning
+ARG CI_IMAGE_NAME_TAG=scratch
 FROM ${CI_IMAGE_NAME_TAG}
 
 ARG FILE_ENV
 ENV FILE_ENV=${FILE_ENV}
 
+ARG BASE_ROOT_DIR
+ENV BASE_ROOT_DIR=${BASE_ROOT_DIR}
+
+# Make retry available in PATH, needed for CI_RETRY_EXE
 COPY ./ci/retry/retry /usr/bin/retry
-COPY ./ci/test/00_setup_env.sh ./${FILE_ENV} ./ci/test/01_base_install.sh /ci_container_base/ci/test/
+COPY ./ci/test/00_setup_env.sh ./${FILE_ENV} ./ci/test/01_base_install.sh ./ci/test/01_iwyu.patch /ci_container_base/ci/test/
+
+# Bash is required, so install it when missing
+RUN sh -c "bash -c 'true' || ( apk update && apk add --no-cache bash )"
 
 RUN ["bash", "-c", "cd /ci_container_base/ && set -o errexit && source ./ci/test/00_setup_env.sh && ./ci/test/01_base_install.sh"]

ci/test_run_all.sh

@@ -8,4 +8,4 @@ export LC_ALL=C.UTF-8
 
 set -o errexit; source ./ci/test/00_setup_env.sh
 set -o errexit
-"./ci/test/02_run_container.sh"
+"./ci/test/02_run_container.py"

cmake/bitcoin-build-config.h.in

@@ -29,18 +29,9 @@
 /* Copyright year */
 #define COPYRIGHT_YEAR @COPYRIGHT_YEAR@
 
-/* Define this symbol to build code that uses ARMv8 SHA-NI intrinsics */
-#cmakedefine ENABLE_ARM_SHANI 1
-
-/* Define this symbol to build code that uses AVX2 intrinsics */
-#cmakedefine ENABLE_AVX2 1
-
 /* Define if external signer support is enabled */
 #cmakedefine ENABLE_EXTERNAL_SIGNER 1
 
-/* Define this symbol to build code that uses SSE4.1 intrinsics */
-#cmakedefine ENABLE_SSE41 1
-
 /* Define to 1 to enable tracepoints for Userspace, Statically Defined Tracing
    */
 #cmakedefine ENABLE_TRACING 1
@@ -48,20 +39,12 @@
 /* Define to 1 to enable wallet functions. */
 #cmakedefine ENABLE_WALLET 1
 
-/* Define this symbol to build code that uses x86 SHA-NI intrinsics */
-#cmakedefine ENABLE_X86_SHANI 1
-
 /* Define to 1 if you have the declaration of `fork', and to 0 if you don't.
    */
 #cmakedefine01 HAVE_DECL_FORK
 
-/* Define to 1 if you have the declaration of `freeifaddrs', and to 0 if you
-   don't. */
-#cmakedefine01 HAVE_DECL_FREEIFADDRS
-
-/* Define to 1 if you have the declaration of `getifaddrs', and to 0 if you
-   don't. */
-#cmakedefine01 HAVE_DECL_GETIFADDRS
+/* Define to 1 if '*ifaddrs' are available. */
+#cmakedefine HAVE_IFADDRS 1
 
 /* Define to 1 if you have the declaration of `pipe2', and to 0 if you don't.
    */
@@ -108,18 +91,6 @@
 /* Define to 1 if std::system or ::wsystem is available. */
 #cmakedefine HAVE_SYSTEM 1
 
-/* Define to 1 if you have the <sys/prctl.h> header file. */
-#cmakedefine HAVE_SYS_PRCTL_H 1
-
-/* Define to 1 if you have the <sys/resources.h> header file. */
-#cmakedefine HAVE_SYS_RESOURCES_H 1
-
-/* Define to 1 if you have the <sys/vmmeter.h> header file. */
-#cmakedefine HAVE_SYS_VMMETER_H 1
-
-/* Define to 1 if you have the <vm/vm_param.h> header file. */
-#cmakedefine HAVE_VM_VM_PARAM_H 1
-
 /* Define to the address where bug reports for this package should be sent. */
 #define CLIENT_BUGREPORT "@CLIENT_BUGREPORT@"
 
@@ -135,16 +106,10 @@
 /* Define to 1 if strerror_r returns char *. */
 #cmakedefine STRERROR_R_CHAR_P 1
 
-/* Define if BDB support should be compiled in */
-#cmakedefine USE_BDB 1
-
 /* Define if dbus support should be compiled in */
 #cmakedefine USE_DBUS 1
 
 /* Define if QR support should be compiled in */
 #cmakedefine USE_QRCODE 1
 
-/* Define if sqlite support should be compiled in */
-#cmakedefine USE_SQLITE 1
-
 #endif //BITCOIN_CONFIG_H

cmake/introspection.cmake

@@ -4,13 +4,6 @@
 
 include(CheckCXXSourceCompiles)
 include(CheckCXXSymbolExists)
-include(CheckIncludeFileCXX)
-
-# The following HAVE_{HEADER}_H variables go to the bitcoin-build-config.h header.
-check_include_file_cxx(sys/prctl.h HAVE_SYS_PRCTL_H)
-check_include_file_cxx(sys/resources.h HAVE_SYS_RESOURCES_H)
-check_include_file_cxx(sys/vmmeter.h HAVE_SYS_VMMETER_H)
-check_include_file_cxx(vm/vm_param.h HAVE_VM_VM_PARAM_H)
 
 check_cxx_symbol_exists(O_CLOEXEC "fcntl.h" HAVE_O_CLOEXEC)
 check_cxx_symbol_exists(fdatasync "unistd.h" HAVE_FDATASYNC)
@@ -18,9 +11,7 @@ check_cxx_symbol_exists(fork "unistd.h" HAVE_DECL_FORK)
 check_cxx_symbol_exists(pipe2 "unistd.h" HAVE_DECL_PIPE2)
 check_cxx_symbol_exists(setsid "unistd.h" HAVE_DECL_SETSID)
 
-check_include_file_cxx(sys/types.h HAVE_SYS_TYPES_H)
-check_include_file_cxx(ifaddrs.h HAVE_IFADDRS_H)
-if(HAVE_SYS_TYPES_H AND HAVE_IFADDRS_H)
+if(NOT WIN32)
   include(TestAppendRequiredLibraries)
   test_append_socket_library(core_interface)
 endif()
@@ -28,6 +19,8 @@ endif()
 include(TestAppendRequiredLibraries)
 test_append_atomic_library(core_interface)
 
+# Even though ::system is part of the standard library, we still check
+# for it, to support building targets that don't have it, such as iOS.
 check_cxx_symbol_exists(std::system "cstdlib" HAVE_STD_SYSTEM)
 check_cxx_symbol_exists(::_wsystem "stdlib.h" HAVE__WSYSTEM)
 if(HAVE_STD_SYSTEM OR HAVE__WSYSTEM)
@@ -62,13 +55,6 @@ check_cxx_source_compiles("
 
 # Check for posix_fallocate().
 check_cxx_source_compiles("
-  // same as in src/util/fs_helpers.cpp
-  #ifdef __linux__
-  #ifdef _POSIX_C_SOURCE
-  #undef _POSIX_C_SOURCE
-  #endif
-  #define _POSIX_C_SOURCE 200112L
-  #endif // __linux__
   #include <fcntl.h>
 
   int main()
@@ -177,7 +163,6 @@ if(NOT MSVC)
     " HAVE_SSE41
     CXXFLAGS ${SSE41_CXXFLAGS}
   )
-  set(ENABLE_SSE41 ${HAVE_SSE41})
 
   # Check for AVX2 intrinsics.
   set(AVX2_CXXFLAGS -mavx -mavx2)
@@ -192,7 +177,6 @@ if(NOT MSVC)
     " HAVE_AVX2
     CXXFLAGS ${AVX2_CXXFLAGS}
   )
-  set(ENABLE_AVX2 ${HAVE_AVX2})
 
   # Check for x86 SHA-NI intrinsics.
   set(X86_SHANI_CXXFLAGS -msse4 -msha)
@@ -209,7 +193,6 @@ if(NOT MSVC)
     " HAVE_X86_SHANI
     CXXFLAGS ${X86_SHANI_CXXFLAGS}
   )
-  set(ENABLE_X86_SHANI ${HAVE_X86_SHANI})
 
   # Check for ARMv8 SHA-NI intrinsics.
   set(ARM_SHANI_CXXFLAGS -march=armv8-a+crypto)
@@ -227,5 +210,4 @@ if(NOT MSVC)
     " HAVE_ARM_SHANI
     CXXFLAGS ${ARM_SHANI_CXXFLAGS}
   )
-  set(ENABLE_ARM_SHANI ${HAVE_ARM_SHANI})
 endif()

cmake/leveldb.cmake

@@ -90,9 +90,6 @@ else()
   try_append_cxx_flags("-Wconditional-uninitialized" TARGET nowarn_leveldb_interface SKIP_LINK
     IF_CHECK_PASSED "-Wno-conditional-uninitialized"
   )
-  try_append_cxx_flags("-Wsuggest-override" TARGET nowarn_leveldb_interface SKIP_LINK
-    IF_CHECK_PASSED "-Wno-suggest-override"
-  )
 endif()
 
 target_link_libraries(leveldb PRIVATE

cmake/libmultiprocess.cmake

@@ -0,0 +1,38 @@
+# Copyright (c) 2025-present The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or https://opensource.org/license/mit/.
+
+function(add_libmultiprocess subdir)
+  # Set BUILD_TESTING to match BUILD_TESTS. BUILD_TESTING is a standard cmake
+  # option that controls whether enable_testing() is called, but in the bitcoin
+  # build a BUILD_TESTS option is used instead.
+  set(BUILD_TESTING "${BUILD_TESTS}")
+  add_subdirectory(${subdir} EXCLUDE_FROM_ALL)
+  # Apply core_interface compile options to libmultiprocess runtime library.
+  target_link_libraries(multiprocess PUBLIC $<BUILD_INTERFACE:core_interface>)
+  target_link_libraries(mputil PUBLIC $<BUILD_INTERFACE:core_interface>)
+  target_link_libraries(mpgen PUBLIC $<BUILD_INTERFACE:core_interface>)
+  # Mark capproto options as advanced to hide by default from cmake UI
+  mark_as_advanced(CapnProto_DIR)
+  mark_as_advanced(CapnProto_capnpc_IMPORTED_LOCATION)
+  mark_as_advanced(CapnProto_capnp_IMPORTED_LOCATION)
+  mark_as_advanced(CapnProto_capnp-json_IMPORTED_LOCATION)
+  mark_as_advanced(CapnProto_capnp-rpc_IMPORTED_LOCATION)
+  mark_as_advanced(CapnProto_capnp-websocket_IMPORTED_LOCATION)
+  mark_as_advanced(CapnProto_kj-async_IMPORTED_LOCATION)
+  mark_as_advanced(CapnProto_kj-gzip_IMPORTED_LOCATION)
+  mark_as_advanced(CapnProto_kj-http_IMPORTED_LOCATION)
+  mark_as_advanced(CapnProto_kj_IMPORTED_LOCATION)
+  mark_as_advanced(CapnProto_kj-test_IMPORTED_LOCATION)
+  mark_as_advanced(CapnProto_kj-tls_IMPORTED_LOCATION)
+  if(BUILD_TESTS)
+    # Add tests to "all" target so ctest can run them
+    set_target_properties(mptest PROPERTIES EXCLUDE_FROM_ALL OFF)
+  endif()
+  # Exclude examples from compilation database, because the examples are not
+  # built by default, and they contain generated c++ code. Without this
+  # exclusion, tools like clang-tidy and IWYU that make use of compilation
+  # database would complain that the generated c++ source files do not exist. An
+  # alternate fix could build "mpexamples" by default like "mptests" above.
+  set_target_properties(mpcalculator mpprinter mpexample PROPERTIES EXPORT_COMPILE_COMMANDS OFF)
+endfunction()

cmake/module/AddBoostIfNeeded.cmake

@@ -17,17 +17,29 @@ function(add_boost_if_needed)
   directory and other added INTERFACE properties.
   ]=]
 
-  # We cannot rely on find_package(Boost ...) to work properly without
-  # Boost_NO_BOOST_CMAKE set until we require a more recent Boost because
-  # upstream did not ship proper CMake files until 1.82.0.
-  # Until then, we rely on CMake's FindBoost module.
-  # See: https://cmake.org/cmake/help/latest/policy/CMP0167.html
-  if(POLICY CMP0167)
-    cmake_policy(SET CMP0167 OLD)
+  if(CMAKE_HOST_APPLE)
+    find_program(HOMEBREW_EXECUTABLE brew)
+    if(HOMEBREW_EXECUTABLE)
+      execute_process(
+        COMMAND ${HOMEBREW_EXECUTABLE} --prefix boost
+        OUTPUT_VARIABLE Boost_ROOT
+        ERROR_QUIET
+        OUTPUT_STRIP_TRAILING_WHITESPACE
+      )
+    endif()
+  endif()
+
+  find_package(Boost 1.74.0 REQUIRED CONFIG)
+  mark_as_advanced(Boost_INCLUDE_DIR boost_headers_DIR)
+  # Workaround for a bug in NetBSD pkgsrc.
+  # See: https://github.com/NetBSD/pkgsrc/issues/167.
+  if(CMAKE_SYSTEM_NAME STREQUAL "NetBSD")
+    get_filename_component(_boost_include_dir "${boost_headers_DIR}/../../../include/" ABSOLUTE)
+    set_target_properties(Boost::headers PROPERTIES
+      INTERFACE_INCLUDE_DIRECTORIES ${_boost_include_dir}
+    )
+    unset(_boost_include_dir)
   endif()
-  set(Boost_NO_BOOST_CMAKE ON)
-  find_package(Boost 1.73.0 REQUIRED)
-  mark_as_advanced(Boost_INCLUDE_DIR)
   set_target_properties(Boost::headers PROPERTIES IMPORTED_GLOBAL TRUE)
   target_compile_definitions(Boost::headers INTERFACE
     # We don't use multi_index serialization.
@@ -45,34 +57,24 @@ function(add_boost_if_needed)
   # older than 1.80.
   # See: https://github.com/boostorg/config/pull/430.
   set(CMAKE_REQUIRED_DEFINITIONS -DBOOST_NO_CXX98_FUNCTION_BASE)
-  set(CMAKE_REQUIRED_INCLUDES ${Boost_INCLUDE_DIR})
-  include(CMakePushCheckState)
-  cmake_push_check_state()
-  include(TryAppendCXXFlags)
+  get_target_property(CMAKE_REQUIRED_INCLUDES Boost::headers INTERFACE_INCLUDE_DIRECTORIES)
   set(CMAKE_REQUIRED_FLAGS ${working_compiler_werror_flag})
   set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY)
+  include(CheckCXXSourceCompiles)
   check_cxx_source_compiles("
     #include <boost/config.hpp>
     " NO_DIAGNOSTICS_BOOST_NO_CXX98_FUNCTION_BASE
   )
-  cmake_pop_check_state()
   if(NO_DIAGNOSTICS_BOOST_NO_CXX98_FUNCTION_BASE)
     target_compile_definitions(Boost::headers INTERFACE
       BOOST_NO_CXX98_FUNCTION_BASE
     )
-  else()
-    set(CMAKE_REQUIRED_DEFINITIONS)
   endif()
 
   # Some package managers, such as vcpkg, vendor Boost.Test separately
   # from the rest of the headers, so we have to check for it individually.
   if(BUILD_TESTS AND DEFINED VCPKG_TARGET_TRIPLET)
-    list(APPEND CMAKE_REQUIRED_DEFINITIONS -DBOOST_TEST_NO_MAIN)
-    include(CheckIncludeFileCXX)
-    check_include_file_cxx(boost/test/included/unit_test.hpp HAVE_BOOST_INCLUDED_UNIT_TEST_H)
-    if(NOT HAVE_BOOST_INCLUDED_UNIT_TEST_H)
-      message(FATAL_ERROR "Building test_bitcoin executable requested but boost/test/included/unit_test.hpp header not available.")
-    endif()
+    find_package(boost_included_unit_test_framework ${Boost_VERSION} EXACT REQUIRED CONFIG)
   endif()
 
 endfunction()

cmake/module/AddWindowsResources.cmake

@@ -4,11 +4,21 @@
 
 include_guard(GLOBAL)
 
-macro(add_windows_resources target rc_file)
+function(add_windows_resources target rc_file)
   if(WIN32)
     target_sources(${target} PRIVATE ${rc_file})
-    set_property(SOURCE ${rc_file}
-      APPEND PROPERTY COMPILE_DEFINITIONS WINDRES_PREPROC
-    )
   endif()
-endmacro()
+endfunction()
+
+# Add a fusion manifest to Windows executables.
+# See: https://learn.microsoft.com/en-us/windows/win32/sbscs/application-manifests
+function(add_windows_application_manifest target)
+  if(WIN32)
+    configure_file(${PROJECT_SOURCE_DIR}/cmake/windows-app.manifest.in ${target}.manifest USE_SOURCE_PERMISSIONS)
+    file(CONFIGURE
+      OUTPUT ${target}-manifest.rc
+      CONTENT "1 /* CREATEPROCESS_MANIFEST_RESOURCE_ID */ 24 /* RT_MANIFEST */ \"${target}.manifest\""
+    )
+    add_windows_resources(${target} ${CMAKE_CURRENT_BINARY_DIR}/${target}-manifest.rc)
+  endif()
+endfunction()

cmake/module/FindBerkeleyDB.cmake

@@ -1,133 +0,0 @@
-# Copyright (c) 2023-present The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or https://opensource.org/license/mit/.
-
-#[=======================================================================[
-FindBerkeleyDB
---------------
-
-Finds the Berkeley DB headers and library.
-
-Imported Targets
-^^^^^^^^^^^^^^^^
-
-This module provides imported target ``BerkeleyDB::BerkeleyDB``, if
-Berkeley DB has been found.
-
-Result Variables
-^^^^^^^^^^^^^^^^
-
-This module defines the following variables:
-
-``BerkeleyDB_FOUND``
-  "True" if Berkeley DB found.
-
-``BerkeleyDB_VERSION``
-  The MAJOR.MINOR version of Berkeley DB found.
-
-#]=======================================================================]
-
-set(_BerkeleyDB_homebrew_prefix)
-if(CMAKE_HOST_APPLE)
-  find_program(HOMEBREW_EXECUTABLE brew)
-  if(HOMEBREW_EXECUTABLE)
-    # The Homebrew package manager installs the berkeley-db* packages as
-    # "keg-only", which means they are not symlinked into the default prefix.
-    # To find such a package, the find_path() and find_library() commands
-    # need additional path hints that are computed by Homebrew itself.
-    execute_process(
-      COMMAND ${HOMEBREW_EXECUTABLE} --prefix berkeley-db@4
-      OUTPUT_VARIABLE _BerkeleyDB_homebrew_prefix
-      ERROR_QUIET
-      OUTPUT_STRIP_TRAILING_WHITESPACE
-    )
-  endif()
-endif()
-
-find_path(BerkeleyDB_INCLUDE_DIR
-  NAMES db_cxx.h
-  HINTS ${_BerkeleyDB_homebrew_prefix}/include
-  PATH_SUFFIXES 4.8 48 db4.8 4 db4 5.3 db5.3 5 db5
-)
-mark_as_advanced(BerkeleyDB_INCLUDE_DIR)
-unset(_BerkeleyDB_homebrew_prefix)
-
-if(NOT BerkeleyDB_LIBRARY)
-  if(VCPKG_TARGET_TRIPLET)
-    # The vcpkg package manager installs the berkeleydb package with the same name
-    # of release and debug libraries. Therefore, the default search paths set by
-    # vcpkg's toolchain file cannot be used to search libraries as the debug one
-    # will always be found.
-    set(CMAKE_FIND_USE_CMAKE_PATH FALSE)
-  endif()
-
-  get_filename_component(_BerkeleyDB_lib_hint "${BerkeleyDB_INCLUDE_DIR}" DIRECTORY)
-
-  find_library(BerkeleyDB_LIBRARY_RELEASE
-    NAMES db_cxx-4.8 db4_cxx db48 db_cxx-5.3 db_cxx-5 db_cxx libdb48
-    NAMES_PER_DIR
-    HINTS ${_BerkeleyDB_lib_hint}
-    PATH_SUFFIXES lib
-  )
-  mark_as_advanced(BerkeleyDB_LIBRARY_RELEASE)
-
-  find_library(BerkeleyDB_LIBRARY_DEBUG
-    NAMES db_cxx-4.8 db4_cxx db48 db_cxx-5.3 db_cxx-5 db_cxx libdb48
-    NAMES_PER_DIR
-    HINTS ${_BerkeleyDB_lib_hint}
-    PATH_SUFFIXES debug/lib
-  )
-  mark_as_advanced(BerkeleyDB_LIBRARY_DEBUG)
-
-  unset(_BerkeleyDB_lib_hint)
-  unset(CMAKE_FIND_USE_CMAKE_PATH)
-
-  include(SelectLibraryConfigurations)
-  select_library_configurations(BerkeleyDB)
-  # The select_library_configurations() command sets BerkeleyDB_FOUND, but we
-  # want the one from the find_package_handle_standard_args() command below.
-  unset(BerkeleyDB_FOUND)
-endif()
-
-if(BerkeleyDB_INCLUDE_DIR)
-  file(STRINGS "${BerkeleyDB_INCLUDE_DIR}/db.h" _BerkeleyDB_version_strings REGEX "^#define[\t ]+DB_VERSION_(MAJOR|MINOR|PATCH)[ \t]+[0-9]+.*")
-  string(REGEX REPLACE ".*#define[\t ]+DB_VERSION_MAJOR[ \t]+([0-9]+).*" "\\1" _BerkeleyDB_version_major "${_BerkeleyDB_version_strings}")
-  string(REGEX REPLACE ".*#define[\t ]+DB_VERSION_MINOR[ \t]+([0-9]+).*" "\\1" _BerkeleyDB_version_minor "${_BerkeleyDB_version_strings}")
-  string(REGEX REPLACE ".*#define[\t ]+DB_VERSION_PATCH[ \t]+([0-9]+).*" "\\1" _BerkeleyDB_version_patch "${_BerkeleyDB_version_strings}")
-  unset(_BerkeleyDB_version_strings)
-  # The MAJOR.MINOR.PATCH version will be logged in the following find_package_handle_standard_args() command.
-  set(_BerkeleyDB_full_version ${_BerkeleyDB_version_major}.${_BerkeleyDB_version_minor}.${_BerkeleyDB_version_patch})
-  set(BerkeleyDB_VERSION ${_BerkeleyDB_version_major}.${_BerkeleyDB_version_minor})
-  unset(_BerkeleyDB_version_major)
-  unset(_BerkeleyDB_version_minor)
-  unset(_BerkeleyDB_version_patch)
-endif()
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(BerkeleyDB
-  REQUIRED_VARS BerkeleyDB_LIBRARY BerkeleyDB_INCLUDE_DIR
-  VERSION_VAR _BerkeleyDB_full_version
-)
-unset(_BerkeleyDB_full_version)
-
-if(BerkeleyDB_FOUND AND NOT TARGET BerkeleyDB::BerkeleyDB)
-  add_library(BerkeleyDB::BerkeleyDB UNKNOWN IMPORTED)
-  set_target_properties(BerkeleyDB::BerkeleyDB PROPERTIES
-    INTERFACE_INCLUDE_DIRECTORIES "${BerkeleyDB_INCLUDE_DIR}"
-  )
-  if(BerkeleyDB_LIBRARY_RELEASE)
-    set_property(TARGET BerkeleyDB::BerkeleyDB APPEND PROPERTY
-      IMPORTED_CONFIGURATIONS RELEASE
-    )
-    set_target_properties(BerkeleyDB::BerkeleyDB PROPERTIES
-      IMPORTED_LOCATION_RELEASE "${BerkeleyDB_LIBRARY_RELEASE}"
-    )
-  endif()
-  if(BerkeleyDB_LIBRARY_DEBUG)
-    set_property(TARGET BerkeleyDB::BerkeleyDB APPEND PROPERTY
-      IMPORTED_CONFIGURATIONS DEBUG)
-    set_target_properties(BerkeleyDB::BerkeleyDB PROPERTIES
-      IMPORTED_LOCATION_DEBUG "${BerkeleyDB_LIBRARY_DEBUG}"
-    )
-  endif()
-endif()

cmake/module/FindQRencode.cmake

@@ -21,16 +21,16 @@ endif()
 
 find_path(QRencode_INCLUDE_DIR
   NAMES qrencode.h
-  PATHS ${PC_QRencode_INCLUDE_DIRS}
+  HINTS ${PC_QRencode_INCLUDE_DIRS}
 )
 
 find_library(QRencode_LIBRARY_RELEASE
   NAMES qrencode
-  PATHS ${PC_QRencode_LIBRARY_DIRS}
+  HINTS ${PC_QRencode_LIBRARY_DIRS}
 )
 find_library(QRencode_LIBRARY_DEBUG
   NAMES qrencoded qrencode
-  PATHS ${PC_QRencode_LIBRARY_DIRS}
+  HINTS ${PC_QRencode_LIBRARY_DIRS}
 )
 include(SelectLibraryConfigurations)
 select_library_configurations(QRencode)

cmake/module/FindQt.cmake

@@ -27,19 +27,6 @@ if(CMAKE_HOST_APPLE)
   endif()
 endif()
 
-# Save CMAKE_FIND_ROOT_PATH_MODE_LIBRARY state.
-unset(_qt_find_root_path_mode_library_saved)
-if(DEFINED CMAKE_FIND_ROOT_PATH_MODE_LIBRARY)
-  set(_qt_find_root_path_mode_library_saved ${CMAKE_FIND_ROOT_PATH_MODE_LIBRARY})
-endif()
-
-# The Qt config files internally use find_library() calls for all
-# dependencies to ensure their availability. In turn, the find_library()
-# inspects the well-known locations on the file system; therefore, it must
-# be able to find platform-specific system libraries, for example:
-# /usr/x86_64-w64-mingw32/lib/libm.a or /usr/arm-linux-gnueabihf/lib/libm.a.
-set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY BOTH)
-
 find_package(Qt${Qt_FIND_VERSION_MAJOR} ${Qt_FIND_VERSION}
   COMPONENTS ${Qt_FIND_COMPONENTS}
   HINTS ${_qt_homebrew_prefix}
@@ -47,14 +34,6 @@ find_package(Qt${Qt_FIND_VERSION_MAJOR} ${Qt_FIND_VERSION}
 )
 unset(_qt_homebrew_prefix)
 
-# Restore CMAKE_FIND_ROOT_PATH_MODE_LIBRARY state.
-if(DEFINED _qt_find_root_path_mode_library_saved)
-  set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ${_qt_find_root_path_mode_library_saved})
-  unset(_qt_find_root_path_mode_library_saved)
-else()
-  unset(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY)
-endif()
-
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(Qt
   REQUIRED_VARS Qt${Qt_FIND_VERSION_MAJOR}_DIR

cmake/module/FindUSDT.cmake

@@ -36,6 +36,10 @@ if(USDT_INCLUDE_DIR)
   include(CheckCXXSourceCompiles)
   set(CMAKE_REQUIRED_INCLUDES ${USDT_INCLUDE_DIR})
   check_cxx_source_compiles("
+    #if defined(__arm__)
+    #  define STAP_SDT_ARG_CONSTRAINT g
+    #endif
+
     // Setting SDT_USE_VARIADIC lets systemtap (sys/sdt.h) know that we want to use
     // the optional variadic macros to define tracepoints.
     #define SDT_USE_VARIADIC 1

cmake/module/GenerateSetupNsi.cmake

@@ -7,6 +7,7 @@ function(generate_setup_nsi)
   set(abs_top_builddir ${PROJECT_BINARY_DIR})
   set(CLIENT_URL ${PROJECT_HOMEPAGE_URL})
   set(CLIENT_TARNAME "bitcoin")
+  set(BITCOIN_WRAPPER_NAME "bitcoin")
   set(BITCOIN_GUI_NAME "bitcoin-qt")
   set(BITCOIN_DAEMON_NAME "bitcoind")
   set(BITCOIN_CLI_NAME "bitcoin-cli")

cmake/module/InstallBinaryComponent.cmake

@@ -7,14 +7,19 @@ include(GNUInstallDirs)
 
 function(install_binary_component component)
   cmake_parse_arguments(PARSE_ARGV 1
-    IC                # prefix
-    "HAS_MANPAGE"     # options
-    ""                # one_value_keywords
-    ""                # multi_value_keywords
+    IC                          # prefix
+    "HAS_MANPAGE;INTERNAL"      # options
+    ""                          # one_value_keywords
+    ""                          # multi_value_keywords
   )
   set(target_name ${component})
+  if(IC_INTERNAL)
+    set(runtime_dest ${CMAKE_INSTALL_LIBEXECDIR})
+  else()
+    set(runtime_dest ${CMAKE_INSTALL_BINDIR})
+  endif()
   install(TARGETS ${target_name}
-    RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+    RUNTIME DESTINATION ${runtime_dest}
     COMPONENT ${component}
   )
   if(INSTALL_MAN AND IC_HAS_MANPAGE)

cmake/module/Maintenance.cmake

@@ -18,32 +18,16 @@ function(setup_split_debug_script)
   endif()
 endfunction()
 
-function(add_maintenance_targets)
-  if(NOT PYTHON_COMMAND)
-    return()
-  endif()
-
-  foreach(target IN ITEMS bitcoind bitcoin-qt bitcoin-cli bitcoin-tx bitcoin-util bitcoin-wallet test_bitcoin bench_bitcoin)
-    if(TARGET ${target})
-      list(APPEND executables $<TARGET_FILE:${target}>)
-    endif()
-  endforeach()
-
-  add_custom_target(check-symbols
-    COMMAND ${CMAKE_COMMAND} -E echo "Running symbol and dynamic library checks..."
-    COMMAND ${PYTHON_COMMAND} ${PROJECT_SOURCE_DIR}/contrib/devtools/symbol-check.py ${executables}
-    VERBATIM
-  )
-
-  add_custom_target(check-security
-    COMMAND ${CMAKE_COMMAND} -E echo "Checking binary security..."
-    COMMAND ${PYTHON_COMMAND} ${PROJECT_SOURCE_DIR}/contrib/devtools/security-check.py ${executables}
-    VERBATIM
-  )
-endfunction()
-
 function(add_windows_deploy_target)
-  if(MINGW AND TARGET bitcoin-qt AND TARGET bitcoind AND TARGET bitcoin-cli AND TARGET bitcoin-tx AND TARGET bitcoin-wallet AND TARGET bitcoin-util AND TARGET test_bitcoin)
+  if(MINGW AND TARGET bitcoin AND TARGET bitcoin-qt AND TARGET bitcoind AND TARGET bitcoin-cli AND TARGET bitcoin-tx AND TARGET bitcoin-wallet AND TARGET bitcoin-util AND TARGET test_bitcoin)
+    find_program(MAKENSIS_EXECUTABLE makensis)
+    if(NOT MAKENSIS_EXECUTABLE)
+      add_custom_target(deploy
+        COMMAND ${CMAKE_COMMAND} -E echo "Error: NSIS not found"
+      )
+      return()
+    endif()
+
     # TODO: Consider replacing this code with the CPack NSIS Generator.
     #       See https://cmake.org/cmake/help/latest/cpack_gen/nsis.html
     include(GenerateSetupNsi)
@@ -51,6 +35,7 @@ function(add_windows_deploy_target)
     add_custom_command(
       OUTPUT ${PROJECT_BINARY_DIR}/bitcoin-win64-setup.exe
       COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/release
+      COMMAND ${CMAKE_STRIP} $<TARGET_FILE:bitcoin> -o ${PROJECT_BINARY_DIR}/release/$<TARGET_FILE_NAME:bitcoin>
       COMMAND ${CMAKE_STRIP} $<TARGET_FILE:bitcoin-qt> -o ${PROJECT_BINARY_DIR}/release/$<TARGET_FILE_NAME:bitcoin-qt>
       COMMAND ${CMAKE_STRIP} $<TARGET_FILE:bitcoind> -o ${PROJECT_BINARY_DIR}/release/$<TARGET_FILE_NAME:bitcoind>
       COMMAND ${CMAKE_STRIP} $<TARGET_FILE:bitcoin-cli> -o ${PROJECT_BINARY_DIR}/release/$<TARGET_FILE_NAME:bitcoin-cli>
@@ -58,7 +43,7 @@ function(add_windows_deploy_target)
       COMMAND ${CMAKE_STRIP} $<TARGET_FILE:bitcoin-wallet> -o ${PROJECT_BINARY_DIR}/release/$<TARGET_FILE_NAME:bitcoin-wallet>
       COMMAND ${CMAKE_STRIP} $<TARGET_FILE:bitcoin-util> -o ${PROJECT_BINARY_DIR}/release/$<TARGET_FILE_NAME:bitcoin-util>
       COMMAND ${CMAKE_STRIP} $<TARGET_FILE:test_bitcoin> -o ${PROJECT_BINARY_DIR}/release/$<TARGET_FILE_NAME:test_bitcoin>
-      COMMAND makensis -V2 ${PROJECT_BINARY_DIR}/bitcoin-win64-setup.nsi
+      COMMAND ${MAKENSIS_EXECUTABLE} -V2 ${PROJECT_BINARY_DIR}/bitcoin-win64-setup.nsi
       VERBATIM
     )
     add_custom_target(deploy DEPENDS ${PROJECT_BINARY_DIR}/bitcoin-win64-setup.exe)
@@ -83,27 +68,28 @@ function(add_macos_deploy_target)
       COMMAND ${CMAKE_COMMAND} --install ${PROJECT_BINARY_DIR} --config $<CONFIG> --component bitcoin-qt --prefix ${macos_app}/Contents/MacOS --strip
       COMMAND ${CMAKE_COMMAND} -E rename ${macos_app}/Contents/MacOS/bin/$<TARGET_FILE_NAME:bitcoin-qt> ${macos_app}/Contents/MacOS/Bitcoin-Qt
       COMMAND ${CMAKE_COMMAND} -E rm -rf ${macos_app}/Contents/MacOS/bin
+      COMMAND ${CMAKE_COMMAND} -E rm -rf ${macos_app}/Contents/MacOS/share
       VERBATIM
     )
 
-    string(REPLACE " " "-" osx_volname ${CLIENT_NAME})
+    set(macos_zip "bitcoin-macos-app")
     if(CMAKE_HOST_APPLE)
       add_custom_command(
-        OUTPUT ${PROJECT_BINARY_DIR}/${osx_volname}.zip
-        COMMAND ${PYTHON_COMMAND} ${PROJECT_SOURCE_DIR}/contrib/macdeploy/macdeployqtplus ${macos_app} ${osx_volname} -translations-dir=${QT_TRANSLATIONS_DIR} -zip
+        OUTPUT ${PROJECT_BINARY_DIR}/${macos_zip}.zip
+        COMMAND Python3::Interpreter ${PROJECT_SOURCE_DIR}/contrib/macdeploy/macdeployqtplus ${macos_app} -translations-dir=${QT_TRANSLATIONS_DIR} -zip=${macos_zip}
         DEPENDS ${PROJECT_BINARY_DIR}/${macos_app}/Contents/MacOS/Bitcoin-Qt
         VERBATIM
       )
       add_custom_target(deploydir
-        DEPENDS ${PROJECT_BINARY_DIR}/${osx_volname}.zip
+        DEPENDS ${PROJECT_BINARY_DIR}/${macos_zip}.zip
       )
       add_custom_target(deploy
-        DEPENDS ${PROJECT_BINARY_DIR}/${osx_volname}.zip
+        DEPENDS ${PROJECT_BINARY_DIR}/${macos_zip}.zip
       )
     else()
       add_custom_command(
         OUTPUT ${PROJECT_BINARY_DIR}/dist/${macos_app}/Contents/MacOS/Bitcoin-Qt
-        COMMAND OBJDUMP=${CMAKE_OBJDUMP} ${PYTHON_COMMAND} ${PROJECT_SOURCE_DIR}/contrib/macdeploy/macdeployqtplus ${macos_app} ${osx_volname} -translations-dir=${QT_TRANSLATIONS_DIR}
+        COMMAND ${CMAKE_COMMAND} -E env OBJDUMP=${CMAKE_OBJDUMP} $<TARGET_FILE:Python3::Interpreter> ${PROJECT_SOURCE_DIR}/contrib/macdeploy/macdeployqtplus ${macos_app} -translations-dir=${QT_TRANSLATIONS_DIR}
         DEPENDS ${PROJECT_BINARY_DIR}/${macos_app}/Contents/MacOS/Bitcoin-Qt
         VERBATIM
       )
@@ -111,16 +97,22 @@ function(add_macos_deploy_target)
         DEPENDS ${PROJECT_BINARY_DIR}/dist/${macos_app}/Contents/MacOS/Bitcoin-Qt
       )
 
-      find_program(ZIP_COMMAND zip REQUIRED)
-      add_custom_command(
-        OUTPUT ${PROJECT_BINARY_DIR}/dist/${osx_volname}.zip
-        WORKING_DIRECTORY dist
-        COMMAND ${PROJECT_SOURCE_DIR}/cmake/script/macos_zip.sh ${ZIP_COMMAND} ${osx_volname}.zip
-        VERBATIM
-      )
-      add_custom_target(deploy
-        DEPENDS ${PROJECT_BINARY_DIR}/dist/${osx_volname}.zip
-      )
+      find_program(ZIP_EXECUTABLE zip)
+      if(NOT ZIP_EXECUTABLE)
+        add_custom_target(deploy
+          COMMAND ${CMAKE_COMMAND} -E echo "Error: ZIP not found"
+        )
+      else()
+        add_custom_command(
+          OUTPUT ${PROJECT_BINARY_DIR}/dist/${macos_zip}.zip
+          WORKING_DIRECTORY dist
+          COMMAND ${PROJECT_SOURCE_DIR}/cmake/script/macos_zip.sh ${ZIP_EXECUTABLE} ${macos_zip}.zip
+          VERBATIM
+        )
+        add_custom_target(deploy
+          DEPENDS ${PROJECT_BINARY_DIR}/dist/${macos_zip}.zip
+        )
+      endif()
     endif()
     add_dependencies(deploydir bitcoin-qt)
     add_dependencies(deploy deploydir)

cmake/module/ProcessConfigurations.cmake

@@ -105,14 +105,13 @@ function(remove_cxx_flag_from_all_configs flag)
 endfunction()
 
 function(replace_cxx_flag_in_config config old_flag new_flag)
-  string(TOUPPER "${config}" config_uppercase)
-  string(REGEX REPLACE "(^| )${old_flag}( |$)" "\\1${new_flag}\\2" new_flags "${CMAKE_CXX_FLAGS_${config_uppercase}}")
-  set(CMAKE_CXX_FLAGS_${config_uppercase} "${new_flags}" PARENT_SCOPE)
-  set(CMAKE_CXX_FLAGS_${config_uppercase} "${new_flags}"
-    CACHE STRING
-    "Flags used by the CXX compiler during ${config_uppercase} builds."
-    FORCE
-  )
+  string(TOUPPER "CMAKE_CXX_FLAGS_${config}" var_name)
+  if("${var_name}" IN_LIST precious_variables)
+    return()
+  endif()
+  string(REGEX REPLACE "(^| )${old_flag}( |$)" "\\1${new_flag}\\2" ${var_name} "${${var_name}}")
+  set(${var_name} "${${var_name}}" PARENT_SCOPE)
+  set_property(CACHE ${var_name} PROPERTY VALUE "${${var_name}}")
 endfunction()
 
 set_default_config(RelWithDebInfo)

cmake/module/TestAppendRequiredLibraries.cmake

@@ -38,8 +38,7 @@ function(test_append_socket_library target)
       message(FATAL_ERROR "Cannot figure out how to use getifaddrs/freeifaddrs.")
     endif()
   endif()
-  set(HAVE_DECL_GETIFADDRS TRUE PARENT_SCOPE)
-  set(HAVE_DECL_FREEIFADDRS TRUE PARENT_SCOPE)
+  set(HAVE_IFADDRS TRUE PARENT_SCOPE)
 endfunction()
 
 # Clang, when building for 32-bit,

cmake/module/TryAppendLinkerFlag.cmake

@@ -20,7 +20,7 @@ In configuration output, this function prints a string by the following pattern:
 function(try_append_linker_flag flag)
   cmake_parse_arguments(PARSE_ARGV 1
     TALF                              # prefix
-    ""                                # options
+    "NO_CACHE_IF_FAILED"              # options
     "TARGET;VAR;SOURCE;RESULT_VAR"    # one_value_keywords
     "IF_CHECK_PASSED"                 # multi_value_keywords
   )
@@ -68,6 +68,10 @@ function(try_append_linker_flag flag)
   if(DEFINED TALF_RESULT_VAR)
     set(${TALF_RESULT_VAR} "${${result}}" PARENT_SCOPE)
   endif()
+
+  if(NOT ${result} AND TALF_NO_CACHE_IF_FAILED)
+    unset(${result} CACHE)
+  endif()
 endfunction()
 
 if(MSVC)

cmake/secp256k1.cmake

@@ -0,0 +1,52 @@
+# Copyright (c) 2023-present The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or https://opensource.org/license/mit/.
+
+enable_language(C)
+
+function(add_secp256k1 subdir)
+  message("")
+  message("Configuring secp256k1 subtree...")
+  set(BUILD_SHARED_LIBS OFF)
+  set(CMAKE_EXPORT_COMPILE_COMMANDS OFF)
+  set(SECP256K1_ENABLE_MODULE_ECDH OFF CACHE BOOL "" FORCE)
+  set(SECP256K1_ENABLE_MODULE_RECOVERY ON CACHE BOOL "" FORCE)
+  set(SECP256K1_ENABLE_MODULE_MUSIG ON CACHE BOOL "" FORCE)
+  set(SECP256K1_BUILD_BENCHMARK OFF CACHE BOOL "" FORCE)
+  set(SECP256K1_BUILD_TESTS ${BUILD_TESTS} CACHE BOOL "" FORCE)
+  set(SECP256K1_BUILD_EXHAUSTIVE_TESTS ${BUILD_TESTS} CACHE BOOL "" FORCE)
+  if(NOT BUILD_TESTS)
+    # Always skip the ctime tests, if we are building no other tests.
+    # Otherwise, they are built if Valgrind is available. See SECP256K1_VALGRIND.
+    set(SECP256K1_BUILD_CTIME_TESTS ${BUILD_TESTS} CACHE BOOL "" FORCE)
+  endif()
+  set(SECP256K1_BUILD_EXAMPLES OFF CACHE BOOL "" FORCE)
+  include(GetTargetInterface)
+  # -fsanitize and related flags apply to both C++ and C,
+  # so we can pass them down to libsecp256k1 as CFLAGS and LDFLAGS.
+  get_target_interface(SECP256K1_APPEND_CFLAGS "" sanitize_interface COMPILE_OPTIONS)
+  string(STRIP "${SECP256K1_APPEND_CFLAGS} ${APPEND_CPPFLAGS}" SECP256K1_APPEND_CFLAGS)
+  string(STRIP "${SECP256K1_APPEND_CFLAGS} ${APPEND_CFLAGS}" SECP256K1_APPEND_CFLAGS)
+  set(SECP256K1_APPEND_CFLAGS ${SECP256K1_APPEND_CFLAGS} CACHE STRING "" FORCE)
+  get_target_interface(SECP256K1_APPEND_LDFLAGS "" sanitize_interface LINK_OPTIONS)
+  string(STRIP "${SECP256K1_APPEND_LDFLAGS} ${APPEND_LDFLAGS}" SECP256K1_APPEND_LDFLAGS)
+  set(SECP256K1_APPEND_LDFLAGS ${SECP256K1_APPEND_LDFLAGS} CACHE STRING "" FORCE)
+  # We want to build libsecp256k1 with the most tested RelWithDebInfo configuration.
+  foreach(config IN LISTS CMAKE_BUILD_TYPE CMAKE_CONFIGURATION_TYPES)
+    if(config STREQUAL "")
+      continue()
+    endif()
+    string(TOUPPER "${config}" config)
+    set(CMAKE_C_FLAGS_${config} "${CMAKE_C_FLAGS_RELWITHDEBINFO}")
+  endforeach()
+  # If the CFLAGS environment variable is defined during building depends
+  # and configuring this build system, its content might be duplicated.
+  if(DEFINED ENV{CFLAGS})
+    deduplicate_flags(CMAKE_C_FLAGS)
+  endif()
+
+  add_subdirectory(${subdir})
+  set_target_properties(secp256k1 PROPERTIES
+    EXCLUDE_FROM_ALL TRUE
+  )
+endfunction()

cmake/tests.cmake

@@ -1,15 +0,0 @@
-# Copyright (c) 2023-present The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or https://opensource.org/license/mit/.
-
-if(TARGET bitcoin-util AND TARGET bitcoin-tx AND PYTHON_COMMAND)
-  add_test(NAME util_test_runner
-    COMMAND ${CMAKE_COMMAND} -E env BITCOINUTIL=$<TARGET_FILE:bitcoin-util> BITCOINTX=$<TARGET_FILE:bitcoin-tx> ${PYTHON_COMMAND} ${PROJECT_BINARY_DIR}/test/util/test_runner.py
-  )
-endif()
-
-if(PYTHON_COMMAND)
-  add_test(NAME util_rpcauth_test
-    COMMAND ${PYTHON_COMMAND} ${PROJECT_BINARY_DIR}/test/util/rpcauth-test.py
-  )
-endif()

cmake/windows-app.manifest.in

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
+  <assemblyIdentity
+      type="win32"
+      name="org.bitcoincore.${target}"
+      version="${CLIENT_VERSION_MAJOR}.${CLIENT_VERSION_MINOR}.${CLIENT_VERSION_BUILD}.0"
+  />
+  <asmv3:application>
+    <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2019/WindowsSettings">
+      <activeCodePage>UTF-8</activeCodePage>
+    </asmv3:windowsSettings>
+  </asmv3:application>
+  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
+    <security>
+      <requestedPrivileges>
+        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
+      </requestedPrivileges>
+    </security>
+  </trustInfo>
+</assembly>

contrib/asmap/README.md

@@ -9,4 +9,75 @@ Example usage:
 python3 asmap-tool.py encode /path/to/input.file /path/to/output.file
 python3 asmap-tool.py decode /path/to/input.file /path/to/output.file
 python3 asmap-tool.py diff /path/to/first.file /path/to/second.file
+python3 asmap-tool.py diff_addrs /path/to/first.file /path/to/second.file addrs.file
+```
+These commands may take a few minutes to run with `python3`,
+depending on the amount of data involved and your machine specs.
+Consider using `pypy3` for a faster run time.
+
+### Encoding and Decoding
+
+ASmap files are somewhat large in text form, and need to be encoded
+to binary before being used with Bitcoin Core.
+
+The `encode` command takes an ASmap and an output file.
+
+The `--fill`/`-f` flag further reduces the size of the output file
+by assuming an AS assignment for an unmapped network if an adjacent network is assigned.
+This procedure is lossy, in the sense that it loses information
+about which ranges were unassigned.
+However, if the input ASmap is incomplete,
+this procedure will also reassign ranges that should have an AS assignment,
+resulting in an ASmap that may diverge from reality significantly.
+Finally, another consequence is that the resulting encoded file
+will no longer be meaningful for diffs.
+Therefore only use `--fill` if
+you want to optimise space, you have a reasonably complete ASmap,
+and do not intend to diff the file at a later time.
+
+The `decode` command takes an encoded ASmap and an output file.
+As with `encode`, the `--fill`/`-f` flag reduces the output file size
+by reassigning subnets. Conversely, the `--non-overlapping`/`-n` flag
+increases output size by outputting strictly non-overlapping network ranges.
+
+### Comparing ASmaps
+
+AS control of IP networks changes frequently, therefore it can be useful to get
+the changes between two ASmaps via the `diff` and `diff_addrs` commands.
+
+`diff` takes two ASmap files, and returns a file detailing the changes
+in the state of a network's AS assignment between the first and the second file.
+This command may take a few minutes to run, depending on your machine.
+
+The example below shows the three possible output states:
+- reassigned to a new AS (`AS26496 # was AS20738`),
+- present in the first but not the second (`# 220.157.65.0/24 was AS9723`),
+- or present in the second but not the first (`# was unassigned`).
+
+```
+217.199.160.0/19 AS26496 # was AS20738
+# 220.157.65.0/24 was AS9723
+216.151.172.0/23 AS400080 # was unassigned
+2001:470:49::/48 AS20205 # was AS6939
+# 2001:678:bd0::/48 was AS207631
+2001:67c:308::/48 AS26496 # was unassigned
+```
+`diff` accepts a `--ignore-unassigned`/`-i` flag
+which ignores networks present in the second but not the first.
+
+`diff_addrs` is intended to provide changes between two ASmaps and
+a node's known peers.
+The command takes two ASmap files, and a file of IP addresses as output by
+the `bitcoin-cli getnodeaddresses` command.
+It returns the changes between the two ASmaps for the peer IPs provided in
+the `getnodeaddresses` output.
+The resulting file is in the same format as the `diff` command shown above.
+
+You can output address data to a file:
+```
+bitcoin-cli getnodeaddresses 0 > addrs.json
+```
+and pass in the address file as the third argument:
+```
+python3 asmap-tool.py diff_addrs path/to/first.file path/to/second.file addrs.json
 ```

contrib/asmap/asmap-tool.py

@@ -131,6 +131,8 @@ def main():
     if args.subcommand is None:
         parser.print_help()
     elif args.subcommand == "encode":
+        if args.outfile.isatty():
+            sys.exit("Not much use in writing binary to a TTY. Please specify an output file or pipe output to another process.")
         state = load_file(args.infile)
         save_binary(args.outfile, state, fill=args.fill)
     elif args.subcommand == "decode":
@@ -140,15 +142,19 @@ def main():
         state1 = load_file(args.infile1)
         state2 = load_file(args.infile2)
         ipv4_changed = 0
+        ipv4_entries_changed = 0
         ipv6_changed = 0
+        ipv6_entries_changed = 0
         for prefix, old_asn, new_asn in state1.diff(state2):
             if args.ignore_unassigned and old_asn == 0:
                 continue
             net = asmap.prefix_to_net(prefix)
             if isinstance(net, ipaddress.IPv4Network):
-                ipv4_changed += 1 << (32 - net.prefixlen)
+                ipv4_changed += net.num_addresses
+                ipv4_entries_changed += 1
             elif isinstance(net, ipaddress.IPv6Network):
-                ipv6_changed += 1 << (128 - net.prefixlen)
+                ipv6_changed += net.num_addresses
+                ipv6_entries_changed += 1
             if new_asn == 0:
                 print(f"# {net} was AS{old_asn}")
             elif old_asn == 0:
@@ -159,8 +165,9 @@ def main():
         ipv6_change_str = "" if ipv6_changed == 0 else f" (2^{math.log2(ipv6_changed):.2f})"
 
         print(
-            f"# {ipv4_changed}{ipv4_change_str} IPv4 addresses changed; "
-            f"{ipv6_changed}{ipv6_change_str} IPv6 addresses changed"
+f"""# Summary
+IPv4: {ipv4_entries_changed} entries with {ipv4_changed}{ipv4_change_str} addresses changed
+IPv6: {ipv6_entries_changed} entries with {ipv6_changed}{ipv6_change_str} addresses changed"""
         )
     elif args.subcommand == "diff_addrs":
         state1 = load_file(args.infile1)

contrib/completions/bash/bitcoin-cli.bash

@@ -1,5 +1,5 @@
 # bash programmable completion for bitcoin-cli(1)
-# Copyright (c) 2012-2022 The Bitcoin Core developers
+# Copyright (c) 2012-present The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
@@ -39,7 +39,7 @@ _bitcoin_cli() {
 
     if ((cword > 4)); then
         case ${words[cword-4]} in
-            importaddress|listtransactions|setban)
+            listtransactions|setban)
                 COMPREPLY=( $( compgen -W "true false" -- "$cur" ) )
                 return 0
                 ;;
@@ -52,10 +52,7 @@ _bitcoin_cli() {
 
     if ((cword > 3)); then
         case ${words[cword-3]} in
-            addmultisigaddress)
-                return 0
-                ;;
-            getbalance|gettxout|importaddress|importpubkey|importprivkey|listreceivedbyaddress|listsinceblock)
+            getbalance|gettxout|listreceivedbyaddress|listsinceblock)
                 COMPREPLY=( $( compgen -W "true false" -- "$cur" ) )
                 return 0
                 ;;
@@ -80,7 +77,7 @@ _bitcoin_cli() {
     fi
 
     case "$prev" in
-        backupwallet|dumpwallet|importwallet)
+        backupwallet)
             _filedir
             return 0
             ;;

contrib/completions/bash/bitcoin-tx.bash

@@ -1,5 +1,5 @@
 # bash programmable completion for bitcoin-tx(1)
-# Copyright (c) 2016-2022 The Bitcoin Core developers
+# Copyright (c) 2016-present The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 

contrib/completions/bash/bitcoind.bash

@@ -1,5 +1,5 @@
 # bash programmable completion for bitcoind(1) and bitcoin-qt(1)
-# Copyright (c) 2012-2022 The Bitcoin Core developers
+# Copyright (c) 2012-present The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 

contrib/debian/copyright

@@ -5,7 +5,7 @@ Upstream-Contact: Satoshi Nakamoto <satoshin@gmx.com>
 Source: https://github.com/bitcoin/bitcoin
 
 Files: *
-Copyright: 2009-2025, Bitcoin Core Developers
+Copyright: 2009-2026, Bitcoin Core Developers
 License: Expat
 Comment: The Bitcoin Core Developers encompasses all contributors to the
          project, listed in the release notes or the git log.
@@ -121,17 +121,6 @@ Comment:
  You should have received a copy of the GNU General Public License along
  with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-License: GPL-3+
- Permission is granted to copy, distribute and/or modify this document
- under the terms of the GNU General Public License, Version 3 or any
- later version published by the Free Software Foundation.
-Comment:
- On Debian systems the GNU General Public License (GPL) version 3 is
- located in '/usr/share/common-licenses/GPL-3'.
- .
- You should have received a copy of the GNU General Public License along
- with this program.  If not, see <http://www.gnu.org/licenses/>.
-
 License: public-domain
  This work is in the public domain.
 

contrib/devtools/README.md

@@ -8,18 +8,42 @@ deterministic-fuzz-coverage
 A tool to check for non-determinism in fuzz coverage. To get the help, run:
 
 ```
-RUST_BACKTRACE=1 cargo run --manifest-path ./contrib/devtools/deterministic-fuzz-coverage/Cargo.toml -- --help
+cargo run --manifest-path ./contrib/devtools/deterministic-fuzz-coverage/Cargo.toml -- --help
 ```
 
-To execute the tool, compilation has to be done with the build options
-`-DCMAKE_C_COMPILER='clang' -DCMAKE_CXX_COMPILER='clang++'
--DBUILD_FOR_FUZZING=ON -DCMAKE_CXX_FLAGS='-fPIC -fprofile-instr-generate
--fcoverage-mapping'`. Both llvm-profdata and llvm-cov must be installed. Also,
-the qa-assets repository must have been cloned. Finally, a fuzz target has to
-be picked before running the tool:
+To execute the tool, compilation has to be done with the build options:
 
 ```
-RUST_BACKTRACE=1 cargo run --manifest-path ./contrib/devtools/deterministic-fuzz-coverage/Cargo.toml -- $PWD/build_dir $PWD/qa-assets/corpora-dir fuzz_target_name
+-DCMAKE_C_COMPILER='clang' -DCMAKE_CXX_COMPILER='clang++' -DBUILD_FOR_FUZZING=ON -DCMAKE_CXX_FLAGS='-fprofile-instr-generate -fcoverage-mapping'
+```
+
+Both llvm-profdata and llvm-cov must be installed. Also, the qa-assets
+repository must have been cloned. Finally, a fuzz target has to be picked
+before running the tool:
+
+```
+cargo run --manifest-path ./contrib/devtools/deterministic-fuzz-coverage/Cargo.toml -- $PWD/build_dir $PWD/qa-assets/fuzz_corpora fuzz_target_name
+```
+
+deterministic-unittest-coverage
+===========================
+
+A tool to check for non-determinism in unit-test coverage. To get the help, run:
+
+```
+cargo run --manifest-path ./contrib/devtools/deterministic-unittest-coverage/Cargo.toml -- --help
+```
+
+To execute the tool, compilation has to be done with the build options:
+
+```
+-DCMAKE_C_COMPILER='clang' -DCMAKE_CXX_COMPILER='clang++' -DCMAKE_CXX_FLAGS='-fprofile-instr-generate -fcoverage-mapping'
+```
+
+Both llvm-profdata and llvm-cov must be installed.
+
+```
+cargo run --manifest-path ./contrib/devtools/deterministic-unittest-coverage/Cargo.toml -- $PWD/build_dir <boost unittest filter>
 ```
 
 clang-format-diff.py
@@ -37,65 +61,6 @@ the script should be called from the git root folder as follows.
 git diff -U0 HEAD~1.. | ./contrib/devtools/clang-format-diff.py -p1 -i -v
 ```
 
-copyright\_header.py
-====================
-
-Provides utilities for managing copyright headers of `The Bitcoin Core
-developers` in repository source files. It has three subcommands:
-
-```
-$ ./copyright_header.py report <base_directory> [verbose]
-$ ./copyright_header.py update <base_directory>
-$ ./copyright_header.py insert <file>
-```
-Running these subcommands without arguments displays a usage string.
-
-copyright\_header.py report \<base\_directory\> [verbose]
----------------------------------------------------------
-
-Produces a report of all copyright header notices found inside the source files
-of a repository. Useful to quickly visualize the state of the headers.
-Specifying `verbose` will list the full filenames of files of each category.
-
-copyright\_header.py update \<base\_directory\> [verbose]
----------------------------------------------------------
-Updates all the copyright headers of `The Bitcoin Core developers` which were
-changed in a year more recent than is listed. For example:
-```
-// Copyright (c) <firstYear>-<lastYear> The Bitcoin Core developers
-```
-will be updated to:
-```
-// Copyright (c) <firstYear>-<lastModifiedYear> The Bitcoin Core developers
-```
-where `<lastModifiedYear>` is obtained from the `git log` history.
-
-This subcommand also handles copyright headers that have only a single year. In
-those cases:
-```
-// Copyright (c) <year> The Bitcoin Core developers
-```
-will be updated to:
-```
-// Copyright (c) <year>-<lastModifiedYear> The Bitcoin Core developers
-```
-where the update is appropriate.
-
-copyright\_header.py insert \<file\>
-------------------------------------
-Inserts a copyright header for `The Bitcoin Core developers` at the top of the
-file in either Python or C++ style as determined by the file extension. If the
-file is a Python file and it has  `#!` starting the first line, the header is
-inserted in the line below it.
-
-The copyright dates will be set to be `<year_introduced>-<current_year>` where
-`<year_introduced>` is according to the `git log` history. If
-`<year_introduced>` is equal to `<current_year>`, it will be set as a single
-year rather than two hyphenated years.
-
-If the file already has a copyright for `The Bitcoin Core developers`, the
-script will exit.
-
 gen-manpages.py
 ===============
 
@@ -113,7 +78,7 @@ BUILDDIR=$PWD/my-build-dir contrib/devtools/gen-manpages.py
 headerssync-params.py
 =====================
 
-A script to generate optimal parameters for the headerssync module (src/headerssync.cpp). It takes no command-line
+A script to generate optimal parameters for the headerssync module (stored in src/kernel/chainparams.cpp). It takes no command-line
 options, as all its configuration is set at the top of the file. It runs many times faster inside PyPy. Invocation:
 
 ```bash
@@ -135,35 +100,6 @@ For example:
 BUILDDIR=$PWD/my-build-dir contrib/devtools/gen-bitcoin-conf.sh
 ```
 
-security-check.py
-=================
-
-Perform basic security checks on a series of executables.
-
-symbol-check.py
-===============
-
-A script to check that release executables only contain
-certain symbols and are only linked against allowed libraries.
-
-For Linux this means checking for allowed gcc, glibc and libstdc++ version symbols.
-This makes sure they are still compatible with the minimum supported distribution versions.
-
-For macOS and Windows we check that the executables are only linked against libraries we allow.
-
-Example usage:
-
-    find ../path/to/executables -type f -executable | xargs python3 contrib/devtools/symbol-check.py
-
-If no errors occur the return value will be 0 and the output will be empty.
-
-If there are any errors the return value will be 1 and output like this will be printed:
-
-    .../64/test_bitcoin: symbol memcpy from unsupported version GLIBC_2.14
-    .../64/test_bitcoin: symbol __fdelt_chk from unsupported version GLIBC_2.15
-    .../64/test_bitcoin: symbol std::out_of_range::~out_of_range() from unsupported version GLIBCXX_3.4.15
-    .../64/test_bitcoin: symbol _ZNSt8__detail15_List_nod from unsupported version GLIBCXX_3.4.15
-
 circular-dependencies.py
 ========================
 

contrib/devtools/check-deps.sh

@@ -41,9 +41,6 @@ ALLOWED_DEPENDENCIES+=(
 
 # Declare list of known errors that should be suppressed.
 declare -A SUPPRESS
-# init.cpp file currently calls Berkeley DB sanity check function on startup, so
-# there is an undocumented dependency of the node library on the wallet library.
-SUPPRESS["init.cpp.o bdb.cpp.o _ZN6wallet27BerkeleyDatabaseSanityCheckEv"]=1
 # init/common.cpp file calls InitError and InitWarning from interface_ui which
 # is currently part of the node library. interface_ui should just be part of the
 # common library instead, and is moved in

contrib/devtools/circular-dependencies.py

@@ -1,16 +1,11 @@
 #!/usr/bin/env python3
-# Copyright (c) 2018-2020 The Bitcoin Core developers
+# Copyright (c) 2018-present The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 import sys
 import re
 
-MAPPING = {
-    'core_read.cpp': 'core_io.cpp',
-    'core_write.cpp': 'core_io.cpp',
-}
-
 # Directories with header-based modules, where the assumption that .cpp files
 # define functions and variables declared in corresponding .h files is
 # incorrect.
@@ -19,8 +14,6 @@ HEADER_MODULE_PATHS = [
 ]
 
 def module_name(path):
-    if path in MAPPING:
-        path = MAPPING[path]
     if any(path.startswith(dirpath) for dirpath in HEADER_MODULE_PATHS):
         return path
     if path.endswith(".h"):
@@ -49,7 +42,7 @@ for arg in sys.argv[1:]:
 # TODO: implement support for multiple include directories
 for arg in sorted(files.keys()):
     module = files[arg]
-    with open(arg, 'r', encoding="utf8") as f:
+    with open(arg, 'r') as f:
         for line in f:
             match = RE.match(line)
             if match:

contrib/devtools/clang-format-diff.py

@@ -169,7 +169,7 @@ def main():
             sys.exit(p.returncode)
 
         if not args.i:
-            with open(filename, encoding="utf8") as f:
+            with open(filename) as f:
                 code = f.readlines()
             formatted_code = StringIO(stdout).readlines()
             diff = difflib.unified_diff(

contrib/devtools/copyright_header.py

@@ -1,603 +0,0 @@
-#!/usr/bin/env python3
-# Copyright (c) 2016-2022 The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-
-import re
-import fnmatch
-import sys
-import subprocess
-import datetime
-import os
-
-################################################################################
-# file filtering
-################################################################################
-
-EXCLUDE = [
-    # auto generated:
-    'src/qt/bitcoinstrings.cpp',
-    'src/chainparamsseeds.h',
-    # other external copyrights:
-    'src/test/fuzz/FuzzedDataProvider.h',
-    'src/tinyformat.h',
-    'src/bench/nanobench.h',
-    'test/functional/test_framework/bignum.py',
-    # python init:
-    '*__init__.py',
-]
-EXCLUDE_COMPILED = re.compile('|'.join([fnmatch.translate(m) for m in EXCLUDE]))
-
-EXCLUDE_DIRS = [
-    # git subtrees
-    "src/crypto/ctaes/",
-    "src/leveldb/",
-    "src/minisketch",
-    "src/secp256k1/",
-    "src/crc32c/",
-]
-
-INCLUDE = ['*.h', '*.cpp', '*.cc', '*.c', '*.mm', '*.py', '*.sh', '*.bash-completion']
-INCLUDE_COMPILED = re.compile('|'.join([fnmatch.translate(m) for m in INCLUDE]))
-
-def applies_to_file(filename):
-    for excluded_dir in EXCLUDE_DIRS:
-        if filename.startswith(excluded_dir):
-            return False
-    return ((EXCLUDE_COMPILED.match(filename) is None) and
-            (INCLUDE_COMPILED.match(filename) is not None))
-
-################################################################################
-# obtain list of files in repo according to INCLUDE and EXCLUDE
-################################################################################
-
-GIT_LS_CMD = 'git ls-files --full-name'.split(' ')
-GIT_TOPLEVEL_CMD = 'git rev-parse --show-toplevel'.split(' ')
-
-def call_git_ls(base_directory):
-    out = subprocess.check_output([*GIT_LS_CMD, base_directory])
-    return [f for f in out.decode("utf-8").split('\n') if f != '']
-
-def call_git_toplevel():
-    "Returns the absolute path to the project root"
-    return subprocess.check_output(GIT_TOPLEVEL_CMD).strip().decode("utf-8")
-
-def get_filenames_to_examine(base_directory):
-    "Returns an array of absolute paths to any project files in the base_directory that pass the include/exclude filters"
-    root = call_git_toplevel()
-    filenames = call_git_ls(base_directory)
-    return sorted([os.path.join(root, filename) for filename in filenames if
-                   applies_to_file(filename)])
-
-################################################################################
-# define and compile regexes for the patterns we are looking for
-################################################################################
-
-
-COPYRIGHT_WITH_C = r'Copyright \(c\)'
-COPYRIGHT_WITHOUT_C = 'Copyright'
-ANY_COPYRIGHT_STYLE = '(%s|%s)' % (COPYRIGHT_WITH_C, COPYRIGHT_WITHOUT_C)
-
-YEAR = "20[0-9][0-9]"
-YEAR_RANGE = '(%s)(-%s)?' % (YEAR, YEAR)
-YEAR_LIST = '(%s)(, %s)+' % (YEAR, YEAR)
-ANY_YEAR_STYLE = '(%s|%s)' % (YEAR_RANGE, YEAR_LIST)
-ANY_COPYRIGHT_STYLE_OR_YEAR_STYLE = ("%s %s" % (ANY_COPYRIGHT_STYLE,
-                                                ANY_YEAR_STYLE))
-
-ANY_COPYRIGHT_COMPILED = re.compile(ANY_COPYRIGHT_STYLE_OR_YEAR_STYLE)
-
-def compile_copyright_regex(copyright_style, year_style, name):
-    return re.compile(r'%s %s,? %s( +\*)?\n' % (copyright_style, year_style, name))
-
-EXPECTED_HOLDER_NAMES = [
-    r"Satoshi Nakamoto",
-    r"The Bitcoin Core developers",
-    r"BitPay Inc\.",
-    r"University of Illinois at Urbana-Champaign\.",
-    r"Pieter Wuille",
-    r"Wladimir J\. van der Laan",
-    r"Jeff Garzik",
-    r"Jan-Klaas Kollhof",
-    r"ArtForz -- public domain half-a-node",
-    r"Intel Corporation ?",
-    r"The Zcash developers",
-    r"Jeremy Rubin",
-]
-
-DOMINANT_STYLE_COMPILED = {}
-YEAR_LIST_STYLE_COMPILED = {}
-WITHOUT_C_STYLE_COMPILED = {}
-
-for holder_name in EXPECTED_HOLDER_NAMES:
-    DOMINANT_STYLE_COMPILED[holder_name] = (
-        compile_copyright_regex(COPYRIGHT_WITH_C, YEAR_RANGE, holder_name))
-    YEAR_LIST_STYLE_COMPILED[holder_name] = (
-        compile_copyright_regex(COPYRIGHT_WITH_C, YEAR_LIST, holder_name))
-    WITHOUT_C_STYLE_COMPILED[holder_name] = (
-        compile_copyright_regex(COPYRIGHT_WITHOUT_C, ANY_YEAR_STYLE,
-                                holder_name))
-
-################################################################################
-# search file contents for copyright message of particular category
-################################################################################
-
-def get_count_of_copyrights_of_any_style_any_holder(contents):
-    return len(ANY_COPYRIGHT_COMPILED.findall(contents))
-
-def file_has_dominant_style_copyright_for_holder(contents, holder_name):
-    match = DOMINANT_STYLE_COMPILED[holder_name].search(contents)
-    return match is not None
-
-def file_has_year_list_style_copyright_for_holder(contents, holder_name):
-    match = YEAR_LIST_STYLE_COMPILED[holder_name].search(contents)
-    return match is not None
-
-def file_has_without_c_style_copyright_for_holder(contents, holder_name):
-    match = WITHOUT_C_STYLE_COMPILED[holder_name].search(contents)
-    return match is not None
-
-################################################################################
-# get file info
-################################################################################
-
-def read_file(filename):
-    return open(filename, 'r', encoding="utf8").read()
-
-def gather_file_info(filename):
-    info = {}
-    info['filename'] = filename
-    c = read_file(filename)
-    info['contents'] = c
-
-    info['all_copyrights'] = get_count_of_copyrights_of_any_style_any_holder(c)
-
-    info['classified_copyrights'] = 0
-    info['dominant_style'] = {}
-    info['year_list_style'] = {}
-    info['without_c_style'] = {}
-    for holder_name in EXPECTED_HOLDER_NAMES:
-        has_dominant_style = (
-            file_has_dominant_style_copyright_for_holder(c, holder_name))
-        has_year_list_style = (
-            file_has_year_list_style_copyright_for_holder(c, holder_name))
-        has_without_c_style = (
-            file_has_without_c_style_copyright_for_holder(c, holder_name))
-        info['dominant_style'][holder_name] = has_dominant_style
-        info['year_list_style'][holder_name] = has_year_list_style
-        info['without_c_style'][holder_name] = has_without_c_style
-        if has_dominant_style or has_year_list_style or has_without_c_style:
-            info['classified_copyrights'] = info['classified_copyrights'] + 1
-    return info
-
-################################################################################
-# report execution
-################################################################################
-
-SEPARATOR = '-'.join(['' for _ in range(80)])
-
-def print_filenames(filenames, verbose):
-    if not verbose:
-        return
-    for filename in filenames:
-        print("\t%s" % filename)
-
-def print_report(file_infos, verbose):
-    print(SEPARATOR)
-    examined = [i['filename'] for i in file_infos]
-    print("%d files examined according to INCLUDE and EXCLUDE fnmatch rules" %
-          len(examined))
-    print_filenames(examined, verbose)
-
-    print(SEPARATOR)
-    print('')
-    zero_copyrights = [i['filename'] for i in file_infos if
-                       i['all_copyrights'] == 0]
-    print("%4d with zero copyrights" % len(zero_copyrights))
-    print_filenames(zero_copyrights, verbose)
-    one_copyright = [i['filename'] for i in file_infos if
-                     i['all_copyrights'] == 1]
-    print("%4d with one copyright" % len(one_copyright))
-    print_filenames(one_copyright, verbose)
-    two_copyrights = [i['filename'] for i in file_infos if
-                      i['all_copyrights'] == 2]
-    print("%4d with two copyrights" % len(two_copyrights))
-    print_filenames(two_copyrights, verbose)
-    three_copyrights = [i['filename'] for i in file_infos if
-                        i['all_copyrights'] == 3]
-    print("%4d with three copyrights" % len(three_copyrights))
-    print_filenames(three_copyrights, verbose)
-    four_or_more_copyrights = [i['filename'] for i in file_infos if
-                               i['all_copyrights'] >= 4]
-    print("%4d with four or more copyrights" % len(four_or_more_copyrights))
-    print_filenames(four_or_more_copyrights, verbose)
-    print('')
-    print(SEPARATOR)
-    print('Copyrights with dominant style:\ne.g. "Copyright (c)" and '
-          '"<year>" or "<startYear>-<endYear>":\n')
-    for holder_name in EXPECTED_HOLDER_NAMES:
-        dominant_style = [i['filename'] for i in file_infos if
-                          i['dominant_style'][holder_name]]
-        if len(dominant_style) > 0:
-            print("%4d with '%s'" % (len(dominant_style),
-                                     holder_name.replace('\n', '\\n')))
-            print_filenames(dominant_style, verbose)
-    print('')
-    print(SEPARATOR)
-    print('Copyrights with year list style:\ne.g. "Copyright (c)" and '
-          '"<year1>, <year2>, ...":\n')
-    for holder_name in EXPECTED_HOLDER_NAMES:
-        year_list_style = [i['filename'] for i in file_infos if
-                           i['year_list_style'][holder_name]]
-        if len(year_list_style) > 0:
-            print("%4d with '%s'" % (len(year_list_style),
-                                     holder_name.replace('\n', '\\n')))
-            print_filenames(year_list_style, verbose)
-    print('')
-    print(SEPARATOR)
-    print('Copyrights with no "(c)" style:\ne.g. "Copyright" and "<year>" or '
-          '"<startYear>-<endYear>":\n')
-    for holder_name in EXPECTED_HOLDER_NAMES:
-        without_c_style = [i['filename'] for i in file_infos if
-                           i['without_c_style'][holder_name]]
-        if len(without_c_style) > 0:
-            print("%4d with '%s'" % (len(without_c_style),
-                                     holder_name.replace('\n', '\\n')))
-            print_filenames(without_c_style, verbose)
-
-    print('')
-    print(SEPARATOR)
-
-    unclassified_copyrights = [i['filename'] for i in file_infos if
-                               i['classified_copyrights'] < i['all_copyrights']]
-    print("%d with unexpected copyright holder names" %
-          len(unclassified_copyrights))
-    print_filenames(unclassified_copyrights, verbose)
-    print(SEPARATOR)
-
-def exec_report(base_directory, verbose):
-    filenames = get_filenames_to_examine(base_directory)
-    file_infos = [gather_file_info(f) for f in filenames]
-    print_report(file_infos, verbose)
-
-################################################################################
-# report cmd
-################################################################################
-
-REPORT_USAGE = """
-Produces a report of all copyright header notices found inside the source files
-of a repository.
-
-Usage:
-    $ ./copyright_header.py report <base_directory> [verbose]
-
-Arguments:
-    <base_directory> - The base directory of a bitcoin source code repository.
-    [verbose] - Includes a list of every file of each subcategory in the report.
-"""
-
-def report_cmd(argv):
-    if len(argv) == 2:
-        sys.exit(REPORT_USAGE)
-
-    base_directory = argv[2]
-    if not os.path.exists(base_directory):
-        sys.exit("*** bad <base_directory>: %s" % base_directory)
-
-    if len(argv) == 3:
-        verbose = False
-    elif argv[3] == 'verbose':
-        verbose = True
-    else:
-        sys.exit("*** unknown argument: %s" % argv[2])
-
-    exec_report(base_directory, verbose)
-
-################################################################################
-# query git for year of last change
-################################################################################
-
-GIT_LOG_CMD = "git log --pretty=format:%%ai %s"
-
-def call_git_log(filename):
-    out = subprocess.check_output((GIT_LOG_CMD % filename).split(' '))
-    return out.decode("utf-8").split('\n')
-
-def get_git_change_years(filename):
-    git_log_lines = call_git_log(filename)
-    if len(git_log_lines) == 0:
-        return [datetime.date.today().year]
-    # timestamp is in ISO 8601 format. e.g. "2016-09-05 14:25:32 -0600"
-    return [line.split(' ')[0].split('-')[0] for line in git_log_lines]
-
-def get_most_recent_git_change_year(filename):
-    return max(get_git_change_years(filename))
-
-################################################################################
-# read and write to file
-################################################################################
-
-def read_file_lines(filename):
-    with open(filename, 'r', encoding="utf8") as f:
-        file_lines = f.readlines()
-    return file_lines
-
-def write_file_lines(filename, file_lines):
-    with open(filename, 'w', encoding="utf8") as f:
-        f.write(''.join(file_lines))
-
-################################################################################
-# update header years execution
-################################################################################
-
-COPYRIGHT = r'Copyright \(c\)'
-YEAR = "20[0-9][0-9]"
-YEAR_RANGE = '(%s)(-%s)?' % (YEAR, YEAR)
-HOLDER = 'The Bitcoin Core developers'
-UPDATEABLE_LINE_COMPILED = re.compile(' '.join([COPYRIGHT, YEAR_RANGE, HOLDER]))
-
-def get_updatable_copyright_line(file_lines):
-    index = 0
-    for line in file_lines:
-        if UPDATEABLE_LINE_COMPILED.search(line) is not None:
-            return index, line
-        index = index + 1
-    return None, None
-
-def parse_year_range(year_range):
-    year_split = year_range.split('-')
-    start_year = year_split[0]
-    if len(year_split) == 1:
-        return start_year, start_year
-    return start_year, year_split[1]
-
-def year_range_to_str(start_year, end_year):
-    if start_year == end_year:
-        return start_year
-    return "%s-%s" % (start_year, end_year)
-
-def create_updated_copyright_line(line, last_git_change_year):
-    copyright_splitter = 'Copyright (c) '
-    copyright_split = line.split(copyright_splitter)
-    # Preserve characters on line that are ahead of the start of the copyright
-    # notice - they are part of the comment block and vary from file-to-file.
-    before_copyright = copyright_split[0]
-    after_copyright = copyright_split[1]
-
-    space_split = after_copyright.split(' ')
-    year_range = space_split[0]
-    start_year, end_year = parse_year_range(year_range)
-    if end_year >= last_git_change_year:
-        return line
-    return (before_copyright + copyright_splitter +
-            year_range_to_str(start_year, last_git_change_year) + ' ' +
-            ' '.join(space_split[1:]))
-
-def update_updatable_copyright(filename):
-    file_lines = read_file_lines(filename)
-    index, line = get_updatable_copyright_line(file_lines)
-    if not line:
-        print_file_action_message(filename, "No updatable copyright.")
-        return
-    last_git_change_year = get_most_recent_git_change_year(filename)
-    new_line = create_updated_copyright_line(line, last_git_change_year)
-    if line == new_line:
-        print_file_action_message(filename, "Copyright up-to-date.")
-        return
-    file_lines[index] = new_line
-    write_file_lines(filename, file_lines)
-    print_file_action_message(filename,
-                              "Copyright updated! -> %s" % last_git_change_year)
-
-def exec_update_header_year(base_directory):
-    for filename in get_filenames_to_examine(base_directory):
-        update_updatable_copyright(filename)
-
-################################################################################
-# update cmd
-################################################################################
-
-UPDATE_USAGE = """
-Updates all the copyright headers of "The Bitcoin Core developers" which were
-changed in a year more recent than is listed. For example:
-
-// Copyright (c) <firstYear>-<lastYear> The Bitcoin Core developers
-
-will be updated to:
-
-// Copyright (c) <firstYear>-<lastModifiedYear> The Bitcoin Core developers
-
-where <lastModifiedYear> is obtained from the 'git log' history.
-
-This subcommand also handles copyright headers that have only a single year. In those cases:
-
-// Copyright (c) <year> The Bitcoin Core developers
-
-will be updated to:
-
-// Copyright (c) <year>-<lastModifiedYear> The Bitcoin Core developers
-
-where the update is appropriate.
-
-Usage:
-    $ ./copyright_header.py update <base_directory>
-
-Arguments:
-    <base_directory> - The base directory of a bitcoin source code repository.
-"""
-
-def print_file_action_message(filename, action):
-    print("%-52s %s" % (filename, action))
-
-def update_cmd(argv):
-    if len(argv) != 3:
-        sys.exit(UPDATE_USAGE)
-
-    base_directory = argv[2]
-    if not os.path.exists(base_directory):
-        sys.exit("*** bad base_directory: %s" % base_directory)
-    exec_update_header_year(base_directory)
-
-################################################################################
-# inserted copyright header format
-################################################################################
-
-def get_header_lines(header, start_year, end_year):
-    lines = header.split('\n')[1:-1]
-    lines[0] = lines[0] % year_range_to_str(start_year, end_year)
-    return [line + '\n' for line in lines]
-
-CPP_HEADER = '''
-// Copyright (c) %s The Bitcoin Core developers
-// Distributed under the MIT software license, see the accompanying
-// file COPYING or http://www.opensource.org/licenses/mit-license.php.
-'''
-
-def get_cpp_header_lines_to_insert(start_year, end_year):
-    return reversed(get_header_lines(CPP_HEADER, start_year, end_year))
-
-SCRIPT_HEADER = '''
-# Copyright (c) %s The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-'''
-
-def get_script_header_lines_to_insert(start_year, end_year):
-    return reversed(get_header_lines(SCRIPT_HEADER, start_year, end_year))
-
-################################################################################
-# query git for year of last change
-################################################################################
-
-def get_git_change_year_range(filename):
-    years = get_git_change_years(filename)
-    return min(years), max(years)
-
-################################################################################
-# check for existing core copyright
-################################################################################
-
-def file_already_has_core_copyright(file_lines):
-    index, _ = get_updatable_copyright_line(file_lines)
-    return index is not None
-
-################################################################################
-# insert header execution
-################################################################################
-
-def file_has_hashbang(file_lines):
-    if len(file_lines) < 1:
-        return False
-    if len(file_lines[0]) <= 2:
-        return False
-    return file_lines[0][:2] == '#!'
-
-def insert_script_header(filename, file_lines, start_year, end_year):
-    if file_has_hashbang(file_lines):
-        insert_idx = 1
-    else:
-        insert_idx = 0
-    header_lines = get_script_header_lines_to_insert(start_year, end_year)
-    for line in header_lines:
-        file_lines.insert(insert_idx, line)
-    write_file_lines(filename, file_lines)
-
-def insert_cpp_header(filename, file_lines, start_year, end_year):
-    file_lines.insert(0, '\n')
-    header_lines = get_cpp_header_lines_to_insert(start_year, end_year)
-    for line in header_lines:
-        file_lines.insert(0, line)
-    write_file_lines(filename, file_lines)
-
-def exec_insert_header(filename, style):
-    file_lines = read_file_lines(filename)
-    if file_already_has_core_copyright(file_lines):
-        sys.exit('*** %s already has a copyright by The Bitcoin Core developers'
-                 % (filename))
-    start_year, end_year = get_git_change_year_range(filename)
-    if style in ['python', 'shell']:
-        insert_script_header(filename, file_lines, start_year, end_year)
-    else:
-        insert_cpp_header(filename, file_lines, start_year, end_year)
-
-################################################################################
-# insert cmd
-################################################################################
-
-INSERT_USAGE = """
-Inserts a copyright header for "The Bitcoin Core developers" at the top of the
-file in either Python or C++ style as determined by the file extension. If the
-file is a Python file and it has a '#!' starting the first line, the header is
-inserted in the line below it.
-
-The copyright dates will be set to be:
-
-"<year_introduced>-<current_year>"
-
-where <year_introduced> is according to the 'git log' history. If
-<year_introduced> is equal to <current_year>, the date will be set to be:
-
-"<current_year>"
-
-If the file already has a copyright for "The Bitcoin Core developers", the
-script will exit.
-
-Usage:
-    $ ./copyright_header.py insert <file>
-
-Arguments:
-    <file> - A source file in the bitcoin repository.
-"""
-
-def insert_cmd(argv):
-    if len(argv) != 3:
-        sys.exit(INSERT_USAGE)
-
-    filename = argv[2]
-    if not os.path.isfile(filename):
-        sys.exit("*** bad filename: %s" % filename)
-    _, extension = os.path.splitext(filename)
-    if extension not in ['.h', '.cpp', '.cc', '.c', '.py', '.sh']:
-        sys.exit("*** cannot insert for file extension %s" % extension)
-
-    if extension == '.py':
-        style = 'python'
-    elif extension == '.sh':
-        style = 'shell'
-    else:
-        style = 'cpp'
-    exec_insert_header(filename, style)
-
-################################################################################
-# UI
-################################################################################
-
-USAGE = """
-copyright_header.py - utilities for managing copyright headers of 'The Bitcoin
-Core developers' in repository source files.
-
-Usage:
-    $ ./copyright_header <subcommand>
-
-Subcommands:
-    report
-    update
-    insert
-
-To see subcommand usage, run them without arguments.
-"""
-
-SUBCOMMANDS = ['report', 'update', 'insert']
-
-if __name__ == "__main__":
-    if len(sys.argv) == 1:
-        sys.exit(USAGE)
-    subcommand = sys.argv[1]
-    if subcommand not in SUBCOMMANDS:
-        sys.exit(USAGE)
-    if subcommand == 'report':
-        report_cmd(sys.argv)
-    elif subcommand == 'update':
-        update_cmd(sys.argv)
-    elif subcommand == 'insert':
-        insert_cmd(sys.argv)

contrib/devtools/deterministic-fuzz-coverage/Cargo.lock

@@ -0,0 +1,7 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 4
+
+[[package]]
+name = "deterministic-fuzz-coverage"
+version = "0.1.0"

contrib/devtools/deterministic-fuzz-coverage/src/main.rs

@@ -2,89 +2,102 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or https://opensource.org/license/mit/.
 
+use std::collections::VecDeque;
 use std::env;
-use std::fs::{read_dir, File};
-use std::path::Path;
-use std::process::{exit, Command, Stdio};
+use std::fs::{read_dir, DirEntry, File};
+use std::path::{Path, PathBuf};
+use std::process::{Command, ExitCode};
 use std::str;
+use std::thread;
+
+/// A type for a complete and readable error message.
+type AppError = String;
+type AppResult = Result<(), AppError>;
 
 const LLVM_PROFDATA: &str = "llvm-profdata";
 const LLVM_COV: &str = "llvm-cov";
-const DIFF: &str = "diff";
+const GIT: &str = "git";
 
-fn exit_help(err: &str) -> ! {
-    eprintln!("Error: {}", err);
-    eprintln!();
-    eprintln!("Usage: program ./build_dir ./qa-assets-corpora-dir fuzz_target");
-    eprintln!();
-    eprintln!("Refer to the devtools/README.md for more details.");
-    exit(1)
+const DEFAULT_PAR: usize = 1;
+
+fn exit_help(err: &str) -> AppError {
+    format!(
+        r#"
+Error: {err}
+
+Usage: program ./build_dir ./qa-assets/fuzz_corpora fuzz_target_name [parallelism={DEFAULT_PAR}]
+
+Refer to the devtools/README.md for more details."#
+    )
 }
 
-fn sanity_check(corpora_dir: &Path, fuzz_exe: &Path) {
-    for tool in [LLVM_PROFDATA, LLVM_COV, DIFF] {
-        let output = Command::new(tool).arg("--version").output();
+fn sanity_check(corpora_dir: &Path, fuzz_exe: &Path) -> AppResult {
+    for tool in [LLVM_PROFDATA, LLVM_COV, GIT] {
+        let output = Command::new(tool).arg("--help").output();
         match output {
             Ok(output) if output.status.success() => {}
-            _ => {
-                exit_help(&format!("The tool {} is not installed", tool));
-            }
+            _ => Err(exit_help(&format!("The tool {tool} is not installed")))?,
         }
     }
     if !corpora_dir.is_dir() {
-        exit_help(&format!(
+        Err(exit_help(&format!(
             "Fuzz corpora path ({}) must be a directory",
             corpora_dir.display()
-        ));
+        )))?;
     }
     if !fuzz_exe.exists() {
-        exit_help(&format!(
+        Err(exit_help(&format!(
             "Fuzz executable ({}) not found",
             fuzz_exe.display()
-        ));
+        )))?;
     }
+    Ok(())
 }
 
-fn main() {
+fn app() -> AppResult {
     // Parse args
     let args = env::args().collect::<Vec<_>>();
-    let build_dir = args
-        .get(1)
-        .unwrap_or_else(|| exit_help("Must set build dir"));
+    let build_dir = args.get(1).ok_or(exit_help("Must set build dir"))?;
     if build_dir == "--help" {
-        exit_help("--help requested")
+        Err(exit_help("--help requested"))?;
     }
-    let corpora_dir = args
-        .get(2)
-        .unwrap_or_else(|| exit_help("Must set fuzz corpora dir"));
+    let corpora_dir = args.get(2).ok_or(exit_help("Must set fuzz corpora dir"))?;
     let fuzz_target = args
         .get(3)
         // Require fuzz target for now. In the future it could be optional and the tool could
         // iterate over all compiled fuzz targets
-        .unwrap_or_else(|| exit_help("Must set fuzz target"));
-    if args.get(4).is_some() {
-        exit_help("Too many args")
+        .ok_or(exit_help("Must set fuzz target"))?;
+    let par = match args.get(4) {
+        Some(s) => s
+            .parse::<usize>()
+            .map_err(|e| exit_help(&format!("Could not parse parallelism as usize ({s}): {e}")))?,
+        None => DEFAULT_PAR,
+    }
+    .max(1);
+    if args.get(5).is_some() {
+        Err(exit_help("Too many args"))?;
     }
 
     let build_dir = Path::new(build_dir);
     let corpora_dir = Path::new(corpora_dir);
-    let fuzz_exe = build_dir.join("src/test/fuzz/fuzz");
+    let fuzz_exe = build_dir.join("bin/fuzz");
 
-    sanity_check(corpora_dir, &fuzz_exe);
+    sanity_check(corpora_dir, &fuzz_exe)?;
 
-    deterministic_coverage(build_dir, corpora_dir, &fuzz_exe, fuzz_target);
+    deterministic_coverage(build_dir, corpora_dir, &fuzz_exe, fuzz_target, par)
 }
 
-fn using_libfuzzer(fuzz_exe: &Path) -> bool {
+fn using_libfuzzer(fuzz_exe: &Path) -> Result<bool, AppError> {
     println!("Check if using libFuzzer ...");
     let stderr = Command::new(fuzz_exe)
         .arg("-help=1") // Will be interpreted as option (libfuzzer) or as input file
         .env("FUZZ", "addition_overflow") // Any valid target
         .output()
-        .expect("fuzz failed")
+        .map_err(|e| format!("fuzz failed with {e}"))?
         .stderr;
-    let help_output = str::from_utf8(&stderr).expect("The -help=1 output must be valid text");
-    help_output.contains("libFuzzer")
+    let help_output = str::from_utf8(&stderr)
+        .map_err(|e| format!("The libFuzzer -help=1 output must be valid text ({e})"))?;
+    Ok(help_output.contains("libFuzzer"))
 }
 
 fn deterministic_coverage(
@@ -92,115 +105,177 @@ fn deterministic_coverage(
     corpora_dir: &Path,
     fuzz_exe: &Path,
     fuzz_target: &str,
-) {
-    let using_libfuzzer = using_libfuzzer(fuzz_exe);
-    let profraw_file = build_dir.join("fuzz_det_cov.profraw");
-    let profdata_file = build_dir.join("fuzz_det_cov.profdata");
+    par: usize,
+) -> AppResult {
+    let using_libfuzzer = using_libfuzzer(fuzz_exe)?;
+    if using_libfuzzer {
+        println!("Warning: The fuzz executable was compiled with libFuzzer as sanitizer.");
+        println!("This tool may be tripped by libFuzzer misbehavior.");
+        println!("It is recommended to compile without libFuzzer.");
+    }
     let corpus_dir = corpora_dir.join(fuzz_target);
     let mut entries = read_dir(&corpus_dir)
-        .unwrap_or_else(|err| {
+        .map_err(|err| {
             exit_help(&format!(
                 "The fuzz target's input directory must exist! ({}; {})",
                 corpus_dir.display(),
                 err
             ))
-        })
+        })?
         .map(|entry| entry.expect("IO error"))
         .collect::<Vec<_>>();
     entries.sort_by_key(|entry| entry.file_name());
-    let run_single = |run_id: u8, entry: &Path| {
-        let cov_txt_path = build_dir.join(format!("fuzz_det_cov.show.{run_id}.txt"));
-        assert!({
-            {
+    let run_single = |run_id: char, entry: &Path, thread_id: usize| -> Result<PathBuf, AppError> {
+        let cov_txt_path = build_dir.join(format!("fuzz_det_cov.show.t{thread_id}.{run_id}.txt"));
+        let profraw_file = build_dir.join(format!("fuzz_det_cov.t{thread_id}.{run_id}.profraw"));
+        let profdata_file = build_dir.join(format!("fuzz_det_cov.t{thread_id}.{run_id}.profdata"));
+        {
+            let output = {
                 let mut cmd = Command::new(fuzz_exe);
                 if using_libfuzzer {
-                    cmd.arg("-runs=1");
+                    cmd.args(["-runs=1", "-shuffle=1", "-prefer_small=0"]);
                 }
                 cmd
             }
             .env("LLVM_PROFILE_FILE", &profraw_file)
             .env("FUZZ", fuzz_target)
             .arg(entry)
-            .status()
-            .expect("fuzz failed")
-            .success()
-        });
-        assert!(Command::new(LLVM_PROFDATA)
+            .output()
+            .map_err(|e| format!("fuzz failed: {e}"))?;
+            if !output.status.success() {
+                Err(format!(
+                    "fuzz failed!\nstdout:\n{}\nstderr:\n{}\n",
+                    String::from_utf8_lossy(&output.stdout),
+                    String::from_utf8_lossy(&output.stderr)
+                ))?;
+            }
+        }
+        if !Command::new(LLVM_PROFDATA)
             .arg("merge")
             .arg("--sparse")
             .arg(&profraw_file)
             .arg("-o")
             .arg(&profdata_file)
             .status()
-            .expect("merge failed")
-            .success());
-        let cov_file = File::create(&cov_txt_path).expect("Failed to create coverage txt file");
-        let passed = Command::new(LLVM_COV)
+            .map_err(|e| format!("{LLVM_PROFDATA} merge failed with {e}"))?
+            .success()
+        {
+            Err(format!("{LLVM_PROFDATA} merge failed. This can be a sign of compiling without code coverage support."))?;
+        }
+        let cov_file = File::create(&cov_txt_path)
+            .map_err(|e| format!("Failed to create coverage txt file ({e})"))?;
+        if !Command::new(LLVM_COV)
             .args([
                 "show",
                 "--show-line-counts-or-regions",
                 "--show-branches=count",
                 "--show-expansions",
+                "--show-instantiation-summary",
+                "-Xdemangler=llvm-cxxfilt",
                 &format!("--instr-profile={}", profdata_file.display()),
             ])
             .arg(fuzz_exe)
-            .stdout(Stdio::from(cov_file))
+            .stdout(cov_file)
             .spawn()
-            .expect("Failed to execute llvm-cov")
+            .map_err(|e| format!("{LLVM_COV} show failed with {e}"))?
             .wait()
-            .expect("Failed to execute llvm-cov")
-            .success();
-        if !passed {
-            panic!("Failed to execute llvm-profdata")
-        }
-        cov_txt_path
+            .map_err(|e| format!("{LLVM_COV} show failed with {e}"))?
+            .success()
+        {
+            Err(format!("{LLVM_COV} show failed"))?;
+        };
+        Ok(cov_txt_path)
     };
-    let check_diff = |a: &Path, b: &Path, err: &str| {
-        let same = Command::new(DIFF)
-            .arg("--unified")
+    let check_diff = |a: &Path, b: &Path, err: &str| -> AppResult {
+        let same = Command::new(GIT)
+            .args(["--no-pager", "diff", "--no-index"])
             .arg(a)
             .arg(b)
             .status()
-            .expect("Failed to execute diff command")
+            .map_err(|e| format!("{GIT} diff failed with {e}"))?
             .success();
         if !same {
-            eprintln!();
-            eprintln!("The coverage was not determinstic between runs.");
-            eprintln!("{}", err);
-            eprintln!("Exiting.");
-            exit(1);
+            Err(format!(
+                r#"
+The coverage was not deterministic between runs.
+{err}"#
+            ))?;
         }
+        Ok(())
     };
-    // First, check that each fuzz input is determinisic running by itself in a process.
+    // First, check that each fuzz input is deterministic running by itself in a process.
     //
     // This can catch issues and isolate where a single fuzz input triggers non-determinism, but
     // all other fuzz inputs are deterministic.
     //
     // Also, This can catch issues where several fuzz inputs are non-deterministic, but the sum of
     // their overall coverage trace remains the same across runs and thus remains undetected.
-    for entry in entries {
+    println!(
+        "Check each fuzz input individually ... ({} inputs with parallelism {par})",
+        entries.len()
+    );
+    let check_individual = |entry: &DirEntry, thread_id: usize| -> AppResult {
         let entry = entry.path();
-        assert!(entry.is_file());
-        let cov_txt_base = run_single(0, &entry);
-        let cov_txt_repeat = run_single(1, &entry);
+        if !entry.is_file() {
+            Err(format!("{} should be a file", entry.display()))?;
+        }
+        let cov_txt_base = run_single('a', &entry, thread_id)?;
+        let cov_txt_repeat = run_single('b', &entry, thread_id)?;
         check_diff(
             &cov_txt_base,
             &cov_txt_repeat,
             &format!("The fuzz target input was {}.", entry.display()),
-        );
-    }
+        )?;
+        Ok(())
+    };
+    thread::scope(|s| -> AppResult {
+        let mut handles = VecDeque::with_capacity(par);
+        let mut res = Ok(());
+        for (i, entry) in entries.iter().enumerate() {
+            println!("[{}/{}]", i + 1, entries.len());
+            handles.push_back(s.spawn(move || check_individual(entry, i % par)));
+            while handles.len() >= par || i == (entries.len() - 1) || res.is_err() {
+                if let Some(th) = handles.pop_front() {
+                    let thread_result = match th.join() {
+                        Err(_e) => Err("A scoped thread panicked".to_string()),
+                        Ok(r) => r,
+                    };
+                    if thread_result.is_err() {
+                        res = thread_result;
+                    }
+                } else {
+                    return res;
+                }
+            }
+        }
+        res
+    })?;
     // Finally, check that running over all fuzz inputs in one process is deterministic as well.
     // This can catch issues where mutable global state is leaked from one fuzz input execution to
     // the next.
+    println!("Check all fuzz inputs in one go ...");
     {
-        assert!(corpus_dir.is_dir());
-        let cov_txt_base = run_single(0, &corpus_dir);
-        let cov_txt_repeat = run_single(1, &corpus_dir);
+        if !corpus_dir.is_dir() {
+            Err(format!("{} should be a folder", corpus_dir.display()))?;
+        }
+        let cov_txt_base = run_single('a', &corpus_dir, 0)?;
+        let cov_txt_repeat = run_single('b', &corpus_dir, 0)?;
         check_diff(
             &cov_txt_base,
             &cov_txt_repeat,
             &format!("All fuzz inputs in {} were used.", corpus_dir.display()),
-        );
+        )?;
+    }
+    println!("✨ Coverage test passed for {fuzz_target}. ✨");
+    Ok(())
+}
+
+fn main() -> ExitCode {
+    match app() {
+        Ok(()) => ExitCode::SUCCESS,
+        Err(err) => {
+            eprintln!("⚠️\n{err}");
+            ExitCode::FAILURE
+        }
     }
-    println!("Coverage test passed for {fuzz_target}.");
 }

contrib/devtools/deterministic-unittest-coverage/Cargo.lock

@@ -0,0 +1,7 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 4
+
+[[package]]
+name = "deterministic-unittest-coverage"
+version = "0.1.0"

contrib/devtools/deterministic-unittest-coverage/Cargo.toml

@@ -0,0 +1,6 @@
+[package]
+name = "deterministic-unittest-coverage"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]

contrib/devtools/deterministic-unittest-coverage/src/main.rs

@@ -0,0 +1,149 @@
+// Copyright (c) The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or https://opensource.org/license/mit/.
+
+use std::env;
+use std::fs::File;
+use std::path::{Path, PathBuf};
+use std::process::{Command, ExitCode};
+use std::str;
+
+/// A type for a complete and readable error message.
+type AppError = String;
+type AppResult = Result<(), AppError>;
+
+const LLVM_PROFDATA: &str = "llvm-profdata";
+const LLVM_COV: &str = "llvm-cov";
+const GIT: &str = "git";
+
+fn exit_help(err: &str) -> AppError {
+    format!(
+        r#"
+Error: {err}
+
+Usage: program ./build_dir boost_unittest_filter
+
+Refer to the devtools/README.md for more details."#
+    )
+}
+
+fn sanity_check(test_exe: &Path) -> AppResult {
+    for tool in [LLVM_PROFDATA, LLVM_COV, GIT] {
+        let output = Command::new(tool).arg("--help").output();
+        match output {
+            Ok(output) if output.status.success() => {}
+            _ => Err(exit_help(&format!("The tool {tool} is not installed")))?,
+        }
+    }
+    if !test_exe.exists() {
+        Err(exit_help(&format!(
+            "Test executable ({}) not found",
+            test_exe.display()
+        )))?;
+    }
+    Ok(())
+}
+
+fn app() -> AppResult {
+    // Parse args
+    let args = env::args().collect::<Vec<_>>();
+    let build_dir = args.get(1).ok_or(exit_help("Must set build dir"))?;
+    if build_dir == "--help" {
+        Err(exit_help("--help requested"))?;
+    }
+    let filter = args
+        .get(2)
+        // Require filter for now. In the future it could be optional and the tool could provide a
+        // default filter.
+        .ok_or(exit_help("Must set boost test filter"))?;
+    if args.get(3).is_some() {
+        Err(exit_help("Too many args"))?;
+    }
+
+    let build_dir = Path::new(build_dir);
+    let test_exe = build_dir.join("bin/test_bitcoin");
+
+    sanity_check(&test_exe)?;
+
+    deterministic_coverage(build_dir, &test_exe, filter)
+}
+
+fn deterministic_coverage(build_dir: &Path, test_exe: &Path, filter: &str) -> AppResult {
+    let profraw_file = build_dir.join("test_det_cov.profraw");
+    let profdata_file = build_dir.join("test_det_cov.profdata");
+    let run_single = |run_id: char| -> Result<PathBuf, AppError> {
+        println!("Run with id {run_id}");
+        let cov_txt_path = build_dir.join(format!("test_det_cov.show.{run_id}.txt"));
+        if !Command::new(test_exe)
+            .env("LLVM_PROFILE_FILE", &profraw_file)
+            .env("BOOST_TEST_RUN_FILTERS", filter)
+            .env("RANDOM_CTX_SEED", "21")
+            .status()
+            .map_err(|e| format!("test failed with {e}"))?
+            .success()
+        {
+            Err("test failed".to_string())?;
+        }
+        if !Command::new(LLVM_PROFDATA)
+            .arg("merge")
+            .arg("--sparse")
+            .arg(&profraw_file)
+            .arg("-o")
+            .arg(&profdata_file)
+            .status()
+            .map_err(|e| format!("{LLVM_PROFDATA} merge failed with {e}"))?
+            .success()
+        {
+            Err(format!("{LLVM_PROFDATA} merge failed. This can be a sign of compiling without code coverage support."))?;
+        }
+        let cov_file = File::create(&cov_txt_path)
+            .map_err(|e| format!("Failed to create coverage txt file ({e})"))?;
+        if !Command::new(LLVM_COV)
+            .args([
+                "show",
+                "--show-line-counts-or-regions",
+                "--show-branches=count",
+                "--show-expansions",
+                "--show-instantiation-summary",
+                "-Xdemangler=llvm-cxxfilt",
+                &format!("--instr-profile={}", profdata_file.display()),
+            ])
+            .arg(test_exe)
+            .stdout(cov_file)
+            .status()
+            .map_err(|e| format!("{LLVM_COV} show failed with {e}"))?
+            .success()
+        {
+            Err(format!("{LLVM_COV} show failed"))?;
+        }
+        Ok(cov_txt_path)
+    };
+    let check_diff = |a: &Path, b: &Path| -> AppResult {
+        let same = Command::new(GIT)
+            .args(["--no-pager", "diff", "--no-index"])
+            .arg(a)
+            .arg(b)
+            .status()
+            .map_err(|e| format!("{GIT} diff failed with {e}"))?
+            .success();
+        if !same {
+            Err("The coverage was not deterministic between runs.".to_string())?;
+        }
+        Ok(())
+    };
+    let r0 = run_single('a')?;
+    let r1 = run_single('b')?;
+    check_diff(&r0, &r1)?;
+    println!("✨ The coverage was deterministic across two runs. ✨");
+    Ok(())
+}
+
+fn main() -> ExitCode {
+    match app() {
+        Ok(()) => ExitCode::SUCCESS,
+        Err(err) => {
+            eprintln!("⚠️\n{err}");
+            ExitCode::FAILURE
+        }
+    }
+}

contrib/devtools/gen-bitcoin-conf.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# Copyright (c) 2021 The Bitcoin Core developers
+# Copyright (c) 2021-present The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
@@ -50,7 +50,8 @@ EOF
 # adding newlines is a bit funky to ensure portability for BSD
 # see here for more details: https://stackoverflow.com/a/24575385
 ${BITCOIND} --help \
-    | sed '1,/Print this help message and exit/d' \
+    | sed '1,/Options:/d' \
+    | sed -E '/^[[:space:]]{2}-help/,/^[[:space:]]*$/d' \
     | sed -E 's/^[[:space:]]{2}\-/#/' \
     | sed -E 's/^[[:space:]]{7}/# /' \
     | sed -E '/[=[:space:]]/!s/#.*$/&=1/' \

contrib/devtools/gen-manpages.py

@@ -1,14 +1,16 @@
 #!/usr/bin/env python3
-# Copyright (c) 2022 The Bitcoin Core developers
+# Copyright (c) 2022-present The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 import os
+import re
 import subprocess
 import sys
 import tempfile
 import argparse
 
 BINARIES = [
+'bin/bitcoin',
 'bin/bitcoind',
 'bin/bitcoin-cli',
 'bin/bitcoin-tx',
@@ -58,10 +60,11 @@ for relpath in BINARIES:
             print(f'{abspath} not found or not an executable', file=sys.stderr)
             sys.exit(1)
     # take first line (which must contain version)
-    verstr = r.stdout.splitlines()[0]
-    # last word of line is the actual version e.g. v22.99.0-5c6b3d5b3508
-    verstr = verstr.split()[-1]
-    assert verstr.startswith('v')
+    output = r.stdout.splitlines()[0]
+    # find the version e.g. v30.99.0-ce771726f3e7
+    search = re.search(r"v[0-9]\S+", output)
+    assert search
+    verstr = search.group(0)
     # remaining lines are copyright
     copyright = r.stdout.split('\n')[1:]
     assert copyright[0].startswith('Copyright (C)')

contrib/devtools/headerssync-params.py

@@ -5,20 +5,20 @@
 
 """Script to find the optimal parameters for the headerssync module through simulation."""
 
-from math import log, exp, sqrt
 from datetime import datetime, timedelta
+from math import log, exp, sqrt
 import random
 
 # Parameters:
 
 # Aim for still working fine at some point in the future. [datetime]
-TIME = datetime(2027, 10, 6)
+TIME = datetime(2028, 4, 2)
 
 # Expected block interval. [timedelta]
 BLOCK_INTERVAL = timedelta(seconds=600)
 
 # The number of headers corresponding to the minchainwork parameter. [headers]
-MINCHAINWORK_HEADERS = 886157
+MINCHAINWORK_HEADERS = 912683
 
 # Combined processing bandwidth from all attackers to one victim. [bit/s]
 # 6 Gbit/s is approximately the speed at which a single thread of a Ryzen 5950X CPU thread can hash
@@ -337,15 +337,15 @@ def analyze(when):
     attack_volume = NET_HEADER_SIZE * MINCHAINWORK_HEADERS
     # And report them.
     print()
-    print("Optimal configuration:")
+    print(f"Given current min chainwork headers of {MINCHAINWORK_HEADERS}, the optimal parameters for low")
+    print(f"memory usage on mainchain for release until {TIME:%Y-%m-%d} is:")
     print()
-    print("//! Store one header commitment per HEADER_COMMITMENT_PERIOD blocks.")
-    print(f"constexpr size_t HEADER_COMMITMENT_PERIOD{{{period}}};")
-    print()
-    print("//! Only feed headers to validation once this many headers on top have been")
-    print("//! received and validated against commitments.")
-    print(f"constexpr size_t REDOWNLOAD_BUFFER_SIZE{{{bufsize}}};"
+    print(f"        // Generated by headerssync-params.py on {datetime.today():%Y-%m-%d}.")
+    print( "        m_headers_sync_params = HeadersSyncParams{")
+    print(f"            .commitment_period = {period},")
+    print(f"            .redownload_buffer_size = {bufsize},"
           f" // {bufsize}/{period} = ~{bufsize/period:.1f} commitments")
+    print( "        };")
     print()
     print("Properties:")
     print(f"- Per-peer memory for mainchain sync: {mem_mainchain / 8192:.3f} KiB")

contrib/devtools/iwyu/bitcoin.core.imp

@@ -1,3 +1,20 @@
-# Nothing for now.
 [
+  # Compiler intrinsics.
+  # See: https://github.com/include-what-you-use/include-what-you-use/issues/1764.
+  { "include": [ "<emmintrin.h>", "private", "<immintrin.h>", "public" ] },
+  { "include": [ "<smmintrin.h>", "private", "<immintrin.h>", "public" ] },
+  { "include": [ "<tmmintrin.h>", "private", "<immintrin.h>", "public" ] },
+
+  # libc symbols.
+  { "symbol": ["AT_HWCAP", "private", "<sys/auxv.h>", "public"] },
+  { "symbol": ["AT_HWCAP2", "private", "<sys/auxv.h>", "public"] },
+
+  # Fixed in https://github.com/include-what-you-use/include-what-you-use/pull/1706.
+  { "symbol": ["SEEK_CUR", "private", "<cstdio>", "public"] },
+  { "symbol": ["SEEK_END", "private", "<cstdio>", "public"] },
+  { "symbol": ["SEEK_SET", "private", "<cstdio>", "public"] },
+
+  # IWYU bug.
+  # See: https://github.com/include-what-you-use/include-what-you-use/issues/1863.
+  { "symbol": ["std::vector", "private", "<vector>", "public"] },
 ]

contrib/devtools/test_deterministic_coverage.sh

@@ -1,151 +0,0 @@
-#!/usr/bin/env bash
-#
-# Copyright (c) 2019-2020 The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-#
-# Test for deterministic coverage across unit test runs.
-
-export LC_ALL=C
-
-# Use GCOV_EXECUTABLE="gcov" if compiling with gcc.
-# Use GCOV_EXECUTABLE="llvm-cov gcov" if compiling with clang.
-GCOV_EXECUTABLE="gcov"
-
-# Disable tests known to cause non-deterministic behaviour and document the source or point of non-determinism.
-NON_DETERMINISTIC_TESTS=(
-    "blockfilter_index_tests/blockfilter_index_initial_sync"  # src/checkqueue.h: In CCheckQueue::Loop(): while (queue.empty()) { ... }
-    "coinselector_tests/knapsack_solver_test"                 # coinselector_tests.cpp: if (equal_sets(setCoinsRet, setCoinsRet2))
-    "fs_tests/fsbridge_fstream"                               # deterministic test failure?
-    "miner_tests/CreateNewBlock_validity"                     # validation.cpp: if (signals.CallbacksPending() > 10)
-    "scheduler_tests/manythreads"                             # scheduler.cpp: CScheduler::serviceQueue()
-    "scheduler_tests/singlethreadedscheduler_ordered"         # scheduler.cpp: CScheduler::serviceQueue()
-    "txvalidationcache_tests/checkinputs_test"                # validation.cpp: if (signals.CallbacksPending() > 10)
-    "txvalidationcache_tests/tx_mempool_block_doublespend"    # validation.cpp: if (signals.CallbacksPending() > 10)
-    "txindex_tests/txindex_initial_sync"                      # validation.cpp: if (signals.CallbacksPending() > 10)
-    "txvalidation_tests/tx_mempool_reject_coinbase"           # validation.cpp: if (signals.CallbacksPending() > 10)
-    "validation_block_tests/processnewblock_signals_ordering" # validation.cpp: if (signals.CallbacksPending() > 10)
-    "wallet_tests/coin_mark_dirty_immature_credit"            # validation.cpp: if (signals.CallbacksPending() > 10)
-    "wallet_tests/dummy_input_size_test"                      # validation.cpp: if (signals.CallbacksPending() > 10)
-    "wallet_tests/importmulti_rescan"                         # validation.cpp: if (signals.CallbacksPending() > 10)
-    "wallet_tests/importwallet_rescan"                        # validation.cpp: if (signals.CallbacksPending() > 10)
-    "wallet_tests/ListCoins"                                  # validation.cpp: if (signals.CallbacksPending() > 10)
-    "wallet_tests/scan_for_wallet_transactions"               # validation.cpp: if (signals.CallbacksPending() > 10)
-    "wallet_tests/wallet_disableprivkeys"                     # validation.cpp: if (signals.CallbacksPending() > 10)
-)
-
-TEST_BITCOIN_BINARY="src/test/test_bitcoin"
-
-print_usage() {
-    echo "Usage: $0 [custom test filter (default: all but known non-deterministic tests)] [number of test runs (default: 2)]"
-}
-
-N_TEST_RUNS=2
-BOOST_TEST_RUN_FILTERS=""
-if [[ $# != 0 ]]; then
-    if [[ $1 == "--help" ]]; then
-        print_usage
-        exit
-    fi
-    PARSED_ARGUMENTS=0
-    if [[ $1 =~ [a-z] ]]; then
-        BOOST_TEST_RUN_FILTERS=$1
-        PARSED_ARGUMENTS=$((PARSED_ARGUMENTS + 1))
-        shift
-    fi
-    if [[ $1 =~ ^[0-9]+$ ]]; then
-        N_TEST_RUNS=$1
-        PARSED_ARGUMENTS=$((PARSED_ARGUMENTS + 1))
-        shift
-    fi
-    if [[ ${PARSED_ARGUMENTS} == 0 || $# -gt 2 || ${N_TEST_RUNS} -lt 2 ]]; then
-        print_usage
-        exit
-    fi
-fi
-if [[ ${BOOST_TEST_RUN_FILTERS} == "" ]]; then
-    BOOST_TEST_RUN_FILTERS="$(IFS=":"; echo "!${NON_DETERMINISTIC_TESTS[*]}" | sed 's/:/:!/g')"
-else
-    echo "Using Boost test filter: ${BOOST_TEST_RUN_FILTERS}"
-    echo
-fi
-
-if ! command -v gcov > /dev/null; then
-    echo "Error: gcov not installed. Exiting."
-    exit 1
-fi
-
-if ! command -v gcovr > /dev/null; then
-    echo "Error: gcovr not installed. Exiting."
-    exit 1
-fi
-
-if [[ ! -e ${TEST_BITCOIN_BINARY} ]]; then
-    echo "Error: Executable ${TEST_BITCOIN_BINARY} not found. Run \"cmake -B build -DCMAKE_BUILD_TYPE=Coverage\" and compile."
-    exit 1
-fi
-
-get_file_suffix_count() {
-    find src/ -type f -name "*.$1" | wc -l
-}
-
-if [[ $(get_file_suffix_count gcno) == 0 ]]; then
-    echo "Error: Could not find any *.gcno files. The *.gcno files are generated by the compiler. Run \"cmake -B build -DCMAKE_BUILD_TYPE=Coverage\" and re-compile."
-    exit 1
-fi
-
-get_covr_filename() {
-    echo "gcovr.run-$1.txt"
-}
-
-TEST_RUN_ID=0
-while [[ ${TEST_RUN_ID} -lt ${N_TEST_RUNS} ]]; do
-    TEST_RUN_ID=$((TEST_RUN_ID + 1))
-    echo "[$(date +"%Y-%m-%d %H:%M:%S")] Measuring coverage, run #${TEST_RUN_ID} of ${N_TEST_RUNS}"
-    find src/ -type f -name "*.gcda" -exec rm {} \;
-    if [[ $(get_file_suffix_count gcda) != 0 ]]; then
-        echo "Error: Stale *.gcda files found. Exiting."
-        exit 1
-    fi
-    TEST_OUTPUT_TEMPFILE=$(mktemp)
-    if ! BOOST_TEST_RUN_FILTERS="${BOOST_TEST_RUN_FILTERS}" ${TEST_BITCOIN_BINARY} > "${TEST_OUTPUT_TEMPFILE}" 2>&1; then
-        cat "${TEST_OUTPUT_TEMPFILE}"
-        rm "${TEST_OUTPUT_TEMPFILE}"
-        exit 1
-    fi
-    rm "${TEST_OUTPUT_TEMPFILE}"
-    if [[ $(get_file_suffix_count gcda) == 0 ]]; then
-        echo "Error: Running the test suite did not create any *.gcda files. The gcda files are generated when the instrumented test programs are executed. Run \"cmake -B build -DCMAKE_BUILD_TYPE=Coverage\" and re-compile."
-        exit 1
-    fi
-    GCOVR_TEMPFILE=$(mktemp)
-    if ! gcovr --gcov-executable "${GCOV_EXECUTABLE}" -r src/ > "${GCOVR_TEMPFILE}"; then
-        echo "Error: gcovr failed. Output written to ${GCOVR_TEMPFILE}. Exiting."
-        exit 1
-    fi
-    GCOVR_FILENAME=$(get_covr_filename ${TEST_RUN_ID})
-    mv "${GCOVR_TEMPFILE}" "${GCOVR_FILENAME}"
-    if grep -E "^TOTAL *0 *0 " "${GCOVR_FILENAME}"; then
-        echo "Error: Spurious gcovr output. Make sure the correct GCOV_EXECUTABLE variable is set in $0 (\"gcov\" for gcc, \"llvm-cov gcov\" for clang)."
-        exit 1
-    fi
-    if [[ ${TEST_RUN_ID} != 1 ]]; then
-        COVERAGE_DIFF=$(diff -u "$(get_covr_filename 1)" "${GCOVR_FILENAME}")
-        if [[ ${COVERAGE_DIFF} != "" ]]; then
-            echo
-            echo "The line coverage is non-deterministic between runs. Exiting."
-            echo
-            echo "The test suite must be deterministic in the sense that the set of lines executed at least"
-            echo "once must be identical between runs. This is a necessary condition for meaningful"
-            echo "coverage measuring."
-            echo
-            echo "${COVERAGE_DIFF}"
-            exit 1
-        fi
-        rm "${GCOVR_FILENAME}"
-    fi
-done
-
-echo
-echo "Coverage test passed: Deterministic coverage across ${N_TEST_RUNS} runs."
-exit

contrib/devtools/utils.py

@@ -1,21 +0,0 @@
-#!/usr/bin/env python3
-# Copyright (c) 2021 The Bitcoin Core developers
-# Distributed under the MIT software license, see the accompanying
-# file COPYING or http://www.opensource.org/licenses/mit-license.php.
-'''
-Common utility functions
-'''
-import shutil
-import sys
-import os
-
-
-def determine_wellknown_cmd(envvar, progname) -> list[str]:
-    maybe_env = os.getenv(envvar)
-    maybe_which = shutil.which(progname)
-    if maybe_env:
-        return maybe_env.split(' ')  # Well-known vars are often meant to be word-split
-    elif maybe_which:
-        return [ maybe_which ]
-    else:
-        sys.exit(f"{progname} not found")

contrib/filter-lcov.py

@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-# Copyright (c) 2017-2020 The Bitcoin Core developers
+# Copyright (c) 2017-present The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
@@ -16,8 +16,8 @@ pattern = args.pattern
 outfile = args.outfile
 
 in_remove = False
-with open(tracefile, 'r', encoding="utf8") as f:
-    with open(outfile, 'w', encoding="utf8") as wf:
+with open(tracefile, 'r') as f:
+    with open(outfile, 'w') as wf:
         for line in f:
             for p in pattern:
                 if line.startswith("SF:") and p in line: